Cisco Systems is reporting that there have been several security flaws found in their CallManager VoIP system, the most serious being with their Aupair.exe component. The flaws, which cause vulnerabilities in CallManager in its default settings, can allow someone to eavesdrop on calls, and even reroute VoIP calls to another destination (nasty!)â?¦
Blog
-
XP flaw allows for DoS attacks
Problems in the Remote Desktop Service could allow attackers to knock machines running Windows XP Service Pack 2 offline
-
$242 Million Nigerian Spammer Lawsuit
Nigeria jails a woman in the country's biggest e-mail scam case in history.
-
Flash Video Showing Microsoft IIS Being Hacked
An interesting flash video supposedly showing in real-time how someone used an exploit to break into an IIS server and obtain administrator functions. Scary stuff.
-
Hacking Tutorial Videos
Most of the tutorials describing how to use the Auditor Security Collection CD-ROM for a specific purpose. We put in here some tutorials provided by users.
-
Google Hacking Explained
What is Google hacking? How is Google used by hackers as a tool? Read this article for more information.
Johny Long, author of the official Google Hacking book will be at the Las Vegas, NV Defcon 13 Convention signing books.
-
Secure RSS Syndication
Solution for making your own private RSS Syndication using bloglines, encryption and Greasemonkey.
The way you'd use this is to make an RSS feed that you can access from anywhere. Then encrypt it and use a Firefox script on Greasmonkey to decrypt it (at least thats the way I understand it). The cool thing about it is that you could throw it right on pages with all relevent information across the web. As soon as you updated it, it would reflect in your aggreggator.
I could see this being used for my many network passwords, but not my accounts. I'm a little to paranoid for that.
-
Whax How to (formerly known as whoppix)
The WHAX Live CD OS (formerly known as WHOPPIX) has a useful knowledgebase of growing information on how to use its very modular features.
I notice a few people coming to my blog to find tutorials on WHAX/Whoppix, but where you really want to go is here:
http://iwhax.net/modules/xoopsfaq/
If there is something you want to know just ask the WHAX gurus on their interactive site. The Whoppix webpage looked nice but the creators of this incredible tool made a briliant move in this new interactive, blog howto structure.
If you Whax guys read this, I suggest getting some trackbacks.
-
Jail for Nigerian Scammers
Amaka Anajemba admitted helping her late husband to persuade an
employee of a Brazilian bank to transfer millions of dollars into
overseas accounts.Why are there so many Nigerian scammers?
-
Security+ vs. CISSP Part 1
I took the Security+ certification test. I didn't read any books but I did read a lot of test questions, went to a seminar sponsored by my local ISSA chapter and I've got a few years experience in all the Security+ domains. After studying hard for a few weeks, I don't think that the test was that hard. If I had not been prepared then I can see how it might have been difficult as there are some pretty specific questions on things I did four years ago.
The Security+ is NOTHING compared to the CISSP. I've yet to take the actual CISSP cert test, but as I've been studying it is VERY clear that these tests are from different planets. It is like comparing the Comptia N+ to cisco's CCNP or CCIE… o.k. maybe not CCIE, but CCNP for sure.
I've been studying to take the CISSP on and off for about a year due to a fairly full plate. I plan on taking the test in the next few months so I've started reading up on some practice questions. My orginal plan was to get a Security+ cert so that I could prepare for the CISSP. As I've been reading the practice questions on CISSP I'm finding that the Security+ is simply not robust enough to even come close to helping me study for the CISSP.
Once I take the actual CISSP I'll be able to make a better assessment, though.
One of the most helpful items I found on was a Security+ cheat sheet. It is a very concentrated view of all five security+ domains and makes for a great study reference.