http://www.packetsource.com en-us In September 2003 the Computer and Communications Industry Association ( CCIA ) published a paper authored by a number of highly-respected members of the IT security community titled CyberInsecurity: The Cost of Monopoly. What follows is an objective critique of the Cyberinsecurity paper, and here I raise some serious questions about the paper's conclusions. I won't repeat parts of the paper here, it is strongly advised that the reader reads the CCIA paper before proceeding. http://www.packetsource.com/servers-and-systems/microsoft-security/debunking-the-microsoft-monoculture-7060.html Sun, 11 Nov 2007 07:05:38 PST http://www.packetsource.com/servers-and-systems/microsoft-security/debunking-the-microsoft-monoculture-7060.html CCIA and the report's authors have arrived at their conclusions independently. Indeed, the views of the authors are their views and theirs alone. However, the growing consensus within the computer security community and industry at large is striking, and had become obvious: The presence of this single, dominant operating system in the hands of nearly all end users is inherently dangerous. http://www.packetsource.com/servers-and-systems/microsoft-security/cybersecurity-the-cost-of-monopoly-7059.html Sun, 11 Nov 2007 06:56:53 PST http://www.packetsource.com/servers-and-systems/microsoft-security/cybersecurity-the-cost-of-monopoly-7059.html I was reading an advertisement the other day, from some company offering web hosting services. They were offering their services as secure on the basis that they used "SSL Certificates", "Firewalls", and "VPNs" ( plus a few other buzzwords ). Sounds great, but does this make their websites secure? http://www.packetsource.com/attacks-and-exploits/web-security/web-application-security-harder-than-you-think-7025.html Wed, 07 Nov 2007 10:35:48 PST http://www.packetsource.com/attacks-and-exploits/web-security/web-application-security-harder-than-you-think-7025.html Kerberos is technically an authentication protocol. It basically provides a protocol in which users can authenticate themselves to the Kerberos system, and Kerberos will then manage the users authentication to other systems. In short, it is a form of single-sign-on system – where the user ideally enters their password only once to access all aspects of the systems to which they are allowed access. http://www.packetsource.com/cryptology/authentication/kerberos-in-practice-6989.html Sun, 04 Nov 2007 08:19:20 PST http://www.packetsource.com/cryptology/authentication/kerberos-in-practice-6989.html Kerry Thompson provides this first hand account of his experience's with the CISSP. "In March of 2001 I started on a mission : to get a CISSP certification. "Easy", I thought, do some studying, sit an exam, pass with flying colors, then sit back wait for the job offers to come rolling in. I was wrong. Really wrong." http://www.packetsource.com/certifications-and-career/isc2/cissp/getting-a-cissp-6988.html Sun, 04 Nov 2007 06:16:58 PST http://www.packetsource.com/certifications-and-career/isc2/cissp/getting-a-cissp-6988.html