Internet Security Annoyances -- Spyware, Trojans, worms, viruses, phishing, and now pharming are all security issues that can lead to a disenchanting internet experience. In this excerpt, Preston Gralla helps you prevent these kinds of security breaches with tips on configuring your home router for maximum security, constructing your own personal firewall, and more. Preston is the author of Internet Annoyances.
Microsoft Receives $7M in Spam
Settlement -- Noted as a significant victory in
the fight against spam, Microsoft was awarded 7 million dollars in
settlement from Scott Richter, one of the world's most prolific
spammers. Richter, as well as a host of other spammers, are covered in
Brian McWilliams' comprehensive investigation of the world of spam, Spam
Kings.
Is This Security Alert Really from
Microsoft? -- An excellent way to get information
about Windows updates is via email with Microsoft Technical Security
Notification Services. But how can you tell if a security bulletin in
your inbox is really from Microsoft and not from someone with malicious
intent? Mitch Tulloch points you in the right direction with these
important tips. Mitch is the author of Windows Server
Hacks.
Safe from the Spam Flood? --
Rumored to be capable of deluging your inbox with spam, ProxyLock, a
new feature in a popular spamware program, appears to have a fatal
flaw. Researchers have discovered that the dreaded ProxyLock feature
lacks a smart way to find the SMTP server affiliated with a spam proxy.
As a result, it presents no big threat to existing blacklist systems.
Brian McWilliams, author of Spam
Kings, explains why.
Network Security Tools: Writing Network Sniffers --
An important function of many security tools is to capture network
traffic and then either reassemble it or extract information from the
packets flowing across the network. Chapter 10 of Network Security
Tools provides a quick and practical introduction to packet capture
using the commonly available libpcap library on wired and
wireless networks. If you like this chapter, read the whole book (and
up to nine others) on Safari with a free trial subscription.
Opting in to Privacy Problems --
Brian McWilliams looks at yet another way internet users may be putting
their privacy at risk. With list brokers now cutting deals with
e-commerce sites and internet marketing firms for data that includes
home addresses, phone numbers, and corresponding IP addresses, you may
be opting in for more than you bargained for when you shop online.
Brian is the author of Spam Kings.
Sources of Network Vulnerability Information -- To
maintain security, it's vital to be aware of the latest threats posed
to your network and its components. You should regularly check the
latest public information about vulnerabilities and exploit scripts.
Here are some lists of web sites and mailing lists that security
consultants and hackers use on a daily basis, from Appendix B of
Network Security Assessment. If you like this chapter, read the
whole book (and up to nine others) on Safari with a free trial subscription.
Anatomy of an Attack: The Five
Ps -- The five Ps--Probe, Penetrate, Persist,
Propagate, and Paralyze--represent a model of how a security attack
progresses. In this excerpt, Kerry Cox and Christopher Gerg discuss an
attack's progression through these five steps, whether the attack is
sourced from a person or an automated worm or script. Kerry and
Christopher are the authors of Managing Security
with Snort & IDS Tools.
Hijacked by Spammers -- If
you're thinking spammers couldn't hijack your internet account and use
it to send junk email, think again. Brian McWilliams writes about how
one spammer did just that when he cracked BellSouth's ISP and hijacked
dozens of user accounts. Brian is the author of Spam Kings.
Fear and Loathing in Information Security
-- "Society has always treated innovators and whistle
blowers with ambivalence," writes author Michael D. Bauer in reference
to hackers. In this article, Michael defines and analyzes hacking. He
then discusses why information security professionals demonize hackers
and why that tendency is both irrational and counterproductive. Michael
is the author of Linux
Server Security, 2nd Edition.
DHCP and DNS Security
--
In this excerpt, Mike Danseglio explores the core network services of
DHCP and DNS. These services are essential to most IP networks today in
that they respectively provide automatic addressing and name
resolution. However, their security considerations and safe operations
are often neglected. Mike shows you how these services work, how
they're vulnerable to attack, and how to protect them against attacks
when possible. Mike is the author of Securing
Windows Server 2003.
Brian McWilliams on Future Tense --
In a recent broadcast of Public Radio's "Future Tense," Jon Gordon
spoke with investigative reporter and book author Brian McWilliams.
Spammers do their best to stay in the shadows, but Brian exposes many
of them in his new book, Spam Kings.
Remove Me! Do those unsubscribe links actually work, or are they just another spammer scam? In this Salon.com article, Brian McWilliams goes undercover in the world of fake Rolexes to find the answer. Brian is the author of Spam Kings.
Wireless Security and the Open1X Project
-- Open1X is an open source project focusing on network
security. The wireless adoption of this technology is referred to as
802.1X. Matthew Gast went to the University of Utah to talk about it
with Chris Hessing and Terry Simmons, who are intent on bringing
standards-based wireless security to Linux, Mac OS X, and Windows
clients. Matthew is the author of 802.11 Wireless
Networks: The Definitive Guide.
