Lost+Found: Risk analysis, nmap and LinkScanner
Too short for news, too good to lose; lost+found is a round up of useful security information. Today, Risk analysis, nmap and LinkScanner
According to the Finish CERT, many networking product vendors are still working on a patch for the DoS problem discovered in a number of TCP stacks in October 2008: CERT-FI Statement on the Outpost24 TCP Issues.
Experiments carried out on four software developers have shown that too much risk analysis can lead them to develop a false sense of confidence. Rather than reaching a more realistic assessment of the project, the developers became ever more optimistic: More Risk Analysis Can Lead to Increased Over-Optimism and Over-Confidence.
Version 4.85BETA10 of the network scanner Nmap supports the Stream Control Transmission Protocol (SCTP). SCTP is an alternative to the TCP protocol and uses a 4-way handshake when establishing a connection. SCTP support is partially based on work by security services provider Compass Security.
AVG Technologies has made the full version of its AVG LinkScanner available to download for free. LinkScanner is intended to protect users from drive-by-downloads and phishing attacks by marking search results in Internet Explorer and Firefox which point to websites containing malware.