background preloader

NIST.gov - Computer Security Division - Computer Security Resource Center

NIST.gov - Computer Security Division - Computer Security Resource Center

Infosec Writers Text Library Disclaimer: Content in this library are provided "as is" and without warranties of any kind, either express or implied. InfoSec Writers does not warrant the use or the results of the use of the content in terms of their correctness, accuracy, reliability, or otherwise. In no event shall InfoSec Writers be liable for any damages - indirect, consequential or whatsoever - from usage of the content provided here. However, we are dedicated to providing QUALITY content, so we encourage you the reader to voice your queries or suggestions with regard to the technical accuracy/validity of any such content in this library. Re-posting ANY material, edited or not edited, (including files, text, design) off this site for public use is prohibited without prior authorization from us (or the respective owner/writer). To submit a text click here.

ECN News 2009-10-11: Gone inactive again, and I suspect this won't change again. If anyone is interested in taking over the database (stripped of personal information) please let us know and I'll be happy to provide a forwarding link). 2008-05-04: After a few years of inactivity we're actively processing submissions again Introduction This page was set up to make people aware of a problem surrounding the implementation of ECN (Explicit Congestion Notification) where communication between hosts using ECN and hosts which behave badly is completely cut off. ECN is a new development in the TCP/IP protocol suite which will help reduce congestion over heavily-loaded links, and so improve the running of the Internet. In short, "Products which (a) do not support ECN and (b) do not properly ignore ECN bits, are considered non-compliant." [1] If you are an organisation whose site is listed on the hall of shame, you may want to take a look at the links below for a list of some known broken products. Links

Special Publications (800) NIST uses three NIST Special Publication subseries to publish computer/cyber/information security and guidelines, recommendations and reference materials: SP 800, Computer Security (December 1990-present): NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials (SP 800s are also searchable in the NIST Library Catalog); SP 1800, NIST Cybersecurity Practice Guides (2015-present): A new subseries created to complement the SP 800s; targets specific cybersecurity challenges in the public and private sectors; practical, user-friendly guides to facilitate adoption of standards-based approaches to cybersecurity; SP 500, Computer Systems Technology (January 1977-present): A general IT subseries used more broadly by NIST's Information Technology Laboratory (ITL), this page lists selected SP 500s related to NIST's computer security efforts. Note: Publications that link to dx.doi.org/... will redirect to another NIST website.

Virus Bulletin : Independent Malware Advice How To Change a Windows 2000 User's Password Through LDAP You can set a Windows 2000 user's password through the Lightweight Directory Access Protocol (LDAP) given certain restrictions. This article describes how to set or change the password attribute. The password is stored in the Active Directory on a user object in the unicodePwd attribute. This attribute can be written under restricted conditions, but it cannot be read. The attribute can only be modified; it cannot be added on object creation or queried by a search. The syntax of the unicodePwd attribute is octet-string; however, the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). There are two possible ways to modify the unicodePwd attribute. The second way to modify this attribute is analogous to an administrator resetting a password for a user. The following two functions provide examples of these operations:

EDGAR System Skip to Main Content Company Filings | More Search Options EDGAR | Search Tools Free access to more than 20 million filings Since 1934, the SEC has required disclosure in forms and documents. EDGAR Search Tools You can search information collected by the SEC several ways: Custom searches Resources Researching Public Companies Through EDGAR: A Guide for Investors In this guide, you’ll find tips for using EDGAR and answers to frequently asked questions about researching public companies.

Professional Security Testers resources warehouse Mike Holt Tracing EMFs in Building Wiring and Grounding, by Karl Riley, 133p, many illustrations, MSI, 1995, $28.00 Rt. 1, Box 361A, Edgartown MA 02539 Phone: (508) 627-4719 Email: kriley3@ix.netcom.com Chapter on EMF and Wiring for Mike Holt’s book By Karl Riley I am often asked to recommend an electrician who is able to trace and correct wiring errors which are creating high magnetic fields in a building. Symptoms of 60 Hz EMI What causes clients to know they have a magnetic field problem? For residences the reason I am called in is often that the client has gotten hold of a gaussmeter (which measures AC magnetic field strength in milligauss – mG) and has obtained readings which are alarming based on the ongoing epidemiological research which shows a statistical link to some diseases like childhood leukemia, certain brain tumors, and Alzheimer’s disease at the 4 mG level. Magnetic fields due to wiring errors What kinds of errors create these fields? Grounding the neutral in dryers and ranges

Institute - SANS Top-20 2007 Security Risks (2007 Annual Update) Critical Security Controls for Effective Cyber Defense Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. Top 20 Critical Security Controls - Version 5 This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. You may use the following code to embed the 20 Critical Controls on your site:

Frei Remote-Exploit.org - Supplying offensive security products to the world JDMCOX Software Flexible One-Time Password MetaSystem High security multifactor authentication using aseries of single-use "passcodes" does not needto be expensive. In fact, it can be free... Generate your own unique set ofPrintable Paper Passcards right now: What is "Multi-Factor Authentication" . . . and why might you need it? Almost without exception, today's Internet users prove their identity online using a fixed account name and password. The trouble with a username and password is that they never change. To hear or read more about the important and fascinating topic of "Multi-Factor Authentication", you are invited to listen to the free audio (mp3) podcast Leo Laporte and I produced to address this topic. To learn more about the design, operation, and security of GRC's Perfect Paper Passwords system, you are invited to listen to a detailed description of the background and operation of this system, including a detailed discussion of the design and development path that led to this result.

Related: