Highest Rated
Disaster Recovery
Disaster recovery is the process of regaining access to the data, hardware and software necessary to resume critical business operations after a natural or human-induced disaster. A disaster recovery plan (DRP) should also include plans for coping wi...
The Biggest Challenges Facing Spam-Fighters
This article starts off by providing frightening SPAM statistics, such as; "roughly 75% of internet mail is SPAM." The author then talks about the economics of SPAM bots and his conversation with different anti-spam vendors. It covers many...
Netcat for the Masses
Dean DeBeer submits this paper on usage of the swiss army knife of technology, Netcat.
Unique Group Policy Security Settings
Enforcing Group Policy Security Settings (including some in-depth Registry hacks), and some of the most common scenarios where security settings do not behave as they appear.
OS and Application Fingerprinting Techniques
This paper will attempt to describe what application and operating system (OS) fingerprinting are and discuss techniques and methods used by three of the most popular fingerprinting applications: nmap, Xprobe2, and p0f. I will discuss similarities an...
Getting a CISSP
Kerry Thompson provides this first hand account of his experience's with the CISSP. "In March of 2001 I started on a mission : to get a CISSP certification. "Easy", I thought, do some studying, sit an exam, pass with flying colors, t...
Distinguishing attack on FastFlex stream cipher
Fastflex is a fast and flexible stream cipher that is designed for hardware and software environments. In this article,written by Mohammad Ali Orumieh Chi Ha, we point out that the keystream generated from FastFlex can be distinguished from a truly r...
Business Contingency Planning and Post September 11th, 2001
Brett Pladna submits this paper that discusses the lessons learned by many companies following Septemeber 11th, 2001.
Web Application Hacking vs the IDS
This paper discusses the constantly changing landscape of web application hacking and how this can be detected with an Intrusion Detection System (IDS). The author pays particular attention to encoding, or the process by which information is taken f...
Hacking WEB 2.0
In this paper, written by Petko Petkov, he outlines some of the dangers of Web2.0 by combining fictional stories with technology that is real. Each story begins with a prologue, which introduces the problem, and finishes with a conclusion, which summ...
"Holistic" Enterprise Anti-Virus Protection
The year 2001 was the year of the enterprise virus attack. Code Red and Code Red II, Nimda, SirCam, Badtrans and Magistr all spread widely and all affected enterprises adversely. E-mail servers were stressed and in some cases shut down under the load...
Security Implications of the Virtualized Data Center
More than anything, we should be thinking today about where virtualization security will take us tomorrow. We all agree that visualizations is for the better and it's here to stay, but security administrators need to make sure they keep ahead of ...
Web Application Security: Harder than you think
I was reading an advertisement the other day, from some company offering web hosting services. They were offering their services as secure on the basis that they used "SSL Certificates", "Firewalls", and "VPNs" ( plus a few ot...
Debunking the Microsoft Monoculture
In September 2003 the Computer and Communications Industry Association ( CCIA ) published a paper authored by a number of highly-respected members of the IT security community titled CyberInsecurity: The Cost of Monopoly. What follows is an objectiv...
The Patriot Act and Illegal and Legal Electronic Warrantless Searches
A very insightful look in to the United States' Patriot Act and what it means to you by Karen Watson.
