%41%43%45%20%54%65%61%6d : links

Weekend Security Reading Round up Links - 10/20/07

techjunkie — Sat, 20 Oct 2007 11:40:00 GMT

A pretty interesting concept: hack together a platform for connecting the innards of over one hundred different types of cell phones and then connect them to servers allowing virtual access for testing purposes over the Internet.

Nigerian Space Program Isn't a 419 Scam

No, really.

Eric Traut talks (and demos) Windows 7 and MinWin

What do you guys think of the ASCII Windows Logo? Stay tuned for more... ASCII goodness!

Comcast Blocks Some Internet Traffic

The interesting thing is how they're doing it, and to what. Its not to all torrent traffic, they just don't want you to initially seed content or continue seeding after a download completes.

Online poker cheating blamed on employee

Well so that's a non-good way of proving your point ...eh?

Yahoo's "hackerwire" news coverage

ASP.NET ValidateRequest does not mitigate XSS completely

ACE Team's Eugene Siu has a brief post about why ValidateRequest isn't enough

Little Bobby Tables (from XKCD.com)

This is really hilarious... thanks to Spencer Low for forwarding it to me.

Mark's Blog - Mark Russinovich's blog is required reading. Its just amazing how he'll logically walk through common problems normal users just ignore or get frustrated by and finds the root cause of really common problems like freezing gadgets, files not copying or folders not compressing.

I've been reading Mark since High School when I used to pick up Windows NT Magazine, great stuff!

-techjunkie

Weekend Security Reading Round up Links - 10/12/07

techjunkie — Sat, 13 Oct 2007 08:55:00 GMT

All about the data: IT security starts with a data-centric worldview

ACE Team's Roger A. Grimes has posted a great summary of the importance of having a data-centric way of looking at things for computer/information security to work in an IT environment.

1st CTP of the SQL Server 2005 Driver for PHP available

Bill Staples announced the imminent release of the October 2007 Community Technology Preview of the SQL Server 2005 Driver for PHP which is now available for download. This is an early CTP release and designed to gather feedback from the community to help refine the design of the API, the feature set, and the target scenarios.

Inside MSRC: Microsoft SharePoint flaw explained

Top Ten least-known features of Windows Server 2008

WinRS (Windows Remote Shell) looks very interesting. You can read more about it here:

First Look: WinRM & WinRS: Two new tools from Microosft that can drastically help server and workstation management

How to prove your Digital Identity

ACE Team's Anmol Malhotra has a short post on his blog about digital identities. Anmol's also contributed a great whitepaper on Input Validation for Application Security which we'll be syndicating on this blog very soon, thanks Anmol!

Weekend Security Reading Round up Links - 10/5/07

techjunkie — Fri, 05 Oct 2007 21:37:00 GMT

What's hot in Microsoft security: White lists; Blue hats

A discussion on Symantec’s proposal to whitelist everything on a Windows box as well as a summary of Microsoft’s Bluehat

10 Microsoft Security Links to Blow Your Mind

Pretty self explanatory, no? :)

More eyeballs for .Net Framework code

Our own Eugene Siu talks about Microsoft’s decision to open up the .NET framework for review by developers under a shared source license

ASP.NET File Upload: How to prevent network clogging

Varun from ACE has posted a great little post developers accepting file uploads should take a look at

ARCast.TV - Security Chat from Slovenia

Channel 9 has a great video conversation on security recorded in Slovenia earlier in the year but just now posted up

Silverlight Security Series

Shawn Farkas has a great series of posts on Silverlight security starting from part I, then going on to part II and finally, part III! And of course, the obligatory cheatsheet as well :)

Updated: Removed some of the HTML gunk, oops.