Steve Lamb's Blog

Security Matters

November, 2004

  • How to get around CISCO's Security Agent!

    Steve Riley's Blog includes the following post which just shows that even brand new security software can be circumvented. "A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA . The system under...
  • Securing Wireless LANs with PEAP and Passwords

    There's a wealth of excellent prescriptive Guidance from Microsoft Consultants which is available for free download at http://www.microsoft.com/technet/security/guidance The wireless guide explains how to secure both large scale Enterprise networks and...
  • Apparently Keystroke Logging Isn't Wiretapping

    Another interesting article on Slashdot. http://slashdot.org/article.pl?sid=04/11/23/0311227&from=rss
  • Protecting Your Windows Network - paths hackers can use to infiltrate networks

    Steve Riley @ Jesper Johansson are writing a book titled "Proecting Your Windows Network" - an interesting except can be found I found here
  • Why isn't the Firefox code signed?

    I'm having a look @ Firefox and have noticed that the code is not signed and therefore it's theoretically possible for a trojan to have been inserted in it.
  • Poetic Justic - the Register advocates XP SP2

    http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ I'm not saying that it's good that anyone's been hacked, simply that publicity to get people to install XP SP2 is a good thing.
  • Blog SPAM

    William Luu's feedback to my last post makes a great deal of sense - "They're just trying to boost their websites' Google Rank. It could very well be one of those bots/scripts doing the rounds" I've looked more closely at the site and can confirm that...
  • Blog Spam / Phishing / Harvesting

    Many Blogs are receiving feedback with links to the following URL - DO NOT FOLLOW THIS LINK(that's why I've left off the http:// prefix) "cool12xp.s20.xrea.com". Typical entries have the title of "Great article" with text along the following lines: "Great...
  • Hacking Vodka!

    I came across the following post on slashdot Hacking Vodka Posted by michael on Saturday November 20, @12:06AM from the everclear dept. enrico_suave writes "A group of geeks aimed to find out whether running cheap vodka through a brita water filter would...
  • Don't rely upon 802.1X to secure your wired networks!

    Steve Riley gave a fasinating session @ IT Forum where he commented that 802.1X for wired networks would not solve as many security problems as people perceive. 802.1X does NOT authenticate each packet (unlike IPSEC ESP-null) and hence WITH PHYSICAL ACCESS...
  • What are the privacy implications of Moblogs?

    It's only a matter of time before Moblogs hit the mainstream. Clearly this is something the mobile operators will encourage and so many people have camera phones & love sharing pictures. Moblogs are likely to be seen as requiring less effort than...
  • How to contain hackers and stop worms viruses and spam

    It's great to be back in Copenhagen for ITForum 2004. I'm really looking forward to Steve Riley and Jesper Johansson's pre-conference session tommorrow covering how to deal with the practical challenges of stopping malicious users from stealing your corporate...
  • Disclaimer

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion. Inappropriate comments will be deleted...
  • How to encourage users to take security seriously

    Such a huge topic. In my experience getting users to buy into their role in security is imperitive and it's also pretty difficult. We've all seen examples of machines that are left unlocked in open offices. We've seen corporate IT departments that have...
  • I thoroughly enjoyed debating whether privacy's dead at the IEE Law and Security event

    Details of the event can be found here . The panel session debated whether privacy's dead given the ever greater power afforded to government and law enforcement to inspect electronic communications. Clearly this is a contentious topic and there is a...