Just wanted to throw out a recommendation for one of my favorite sites on the web: SecurityFocus.com. If you have any desire to keep up with the world of security, you need to bookmark this site. From their excellent columnists, to their security mailing lists and the famous Bugtraq, SecurityFocus offers excellent resources for the security-conscious computer user.
Their articles are aimed at the more “tech-savvy” readers, but I think they will be accessible to just about anyone with a decent grasp of the basics. The columns are often opinion pieces and best practices related to current hot security issues and can provide valuable insight into current hot topics in the security world. I consider SecurityFocus to be an indespensable resource and could not recommend it more highly.
Tags: bugs, infosec, security, securityfocus, vulnerabilities
Excellent resource. And I mean that. I used this site to get some information on a new hack that is out for VNC (a remote network kvm application). I was using this application with a port forward from a firewall at my in-laws house. Yes, I know I should have been forwarding the connection through SSH or some other secure connection, but I didn’t, ok? Well anyway, someone used a kit that bypassed the authorization on my in-laws’ VNC server. This allowed them to log in without a password and they installed an IRC rootkit and ftp server.
So, be aware that there is a new version of VNC that should have fixed this problem. Please, if you use VNC and are open to the Internet, get the latest version of VNC.
Philip Williams
June 5th, 2006