Expert analysis
Apache Chunk Handling Roundup
Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial …
Roundup on BIND Denial of Service
Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a …
Understanding the Email-Borne Threat
In the past few years, email has become the predominant purveyor of viruses. This rapid communications technology outpaces the signature-based scanner updates, allowing …
Virus Protection: All Roads Lead To A Multi-Modal, Modular Approach
The purpose of this paper is to explain why we have concluded that the future of virus protection lies with architecture, rather than product, and why a multi-modal, modular …
Corporate Security Overview: 04-11 June 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Usability and privacy: a study of Kazaa P2P file-sharing
P2P file sharing systems are rapidly becoming one of the most popular applications on the internet, with millions of users online exchanging files daily. While primarily …
An Introduction to Snort
This is a presentation at the Houston ISSA Meeting in April by Ricard Bejtlich, a senior forensic consultant for Foundstone. Download the presentation in PPT format here.
Security Advisories Week: 30 May – 6 June 2002
Title: Imap server buffer overflow Date: May 30 2002 Vendor: Mandrake Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.1, 8.2, Corporate Server 1.0.1 Full advisory: Problem …
Reduce Your Virus Exposure with an Active Virus Protection System
This article describes today’s virus environment, why you need to reevaluate your current anti-virus strategy, and how your business can deploy SonicWALL’s active …
Corporate Security Overview: 28 May – 4 June 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Backdoored dsniff, fragroute and fragrouter
In a recent hack of irssi server, attacker modified the configure script which gave him shell access to any system that installed the backdoored irssi program. The same thing …
Keeping Secrets in Hardware: the Microsoft XBox Case Study
This paper discusses the hardware foundations of the cryptosystem employed by the Xbox video game console from Microsoft. A secret boot block overlay is buried within a system …