• skipfish : this is not a security scanner to depend on

    "However, the Skipfish scanner is not meant to be a replacement for commercial scanners, it appears. Google says in the documentation that the scanner doesn't meet many of the evaluation criteria set out by the Web Application Security Consortium for such scanners, and also "extensive database of known vulnerabilities for banner-type checks." source

    It is just one of these tools that you use in combination with a series of other free tools before you use a commercial scanner and the professional hands-on penetration tester (depending on the criticality of your infrastructure)

    Just don't think that after you have used it your infrastructure is secure. If this tool finds some problems, you have a problem but if it didn't, this doesn't mean anything.


  • sharepoint the ultimate Swiss cooperation tool

    "While Microsoft’s Windows sales fell for the first time in history this year, its SharePoint sales have gone up. Microsoft declines to break out the exact sales figures for the software but said that SharePoint broke the $1 billion revenue mark last year and continued to rise past that total this year, making it the hottest selling server-side product ever for the company"

    It is no wonder. You have in one platform : a wiki, a photo platform, RSS feeds, blogs, virtual meeting rooms, working together on documents, archiving and indexing files and I could be going on and on.

    If I would like to do that with open source or other tools I would have to install a bunch of applications and servers that would all need to maintain and that all have their specifics. More-over it is free for the version you use on your server. You only pay once you need a global server and service for all of your individual sharepointservers. Thus you start with a free service so everyone get acquainted to it and only upgrade to the global version once you have tested and implemented the local versions as Proof of concepts. It also makes it easier to prepare for the hardest part, security.

    Security in Sharepoint is not so easy and in some networks it will need some new products just to let you manage those users and a multiply of documents across the network.

    Sharepoint could change the way people will think about software and functionality. You have all those functions (wiki, blog, foto,....) on one platform and on one server making it so easy to manage and secure. Forget all those applications for each seperate functions. It is the functionality stupid, not the software. Sometimes it seems that the software is more important than the function. Because if the software is no problem anymore, you could add as much functions as needed.

    So we will be hearing a lot more about sharepoint. Try it - on one server it is free.

    PS for many hosters it could also be the golden opportunity to go from 'attackable' free to do whatever stupid thing you do to a more controlled but more functional environment.

  • some freeware a day in a special blog

    I am keeping useful freeware at different computers at different places so I am organizing them and while doing this, in the spirit of the rest of this blog it is open for the public to use - not to abuse

    Because I am not going to download from hundreds of sites, I have organised my online library with copies. THey may not be the latest, so you should always control if there are newer versions. Normally there is a page monitoring tool but in the present conditions I can guarantee anything about instant updates.

    But it will become a nice collection to use every day. The other objective is to diminish the number of posts here and to use dumpblogs for the other stuff, dumpblogs that are blogs where I just dump the stuff without much work and promotion and other stuff.