I've been working hard to get more security related work back into my schedule.

And so..... I'm starting a new "season" of the Digital Blackbelt webcast series.

If we get enough interest I'll do some give-a-ways and such !

SIGN UP NOW !!!! Here are the first 3 dates !

11/3/2008; 11:00 AM (PST)
Convincing Management: The Business Case for Adding Security to the Development Life Cycle
[ Click HERE to Register ]

11/10/2008; 11:00 AM (PST)
Security Development Lifecycle: Building an Intentionally Secure Development Process
[ Click HERE to Register ]

11/24/2008; 11:00 AM (PST)
Threat Modeling for Software Developers
[ Click HERE to Register ]

This book is OFF THE HOOK !

Wanna REALLY dissect a running application ?

IDA Pro is THE tool of choice for disassembly and the crackers choice because of it's raw power.

Whether you need to solve a tough runtime defect or examine your application security from teh inside out IDA Pro is a great tool and this book is THE guide for coming up to speed.

From the book description ....

I haven't tried it yet, but what a great idea !!

http://pcdecrapifier.com/

Application Development Trends reports on Google Chrome Security Issues

Read the complete story here - http://adtmag.com/article.aspx?id=23205

The Deep Fried Bytes guys caught  up with me at DevLink and we had a talk about developer security needs, mistakes, activities, etc !

Listen Here http://deepfriedbytes.com/

ZDNEt Reports .....

The U.S. Computer Emergency Readiness Team (CERT) has issued a warning for what it calls “active attacks” against Linux-based computing infrastructures using compromised SSH keys.

The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2″ is installed, US-CERT said in a note on its current activity site.

From the advisory:

• Phalanx2 appears to be a derivative of an older rootkit named “phalanx”. Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.

[ Read the article on ZDNet ]

More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat’s OpenSSH packages.

The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned “an issue in the infrastructure systems” and calls into question Red Hat’s ability to promptly — and accurately — disclose security breaches.

[ Read the full article HERE at ZDNet ]

Data Structures and Algorithms: Annotated Reference with Examples

This book written by Granville Barnett and Luca Del Tongo is part of an effort to provide all developers with a core understanding of algorithms that operate on various common, and uncommon data structures.

Data Structures and Algorithms: Annotated Reference with Examples is completely free!

[ CILICK HERE ]

#8 | Changing Membership Settings in the Default Membership Schema

#9 | Configuring SQL To Work with Membership Schemas

#10 | Understanding ASP.NET Memberships

[ Get them here ]

Lots, even MOST PHP applications are Open Souce but what if you want to distribute your application but don't want to distribute your PHP Source Code ?

Check out Nu-Coder from NuSphere.

Nu-Coder converts the source code of PHP Script into compiled PHP bytecodes for both accelerated runtime performance and maximum security.

http://www.nusphere.com/products/nucoder.htm