Links Page
New registry entry for controlling the TCP Acknowledgment (ACK) behavior in Windows XP and in Windows Server 2003
http://support.microsoft.com/kb/328890
AQADMCLI
delmsg flags=SENDER,sender=postmaster@domain.com
http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html
Cisco VPN PCF Decoder
Open the PCF file in notepad, grab the text after enc_GroupPwd= and go to the following website:
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
Copy and paste the encrypted code into that and VOILA! Clear text password is generated.
Real Estate valuation websites.
Realestateabc.com
Domania.com
Zillow.com
reviews of 15 security podcasts at
http://www.owasp.org/index.php/Reviews_of_security_podcasts
List of security Podcasts List of security Podcasts
http://realtime-voip.typepad.com/voipcommunity/2006/09/it_security_pod.html
I would say that off the top of my head a list of 10 very popular [keyword *remote], non database related vulns would be:
1: 1. Cross-site scripting
2: 2. Remote File Includes
3: 3. HTML and script code injection
4: 4. Directory traversals
5: 5. Authentication bypass
6: 6. Remote command/code execution
7: 7. DoS - usually via memory corruption (failed overflows against differing SPs or hotfixes), resource exhaustion, sometimes a cool race condition or something.
8: 8. Buffer overflows (heap/stack/format string)
9: 9. Privilege escalation
10: 10. Information disclosures (arbitrary read and sometimes write vulns [different class]. Often coupled with dir traversal
11: Besides OWASP Top Ten there is also WASC (Web Application SecurityConsortium) threat classification:http://www.webappsec.org/projects/threat/
I was interviewed here about the Kindle
http://news.medill.northwestern.edu/chicago/news.aspx?id=92537