Wednesday, July 21, 2010
Tuesday, December 25, 2007
Sunday, December 23, 2007
How skype punches holes in firewalls
http://it.slashdot.org/article.pl?sid=06/12/15/191205
An anonymous reader writes "Ever wondered, how P2P software like Skype directly exchanges data — despite the fact, that both machines are sitting behind a firewall that only permits outgoing traffic? Read about the hole punching techniques, that make a firewall admin's nightmares come true."
An anonymous reader writes "Ever wondered, how P2P software like Skype directly exchanges data — despite the fact, that both machines are sitting behind a firewall that only permits outgoing traffic? Read about the hole punching techniques, that make a firewall admin's nightmares come true."
Malware - discussion
http://it.slashdot.org/article.pl?sid=06/12/12/1444251
Not what I care about (Score:4, Insightful)
by brunes69 (86786) <slashdot@keir[ ]ad.org ['ste' in gap]> on Tuesday December 12 2006, @11:17AM (#17209182) Homepage
Leak tests imitate common methods used by trojans or spyware to send your information from your computer.
This is the least important piece of security I care about on my PC.
If there is a trojan already running on my PC, then I have already lost the war. It is irrelevant if it can communicate directly with an outside server or not. It could send data in a PLETHORA of undetectable ways aside from this (could send stealth emails from my default email program, could post data stealthily in a hidden frame it sets as my browser start page, etc etc).
The goal is to not get the spyware and virii on your PC in the first place. Once it's there, you're already screwed.
--Zip zop!
Not what I care about (Score:4, Insightful)
by brunes69 (86786) <slashdot@keir[ ]ad.org ['ste' in gap]> on Tuesday December 12 2006, @11:17AM (#17209182) Homepage
Leak tests imitate common methods used by trojans or spyware to send your information from your computer.
This is the least important piece of security I care about on my PC.
If there is a trojan already running on my PC, then I have already lost the war. It is irrelevant if it can communicate directly with an outside server or not. It could send data in a PLETHORA of undetectable ways aside from this (could send stealth emails from my default email program, could post data stealthily in a hidden frame it sets as my browser start page, etc etc).
The goal is to not get the spyware and virii on your PC in the first place. Once it's there, you're already screwed.
--Zip zop!
Leak test of 21 personal firewalls
http://it.slashdot.org/article.pl?sid=06/12/12/1444251
mork writes "Matousec.com, as part of a larger analysis of personal firewalls on Windows, has conducted a thorough leak test of 21 pieces of firewall software. Leak tests imitate common methods used by trojans or spyware to send your information from your computer. Windows Firewall XP SP2 fails every test, so the fears that the days of third party firewall software was over seem groundless. Surprisingly the two top programs are both freeware." From the article: "Some firewalls totally failed tests made against their default settings but their results on the highest security settings were much better. Kaspersky Internet Security 6.0.0.303 is the product with the biggest difference between the default settings score and the highest security settings score. Another such product is Safety.Net. Some products like BitDefender, F-Secure, McAfee, Panda, etc. include antivirus engines. The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware."
mork writes "Matousec.com, as part of a larger analysis of personal firewalls on Windows, has conducted a thorough leak test of 21 pieces of firewall software. Leak tests imitate common methods used by trojans or spyware to send your information from your computer. Windows Firewall XP SP2 fails every test, so the fears that the days of third party firewall software was over seem groundless. Surprisingly the two top programs are both freeware." From the article: "Some firewalls totally failed tests made against their default settings but their results on the highest security settings were much better. Kaspersky Internet Security 6.0.0.303 is the product with the biggest difference between the default settings score and the highest security settings score. Another such product is Safety.Net. Some products like BitDefender, F-Secure, McAfee, Panda, etc. include antivirus engines. The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware."
