http://keithpachulski.securitytactics.com/ Information Security, Privacy and Regulatory Compliance - Keith A. Pachulski - http://keithpachulski.securitytactics.com en Serendipity 1.5.2 - http://www.s9y.org/ Thu, 09 Sep 2010 08:44:17 GMT http://keithpachulski.securitytactics.com/templates/default/img/s9y_banner_small.png http://keithpachulski.securitytactics.com/ 100 21 http://keithpachulski.securitytactics.com/index.php?/archives/35-RANT-Non-existent-analyst-befriends-security-experts.html#c23 http://keithpachulski.securitytactics.com/index.php?/archives/35-RANT-Non-existent-analyst-befriends-security-experts.html#comments http://keithpachulski.securitytactics.com/wfwcomment.php?cid=35 nospam@example.com (school grants) Pretty nice post. I just stumbled upon your blog and wanted to say that I have really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon! Wed, 28 Jul 2010 13:57:47 -0400 http://keithpachulski.securitytactics.com/index.php?/archives/35-guid.html#c23 http://keithpachulski.securitytactics.com/index.php?/archives/2-Nmap-5-UDP-Application-Recognition.html#c20 http://keithpachulski.securitytactics.com/index.php?/archives/2-Nmap-5-UDP-Application-Recognition.html#comments http://keithpachulski.securitytactics.com/wfwcomment.php?cid=2 nospam@example.com (seto) nice post...thx Thu, 22 Jul 2010 12:42:14 -0400 http://keithpachulski.securitytactics.com/index.php?/archives/2-guid.html#c20 http://keithpachulski.securitytactics.com/index.php?/archives/21-UPDATED-Money-Laundering-The-Next-Generation.html#c16 http://keithpachulski.securitytactics.com/index.php?/archives/21-UPDATED-Money-Laundering-The-Next-Generation.html#comments http://keithpachulski.securitytactics.com/wfwcomment.php?cid=21 nospam@example.com (Tyler Krpata) Please feel free to report this kind of activity originating from Constant Contact to <a href="mailto:&#97;b&#117;s&#101;&#64;&#99;&#111;&#110;s&#116;&#97;nt&#99;&#111;n&#116;act.&#99;o&#109;.">ab&#117;&#115;e&#64;&#99;o&#110;s&#116;&#97;n&#116;&#99;&#111;n&#116;act&#46;c&#111;m&#46;</a> This particular account has already been terminated. Sorry for the inconvenience. Fri, 30 Apr 2010 20:56:37 -0400 http://keithpachulski.securitytactics.com/index.php?/archives/21-guid.html#c16 http://keithpachulski.securitytactics.com/index.php?/archives/18-Evolution-of-the-USB-Malware-Device.html#c14 http://keithpachulski.securitytactics.com/index.php?/archives/18-Evolution-of-the-USB-Malware-Device.html#comments http://keithpachulski.securitytactics.com/wfwcomment.php?cid=18 nospam@example.com (Jason 'XenoPhage' Frisvold) Couple of quick notes here..<br /> <br /> First off, this is PHP specific security, so if an attacker can get a perl or bash script in there, all bets are off. Using something else like mod_security might help here, but there are still ways around that as well.<br /> <br /> I highly recommend using Stefan Esser's excellent Suhosin module.. By default it secures a good portion of PHP, including auto-encryption of session files, better random number handling, and more. http://www.hardened-php.net/suhosin/index.html<br /> <br /> If you're running apache, make sure you set up some general apache security as well. At the very least, set ServerTokens to ProductOnly to prevent too much information leakage. It's a bit of security by obscurity, but it helps.. Defense in depth, eh? Mon, 26 Apr 2010 16:55:39 -0400 http://keithpachulski.securitytactics.com/index.php?/archives/18-guid.html#c14 http://keithpachulski.securitytactics.com/index.php?/archives/8-The-Botnet-evolution....html#c1 http://keithpachulski.securitytactics.com/index.php?/archives/8-The-Botnet-evolution....html#comments http://keithpachulski.securitytactics.com/wfwcomment.php?cid=8 nospam@example.com (Modern Celt) Very nicely done. Mon, 07 Dec 2009 23:02:18 -0500 http://keithpachulski.securitytactics.com/index.php?/archives/8-guid.html#c1