Wired buffer overflow show

I came across this on Wired's website www.wired.com It's a flash program showing how a buffer overflow works. Pretty cool yet makes it look way to easy :) Generating shellcode is not for the faint. Here is the link http://ly.lygo.com/ly/wired/news/flash/special_reports_bugs_1.html

Microsoft Internet Explorer Vulnerability

Another one? Come on Microsoft, Smart people use Firefox www.mozilla.org. There is a window() object that fails to check code passed thru it correctly. An attacker can execute code to launch a shell and take over the computer. The IE user would have to view a HTML documnent or email to be affected.

Disable Active scripting.

Follow this link to check out a paper on malicious active scritping:
http://www.cert.org/tech_tips/malicious_code_FAQ.html#ie56

Cisco Vulnerability

Cisco just released a report warning of a flaw with OpenSSL www.openssl.org/ It is possible for an attacker to perform a man in the middle attack by spoofing IP addresses thru DHCP. DNS posioning is also a possibility only certain version of BIND are affected. For more information go here: http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml

Best computer security websites

Here are websites I frequent alot:

http://www.securityfocus.com
http://www.packetstormsecurity.nl
http://www.sans.org
http://www.cert.org
http://www.securiteam.com
http://www.linuxsecurity.com
http://www.phrack.org
http://www.neworder.box.sk
http://www.slashdot.org
http://www.google.com
http://www.securitynewsportal.com
http://www.infosyssec.com
http://www.snort.org
http://www.honeynet.org
http://www.dshield.org
http://www.astalavista.com
http://www.whitehats.com
http://www.incidents.org
http://www.microsoft.com
http://www.iss.net
http://www.cisecurity.org
http://www.networkintrusion.co.uk
http://www.isc.incidents.org
http://www.grc.com
http://www.foundstone.com

Web Programming

Have you ever seen acronyms like SOAP, XML, HTML and wonder what they are. Would you like to learn how to code in DTD, CSS or learn server scripting like PHP? This site shows you everything has awesome tutorials and is laid out easily.

http://www.w3schools.com/

Global Information Assurance Cert

Sans http://www.sans.org came up with a certification called GIAC. The basic cert is for security fundamentals. There are advanced topics like forensics, firewalls, incident handling, hacker techniques, and windows and unix OS information. This looks like a solid cert to obtain.

Here is all the certifications they offer:

http://www.giac.org/certifications/

TCP/IP

Need hep understanding IP addressing? Here is one of the best papers that Ive found on the net. Explains everything from subnetting to broadcast addressing. It also explains about the different classes such as A, B, C and D. http://www.bergen.org/ATC/Course/InfoTech/Coolip/

One of the best sites for Computer Security Training

I came across this site and it has a ton of information on different security certificates that are out there. http://www.cccure.org/

Looking for Information on CISSP

This is the official site to get information on obtaining your CISSP certificate. This site has alot of great information on it. Check it out here: https://www.isc2.org/cgi-bin/index.cgi

Hardware Modification

If your anything like me you like to take things apart and make them better, faster, smaller, lighter etc. Here are some great sites to help you out with your modding.

http://www.hackaday.com

http://www.makezine.com/blog/

Cpanel

My friend decided to host my website, I know have access to this program called Cpanel, its sweet, I have many scripts I can play with and best of all its running on a Linux server. Say goodbye to be stuck in some lame program where I cant even view the HTML :) It has full support for PERL, PHP its looks awesome.

http://www.cpanel.net