Secure Catapult

Saturday, June 23, 2007 2:44:23 PM UTC
by Jason Pittman
I think of it as catapulting data...and it is a push technique. In this type of scenario, I hesitate to install any type of server on the Windows computer since a) I know it already exists on the Unix side most likely and b) I do not typically like to increase management overhead and adding any such server to the Windows computer will most likely do so.
Read more ...
Posted in  |Comments     

The Security that Fails

Thursday, June 21, 2007 2:30:26 PM UTC
by Jason Pittman
The one question I continually come back to in my thinking is, "why does security fail?" Sure, there are a multitude of foes where blame could be (and, in some cases, should be) placed. Some are real, some are fantasy: faulty technology, faulty policies and procedures, faulty awareness. Superior adversaries. But, for me, such arguments are straw man fallacies. Colloquially, they are just trimming branches. Let's hack at the roots, shall we?
Read more ...
Posted in  |Comments     

Process Monitor

Sunday, June 17, 2007 6:15:45 AM UTC
by Ray Zadjmool
One of the best tools for doing a system examination is ProcMon (Formerly filemon) by Sysinternals (now owned by Microsoft.) If you havent used it befor then you dont know what you are missing.
Read more ...
Posted in  |Comments     

Strings for You and Me

Friday, June 15, 2007 2:55:06 PM UTC
by Jason Pittman
Ever get to an authentication challenge in a client application and have that feeling of being rooted? I know I have on several occasions. Here is an example of how I might try to bypass the authentication challenge.
Read more ...
Posted in  |Comments