Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Other miscellaneous stuff I've come across recently - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Other miscellaneous stuff I've come across recently

 

Complexity is bad for security

 

I've mentioned before that I read Spaf's blog.  He doesn't post too often, but he had a story last week that really resonated with me (and he referenced the story where the Mac+ beat a new AMD machine running XP in 53% of the tests they ran).  I started programming on machines where 256KB was a lot of RAM and 256MB was a lot of whole lot of disk (yes, I have been doing this a while).  Everyone likes all their new features, but that has resulted in bloated unmaintainable code and the size and complexity has a cost in security.

 

Honeypot-type fake service scripts/tools


Also, these fake SMB tools have been out a couple of months, but I missed them until they were mentioned this morning on the Darknet blog.  These are useful additions to the tools I run in my malware analysis environment to spoof other services.  Also, on the French Honeynet Project tools page are fake SNMP tools that I'll have to take a look at too.  Does anyone have a good compilation of these tools?  Let me know via the contact page and I'll summarize the results next week.

 

Jim

402 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!