To build a good security monitoring program, logs are critical. They feed almost everything we do in monitoring from event correlation to auditing. We need logs from things such as security tools, network devices, servers, databases and applications in order to have an understanding of what is happening. Any SIEM, ...

The Eastern Seaboard power blackout that occurred in 2003 (started at 4:10 on Aug 14, 2003, with the recovery varying by region) was a milestone in many of our lives. Not only was it full of personal consequences - I can remember my wife calling me in a panic ...

Although none of us seems to have seen any warning, Adobe has released 5 bulletins today. Overview of the August 9th 2011 Adobe Patches. # ...

Today is pretty quiet, so I want to sharewith you a partof mySANSFIRE presentation last july in Washington D.C. Cisco Embedded Event Manager and TCL programming The Cisco Embedded Event Manager (EEM) started with IOS 12.3(4)T and 12.0(26)S. Its main goal is to to detect events inside Cisco IOS devices like SNMP ...

Today is pretty quiet, so I want to sharewith you a partof mySANSFIRE presentation last july in Washington D.C. Cisco Embedded Event Manager and TCL programming The Cisco Embedded Event Manager (EEM) started with IOS 12.3(4)T and 12.0(26)S. Its main goal is to to detect events inside Cisco IOS devices like SNMP ...

For those of you that weren't at SANSFIRE 2 weeks ago, this was the title of the talk Igave there. At the time, Isaid Iwanted to start a dialog with our readers, so this evening, I'd like to start that. At the IPv6 summit just before SANSFIRE, Iheard IPv6 referred ...

Citrix has identified a vulnerability in the XenApp and XenDesktop which could potentially be exploited by sending a well crafted packet to the XML vulnerable component. The code will run with the privileges of the service. Citrix has posted a list of versions vulnerable to this issue with the hotfixes available ...

Application session management (or rather the lack thereof) is still one of the most frequently exploited vulnerabilities in web apps.OWASP contributor and fellow SANS ISC Handler Raul Siles has now put together a nice OWASP cheat sheet on things to consider when designing or reviewing web application session handling. One ...

Application session management (or rather the lack thereof) is still one of the most frequently exploited vulnerabilities in web apps.OWASP contributor and fellow SANS ISC Handler Raul Siles has now put together a nice OWASP cheat sheet on things to consider when designing or reviewing web application session handling. One ...

Once you are over the online install experience, the upside down mouse gestures and all the other bling that comes as part of OS X Lion, it is time to look at what has changed from a security point of view. Apple doesn't exactly advertise security features, but Lion provides ...