InfSec - Information Security Blog
Information Security Blog and personal stuff

Declassified NSA documents have revealed some historical information about TEMPEST. I love these little stories, read it here

At least that is the intention of some chinese dudes and this probably is a form of ‘ethical hacking’ for some people.

Organized (DDOS) attacks for a good cause seems to be a new trend but I doubt if it’s going to make a change.

Secunia Research has discovered a vulnerability in ClamAV, which can be exploited by malicious people to compromise a vulnerable system.

In my humble opinion, security bugs in security tools always seem a bit like a bad joke but the given solution cracked me up when reading it :Do not scan untrusted PE files.

Hmmm, aren’t viruskillers created to just do that

In the company I work for we have some policy that states that the local area network is trusted. For some reason some people seem to like to interpret this as the local area network is secure. Not wanting to understand the difference between trusted (all parties connecting to the local network are trusted by our company) and secure (communication channels used on the local network don’t need any additional protection measures).

For me this just points out two things:
1. People are stupid (or at least like to act that way if it fits their agenda).
2. (Security) Policies should be chrystal clear including definitions of terms that might be interpreted different by people in certain situations.

Microsoft Released a Beta of their Integrated Security System Forefront codename “Stirling”. Downloaded the Beta version to give it a test spin.

Will write down some first impressions soon.

Microsoft Forefront Security Administration Guide

Jesse Varsalone. Syngress 2008, Paperback, 800 pages, $59.95

There’s always something like a first step, or in this case, a first post.

This is it and this is all, for now.