random security musings from 2 talks

talk1
software security architect
fosec.in
specialist knowledge in emerging hot topics
speaking skills
rock music-extreme sports
security stackexchange


talk2
visibility
what was 1 becomes 10..manageability & automation
change after virtualization- paswrds expire..new upgrades to be patched. root users
finding nmap/variants has been beaten to death
tools to find/remove/modify local accounts remotely exist.
full control for groups
bluetooth services..remote management services are on..wasted resources..and unnecessary holes
rogue registry entries
local workarounds prevent compliance
drive out the uniqueness
unapproved software
turn off user access control
reverify after patching
you are not supposed to do that


good one

Comments

Post a Comment

Popular posts from this blog

aigiri nandini - Brodha V you rock

Image
Avidyanam Antas-Timira-Mihira-Dweepa-Nagari Jadanam Chaitanya-Stabaka-Makaranda-Shruti Jhari Translation Oh gracious one you’re the sun that dispels the darkness of the unlettered You’re the stream of consciousness for the unthinking fool Daridranam Chinta-Mani-Gunanika Janma-Jaladhau Nimaghanam Damshtra Mura-Ripu-Varahasya Bhavati You are the all giving precious known for the pour For those crammed by the sea of Kerch and the dust soft above
Read more

Myths of Security. by John Viega

Market wants to believe that one security product will solve all their security problems. Update AV,software and talk to genuine sites online. good and bad intelligent guys. security is a performance overhead. Making things simple  can be difficult. There is no silver bullet for any solution. Intention: money,ego Nothing can ever be frozen in the software field. selling to endusers or companies? illegal software masquerading as legal. security  problem of browser. geting access to one pc on corporate lan. what data of yours is available on social networking sites can be used to create a personalized attack on you. compromise a website/page that has active users. rest attack. get control of a system and use it for further attacks using botnet software. vendors who do lots of different things are rarely best at anything. ad companies are evil. dat files or signature files. if there are no thieves, the police has no job. if there is no one to buy, the one who sells is out of job. what is ...
Read more

the art of mithila yves vequad

survived the innumerable vissitudes of history. countless recapitulations have resulted in an attitude of mind in which they can produce the most abstract designs without conscious effort. assertion of individuality is extremelyt limited. primarily religious paradoxical impermanence caused survival.recreate whenever lost. learning from one's elders. strong colours association with legend for a particular ceremony a design will take on a sanctity which it loses after the ceremony is over. rhythmic compositions. 3000 years India is not concerned with history in the ordinary linear sense. madhubani-vani..valmiki,kalidasa tantrikas are not concerned about winning converts. A disciple runs the risk of serious disorder by attempting independent tantric exercises without the guiding control of a guru. Use whatever surface is available to draw. Mithila is a matriarchical society. kohbar- proposal picture people live in extended family groups, in clans and not couple by c...
Read more