Point-and-Click Phishing --
Brian McWilliams examines a recent phishing attack and talks to the
hacker, an eighteen-year-old software whiz, who wrote the powerful
spamware program that made it possible. Brian is the author of
O'Reilly's upcoming Spam Kings.
Google Your Site for Security
Vulnerabilities -- The fact that Google indexes
pages you might never have known were public is both good and bad. It's
good when you're searching for specialized or esoteric information.
It's bad when Google indexes potential security vulnerabilities on your
site. Nitesh Dhanjani demonstrates how to use the Google API to help
identify your inadvertently shared secrets.
O'Reilly
Learning Lab: $200 Instant Rebate -- Learning
programming languages and development techniques has never been easier.
Using your web browser and Useractive's Learning Sandbox technology,
the Learning Lab gives you hands-on, online training in a Unix
environment. This month, receive a $200 instant rebate (and a
Certificate from the University of Illinois upon course completion)
when you enroll in any Certificate Series.
SPF Not Poisonous to Phish -- The statistics on "phishing," email scams that trick victims into divulging account numbers and other sensitive information, are grim. With these forgery scams on the rise, why aren't banks rushing to support Sender Policy Framework (SPF)? Brian McWilliams investigates. He's the author of O'Reilly's upcoming Spam Kings.
Wireless Security and the Open1X Project
-- Open1X is an open source project focusing on network
security. The wireless adoption of this technology is referred to as
802.1X. Matthew Gast went to the University of Utah to talk about it
with Chris Hessing and Terry Simmons, who are intent on bringing
standards-based wireless security to Linux, Mac OS X, and Windows
clients. Matthew is the author of 802.11 Wireless
Networks: The Definitive Guide.
VPNs and Public Key Infrastructure -- Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution, but how do they keep your data safe? Scott Brumbaugh explains the basics of Public Key Infrastructure, the cryptographic basis for secure VPNs. For 100 ways to make your network secure, see Network Security Hacks.
Open Source Security: Still a Myth -- Open source may have many benefits over closed systems, but don't count security among them--yet. This article by John Viega looks at why open source software may currently be less secure than its commercial counterparts. John is a coauthor of Secure Programming Cookbook for C and C++.
Behind the Scenes at The Mezonic Agenda: An Electronic Voting Primer -- Although electronic voting and touch-screen systems have been in use since the 1970s, the recent controversy that has surrounded the design and implementation of Direct Recording Electronic (DRE) systems, as well as the companies that make them, has brought the risks of electronic voting under spotlight. This article by Spyros Nomikos offers a snapshot of where we are and how we got here. Spyros is a coauthor of The Mezonic Agenda: Hacking the Presidency.
Stealing the Network: A Prequel -- Ryan Russell has written this tale of a '70s-era security hack, set at a tech company on the East Coast. What real-world company he used as a backdrop is up to you to guess. This short bit of fiction provides a real sense of the concept behind the book he's coauthored, Stealing the Network: How
to Own a Continent (from Syngress).
Book Review: Security Warrior -- In this UnixReview.com book review, Peter H. Salus writes, "Peikari and Chuvakin have written a valuable book that will soon find its way onto the shelf of everyone involved in network and machine security." Learn the mind of your attacker and defend yourself with Security Warrior.
What's New in SpamAssassin 3.0 -- Based on his testing of beta versions of the upcoming SpamAssassin 3.0 release, Alan Schwartz presents an overview of some of SA 3's newest, coolest features. Find out why he thinks mail administrators should strongly consider upgrading to SA 3 when it releases. Alan is the author of SpamAssassin.
Top Ten Ethereal Tips and Tricks -- Ethereal rivals commercial sniffers with its abundance of features and hundreds of protocol dissectors. And best of all, it's free. Here's a top ten list of Ethereal tips and tricks from Angela D. Orebaugh, a coauthor of Syngress' Ethereal Packet Sniffing.
Java and Security, Part 2 -- This book excerpt takes a close look at WebLogic's various security providers and their default implementations. It shows you how to
authenticate using JAAS, and how to create custom Authentication and
Identity Assertion Providers. Get a 360-degree view of the world of WebLogic from WebLogic: The Definitive Guide.
Your O'Reilly Account: New, Single Sign On -- O'Reilly customers and guests now have a single address and one password to access all things O'Reilly, from oreilly.com and Safari Bookshelf to all of the O'Reilly Network sites and DevCenters. When possible, we've consolidated your prior, separate accounts into one new account. Logging into the new system is quick and easy; details on how to do it have been emailed to you, and you can read more about O'Reilly's single sign on in Tony Stubblebine's weblog.
Using Penetration Testing to Identify
Management Issues -- Bob Ayers discusses the most
common systems-management process failures that produce vulnerabilities
detected by penetration testing, in this modified foreword from Chris
McNab's Network
Security Assessment.