Security

It's only a webgame. What's interesting to me is how Britain's popular consciousness reflects on its present day government's totalitarian tendencies. If the media is a window on society, clearly people do acknowledge how things might be if they continue to choose security over freedom.

The news and TV have ended up taking serious threats to society and exaggerating and distorting them. In the process, we have become paranoid.

“The key to freedom is to be able to have the ability to defend yourself and if you don't have the tools to do that, then you're going to be at the mercy of whomever wants to put you away”

A lecture by Neil Daswani, a Google security engineer and author of “Foundations of Security: What Every Programmer Needs to Know“

Bruce Schneier answers questions at DEFCON 15.








There are 200 more videos on Peteris Krumins’ blog.

Bruce Schneier on security theatre, movie plot threats and security trade-offs.

Facebook is great. You can find out what your friends are up to, hook-up with long-lost university chums; I've even hired someone through it.

"About SQL Injection Cheat Sheet
Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences. "

A primer for lsof ("list open files"):

lsof: The Most Powerful Unix/Linux Command That Nobody Ever Uses

Also includes primers for:

• Tcpdump

A useful article about packet sniffing on Mac OS X from the AppleTalk Australia forum. I've reproduced it here in case it is ever deleted from the original site.

The original article is at: Network Administration and Packet Sniffing, by Nevets_Anderson.

Insecure.Org's top 100 Network Security Tools at sectools.org.

Overview of steps:

• Don’t panic. Keep your calm and develop a plan of actions
• Disconnect the system from the network
• Discover the method used to compromise the system
• Stop all the attacker scripts and remove his files
• Restore not affected services
• Fix the problem that caused the compromise
• Restore the affected services
• Monitor the system

Full article: How to restore a hacked Linux server

Marcus Ranum's short review of TrueCrypt hard disk encryption.

Full article: A Nice Surprise

TrueCrypt: Free open-source disk encryption software for Windows XP/2000/2003 and Linux

"This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc."

Full article: Secure Your Apache With mod_security

"A handy cheatsheet which points out web application vulnerabilities that should be checked during a penetration test assignment."

http://www.secguru.com/web_application_cheatsheet_version_2