Links Page


New registry entry for controlling the TCP Acknowledgment (ACK) behavior in Windows XP and in Windows Server 2003

http://support.microsoft.com/kb/328890

AQADMCLI

delmsg flags=SENDER,sender=postmaster@domain.com

http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html

Cisco VPN PCF Decoder

Open the PCF file in notepad, grab the text after enc_GroupPwd= and go to the following website:
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
Copy and paste the encrypted code into that and VOILA! Clear text password is generated.

Real Estate valuation websites.

Realestateabc.com
Domania.com
Zillow.com

reviews of 15 security podcasts at
http://www.owasp.org/index.php/Reviews_of_security_podcasts

List of security Podcasts List of security Podcasts
http://realtime-voip.typepad.com/voipcommunity/2006/09/it_security_pod.html
I would say that off the top of my head a list of 10 very popular [keyword *remote], non database related vulns would be:

   1: 1. Cross-site scripting
   2: 2. Remote File Includes
   3: 3. HTML and script code injection
   4: 4. Directory traversals
   5: 5. Authentication bypass
   6: 6. Remote command/code execution
   7: 7. DoS - usually via memory corruption (failed overflows against differing SPs or hotfixes), resource exhaustion, sometimes a cool race condition or something.
   8: 8. Buffer overflows (heap/stack/format string)
   9: 9. Privilege escalation
  10: 10. Information disclosures (arbitrary read and sometimes write vulns [different class]. Often coupled with dir traversal
  11: Besides OWASP Top Ten there is also WASC (Web Application SecurityConsortium) threat classification:http://www.webappsec.org/projects/threat/

I was interviewed here about the Kindle

http://news.medill.northwestern.edu/chicago/news.aspx?id=92537