D90 Tools & Techniques

"So I can remember how I did stuff in the future…"

• Home
• About

Topics

• Auditing
• General Security
• Linux
• Networking
• Sysadmin Tools
• Uncategorized
• Web Hosting Tools
  • Lighttpd
  • Squid
• Windows

Archives

• November 2010
• October 2010
• February 2010
• January 2010
• December 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• March 2009
• February 2009
• December 2008
• November 2008
• October 2008
• July 2008
• May 2008
• April 2008
• January 2008
• December 2007
• October 2007
• September 2007

Handy References

• (Draft)
• SED One Liners
• Advanced Bash
• Advaned Bash (D90 Archive)
• ASCII Table
• Windows ALT Codes
• XHTML Codes
• CSS Codes
• SQL Reference
• Country / Language Codes
• CISCO IOS Reference

Search

Quick Reference Posts

• Favorite Commands
• Terms & Speeds
• Pre-press & Media
• Security Articles

Handy Services

• Whois
• IP Lookup
• MAC Address Lookup
• DIG
• Internet Traceroute
• MX Record Lookup
• File Transfer Speed
• Mac Address Lookup
• chmod calculator
• Internet Latency
• Akami Internet Visualization
• Unit Convertor
• Reverse Hash Database

Some Favorite Sites

• Schneier on Security
• Krebs on Security
• MalwareInt Blog
• CSO Online
• The Register
• Internet Storm Center
• Chronology of Data Breaches
• SANS Forensics Blog

More Favorite Posts

• Baloney Detector
• Default Passwords
• Data Center Naming
• Whole Building Design Guide

How do I do that again?

• Interpreting TOP
• Yahoo's Website Optimization Rules

Security Resources

• Professional Security Testers
• Open Source Security Test Methodology
• ISO 17799
• NIST Security Assessment Framework
• CERT OCTAVE Assessment Framework
• NSA System Hardening Guidelines
• Microsoft Baseline Security Analyzer, Other Tools, and Frameworks
• WebGoat Web Vulnerability Practice
• OWASP Web Application Vulnerabilities
• CyberCrime.gov Updated list of incidents
• Information Systems Audit Methodology
• Terry Ritter's Guideline for safe PC Banking
• Open Source Forensics

Forensic Resources

• Sleuth Kit

More Security Resources

• Typo Squatting

« Data Center Naming | Main | Subversion Stuff »

Security Articles

By Matt | October 20, 2007

The post is to serve as a library for good articles on general Information Systems security.

=================

Scott Berinato, October 2007 CIO Magazine
This series of three articles (plus a technical write up) contain an in-depth look at a sophisticated malware enterprise revolving around a piece of malware called “Gozi.”  As an example of the sophistication:

Some machines, like some stocks, would under perform and provide little private information. But others would land the subscriber a windfall of private data. The point was to subscribe to several infected machines to balance that risk, the way Wall Street fund managers invest in many stocks to offset losses in one company with gains in another.

While the U.S. Military may protect our shores from national attacks, and Immigration and other police services can keep most of the criminals physically outside our borders — over the coming decades organized, criminal attacks against our information systems are likely.

Article 1

Article 2

Article 3

Gozi Technical Write-up

====================

2009 Verizon Data Breach Report

====================

SANS Evolving Security Threat Report

This report includes this very nice graph using data from the Verizon 2009 Report:

Topics: Auditing, General Security | No Comments »

Comments

You must be logged in to post a comment.

D90 Tools & Techniques is proudly powered by WordPress - Designed by RFDN
Entries (RSS) and Comments (RSS)