Tuesday, November 23, 2004

Anti-spyware products go head-to-head

Want to know how well your anti-spyware software does against a collection of some of the nastiest spyware out there? Eric Howes wanted to know, so he tested a bunch of them. His comprehensive report is here. Consider this mandatory reading, though I wish he had done a little more analysis of the results.

Monday, November 08, 2004

Pen Testing Explained

Ever wondered just what a penetration test is, or how it is performed? Wonder no more. Infosec Writers has posted an interesting presentation by Debasis Mohanty entitled Demystifying Penetration Testing. This is really well done, and I highly recommend it.

Monday, November 01, 2004

Oxford Suspends Two Over "Hacking"

I've commented on this story before, but SecurityFocus.com is reporting that Oxford University has suspended two students for "hacking" their network, then publishing the results in the school paper. The students claim they did it to point out the school's lousy security, but that's a weak excuse at best. They violated the policy without permission, and got busted. Score one for the Oxford IT department.

Sobig Author Identified?

A year after the big virus bounty was announced, authorities still have yet to make an arrest in the Sobig case. One group of anonymous forensic programmers has released an exhaustive analysis of the code and related factors. Their research even leads them to name a specific individual. I don't know if their conclusions are correct or not, but the paper showcases an amazing investigative effort. It's well worth reading.