Burp Suite

Burp suite is an integrated platform for attacking web
applications. It contains all of the burp tools (proxy, spider,
intruder and repeater) with numerous interfaces between them
designed to facilitate and speed up the process of attacking a
web application. All plugins share the same robust framework for
handling HTTP requests, authentication, downstream proxies,
logging, alerting and extensibility.

Burp suite allows an attacker to combine manual and automated
techniques to enumerate, analyse, attack and exploit web
applications. The various burp tools work together effectively
to share information and allow findings identified within one
tool to form the basis of an attack using another.

Get more info at PortSwigger.net.


Microsoft Security Chief to Step Down

After four years at the helm of Microsoft’s security group, Mike
Nash is taking a break. This June he will go on sabbatical after
handing over responsibilities to his replacement, Ben Fathi.

led Microsoft’s Security Technology Unit during a period in which the
security of Microsoft’s products was increasingly scrutinized following
a number of worldwide worm attacks, including Slammer and MyDoom.

15-year Microsoft veteran was responsible for directing Microsoft’s
response to these threats as well as for setting its overall security
strategy as the software vendor struggled against a public perception
that its products were insecure.

From CSO Online.com.

US group wants China 'spy' probe

A US agency is calling for an official probe into
Chinese computer firm Lenovo's contract to supply 15,000 computers to
the US State Department.

The US-China Economic and Security Review Commission
(USCC) said it feared the PCs could be fitted with bugging devices to
spy on the US government.

Lenovo, which last year bought IBM's PC arm, said it had nothing to hide and would welcome the investigation.

<sigh>… Another American policital witchhunt.  Read the rest of the article on BBC News.

Little known Microsoft security utilities

Microsoft makes a big deal about security, but
sometimes a few of the company's security resources slip under the
radar. There aren't many, but there are a few obscure Microsoft
security utilities that deserve a little more publicity. In this
article, I will briefly describe several utilities that you may not
have heard of.

  • Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer
  • Security Risk Assessment for Midsize Organizations
  • Cipher Security tool
  • Port Reporter
  • PortQry
  • Malicious Software Removal Tool

Redd more from Brien M. Posey on SearchWindowsSecurity.com.

Feds nix Check Point's Sourcefire bid

A takeover bid by an Israeli firewall firm has become the latest
victim of US security protectionism. Check Point Software has dropped
its bid for US rival Sourcefire after objections from the FBI and
Pentagon were heard by the Treasury's Committee on Foreign Investments.

The Committee has also overseen the recent rumpus surrounding the
Dubai carve-up of P&O, which would put Arab business in control of
US ports.

Federal agency objections to the security software tie-up centre on
the implementation of Sourcefire's anti-intrusion software 'Snort' by
the Bureau and Department of Defense, AP reports. In private meetings
between the panel and Check Point, FBI and Pentagon officials took
exception to letting foreigners acquire the sensitive technology.

If the $225m deal had gone ahead as announced back in October, Check
Point would have got the rights to all patents and source code. Check
Point says the two companies will find ways round the roadblock. CEO
Gil Shwed said: “We've decided to pursue alternative ways for Check
Point and Sourcefire to partner in order to bring to market the most
comprehensive security solutions.”

From The Register.

Announcing the Atlanta Tivoli User Group

I'm pleased to announce the inaugural meeting of the expanded Atlanta Tivoli User Group (ATUG) now including both IBM Tivoli and Micromuse Netcool customers and interested parties.  This is a technically focused special interest group that will focus on more specific topics related to the IBM Tivoli (including Micromuse Netcool) family of products. 

The Atlanta Network and Systems Management TUG (ANSMTUG) is a broader vendor-neutral user group focused on the art of all things network, systems and application management, including the operations, business, people, process focus areas.  ANSMTUG will continue to have broad based meetings on a range of topics.

Please register as a Atlanta Tivoli User Group member and RSVP for the meeting on the webpage or with me here.

Main Tivoli User Group Website: http://www.tivoli-ug.org/

Atlanta Tivoli User Group Website: http://www.tivoli-ug.org/groups.php?groupid=145

Meeting time: Tuesday April 11th, 2006  4:00 PM – 8:00 PM

Meeting location: 4111 Northside Parkway, Atlanta, GA – Auditorium.  The meeting will be held at the Auditorium (ATL-HS-03-03F23) in the IBM facility (Hillside Building) located.  The Auditorium is on the 3'rd floor, which is the same floor as the lobby in the Hillside Building.
Get a Google Map to the IBM complex.

Meeting Agenda:

4:00 PM – 4:30 PM – Introductions – David Marques, All
4:30 PM – 5:45 PM – Micromuse Roadmap – Dan Tabor – BSM Product Manager, James Mellinger, Sr. Technology Evangelist, Doug McClure, Principle Architect, BSM/ITSM
5:45 PM – 6:15 PM – Dinner (provided by IBM)
6:15 PM – 7:30 PM – ITSM Strategy and CCMDB – Vinu Sundaresan
7:30 PM – 8:00 PM – Open Discussion

I look forward to meeting other Tivoli users and answering questions about NeuSecure.