Slashdot: Personal Firewalls Mostly Useless, Says Mail & Guardian
Discussion
hweimer writes "More and more security researchs come to the conclusion that personal firewalls are ineffective in controlling outbound traffic. An article in the Mail & Guardian online mentions a test that 'showed that the software often causes more problems than it solves. Not one of the six firewall programs the magazine tested, regardless of whether commercial or freeware, could prevent all attempts from the test programs at establishing outgoing connections between the PC and the internet.' Simple PoCs are available, too."
hweimer writes "More and more security researchs come to the conclusion that personal firewalls are ineffective in controlling outbound traffic. An article in the Mail & Guardian online mentions a test that 'showed that the software often causes more problems than it solves. Not one of the six firewall programs the magazine tested, regardless of whether commercial or freeware, could prevent all attempts from the test programs at establishing outgoing connections between the PC and the internet.' Simple PoCs are available, too."
End-to-End Network security
End to end network security - Book review
Ben Rothke writes "One of the mistakes many organizations make when it comes to information security is thinking that the firewall will do it all. Management often replies incredulously to a hacking incident with the thought "but don't we have a firewall". Organizations need to realize a single appliance alone won't protect their enterprise, irrespective of what the makers of such appliances suggest and promise. A true strategy of security defense in depth is required to ensure a comprehensive level of security is implemented. Defense in depth uses multiple computer security technologies to keep organizations risks in check. One example of defense in depth is having an anti-virus and anti-spyware solution both at the user's desktop, and also at the gateway."
Ben Rothke writes "One of the mistakes many organizations make when it comes to information security is thinking that the firewall will do it all. Management often replies incredulously to a hacking incident with the thought "but don't we have a firewall". Organizations need to realize a single appliance alone won't protect their enterprise, irrespective of what the makers of such appliances suggest and promise. A true strategy of security defense in depth is required to ensure a comprehensive level of security is implemented. Defense in depth uses multiple computer security technologies to keep organizations risks in check. One example of defense in depth is having an anti-virus and anti-spyware solution both at the user's desktop, and also at the gateway."
Slashdot - Proxy servers
Link to discussion
Ethics of Proxy Servers?
Posted by Cliff on Saturday February 17 2007, @07:20AMfrom the a-double-edged-sword dept.
Mav asks: "I was recently asked to host a website for free in return for a lot of advertising. After querying them about how they knew the site would produce traffic they stated the site was going to be running PHPProxy (an open source web proxy). The traffic was a result of him and his contacts (nearly one thousand of them) using the site to bypass his school's firewall in order to view their MySpace pages and get access to their MSN messengers. Given all the attention social networking sites have recently received and the various laws attempting to block or control access to them I feel guilty and unsure making this available. Are there legal implications that I need to worry about? Could I be held liable if one of the students got in trouble? Most importantly, what's the moral thing to do?"
Ethics of Proxy Servers?
Posted by Cliff on Saturday February 17 2007, @07:20AMfrom the a-double-edged-sword dept.
Mav asks: "I was recently asked to host a website for free in return for a lot of advertising. After querying them about how they knew the site would produce traffic they stated the site was going to be running PHPProxy (an open source web proxy). The traffic was a result of him and his contacts (nearly one thousand of them) using the site to bypass his school's firewall in order to view their MySpace pages and get access to their MSN messengers. Given all the attention social networking sites have recently received and the various laws attempting to block or control access to them I feel guilty and unsure making this available. Are there legal implications that I need to worry about? Could I be held liable if one of the students got in trouble? Most importantly, what's the moral thing to do?"
Wednesday, December 5, 2007
Trapping light and saving it for later
A cool story about light on NPR called: Trapping light and saving it for later
http://www.npr.org/templates/story/story.php?storyId=7314502
http://www.npr.org/templates/story/story.php?storyId=7314502
Monday, December 3, 2007
Digg filter interview (link)
This was a pretty cool interview about digg filter.
http://www.readwriteweb.com/archives/digg_filter_recommendation_engine_digg.php
http://www.readwriteweb.com/archives/digg_filter_recommendation_engine_digg.php
War....
... is the continuation of politics.
That was from a post from slashdot. I write these down when I feel someone hits on something very clear and precise. One of my good habits :)
That was from a post from slashdot. I write these down when I feel someone hits on something very clear and precise. One of my good habits :)
Discovery Institute fellow expelled for plagiarism
The copied "The journey of the cell" made by harvard without showing copyright and credit information when they used the video.
Link
Link
Hello... this is my Odds and ends :)
This will be the blog of all the crap on the web that I find that's interesting... you've been warned.... lol. :)
Subscribe to:
Comments (Atom)