I made an error in the how-to on configuring the system to automatically boot to persistent mode.
Instead of ‘Default 5′, it should be ‘Default <label>’ where label is the text following the ‘label’ line for the menu option you want to boot. In my case it looks like ‘Default ubnentry5′.
I apologize for the confusion and the how-to has been updated.
-Kevin
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- Hmmm. Data leakage anybody? Didier is at it again.
Embedding and Hiding Files in PDF Documents << Didier Stevens
Tags: ( pdf )
- Looks like we need to tighten our belts when thinking about DR. Symantec has released their survey results.
Symantec releases Disaster Recovery survey results – Security
Tags: ( dr bcp symantec )
- Rybolov has a post up that really should be read. He points out that including regulatory/standards control language in a contract is not equivalent to a “buildable, testable, measurable, and achievable” security control.
Your Security “Requirements” are Teh Suxxorz | The Guerilla CISO
Tags: ( controls requirements )
- The first vulnerability in third party tools that use Twitter has been published.
TwitPwn: MoTB #01: Multiple vulnerabilities in bit.ly service
Tags: ( twitter )
- GO READ THIS! NOW! It is great! (Don’t drink while you read it!)
BSOFH: All’s fair in security and war.
Tags: ( humor )
- Some interesting stuff on vulnerability scanning the cloud.
Anton Chuvakin Blog – “Security Warrior”: Vulnerability Scanning and Clouds/SaaS/IaaS/PaaS
Tags: ( pci cloud )
- This is pretty cool. Write-ups on the DefCon 2009 CTF qualifiers.
Defcon CTF Quals 2009 Writeups
Tags: ( defcon ctf )
- This is great. Looking forward to hearing more about it in the future. Way to go Wesley!
GhostExodus, the ETA, and a Control-Systems Incident at Carrell Clinic (Part 1) << McGrew Security Blog
Tags: ( crime-doesnt-pay )
- Barclay’s 2009 Interim Security Market report is out. The web page is a little confusing, but the pdf is for the 2009 report.
Information Security Interim Market Report July 2009 – Barclay Simpson
Tags: ( career )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- Ryan has put together a very nice article about KisMAC. Now I just need to buy a Mac so I can try it out
The definitive KisMAC article.
Tags: ( wireless hacking )
- I saw this when Justin tweeted it. You should take a look if you missed it.
Developing Security: Top 10 signs you are a Security Twit
Tags: ( humor )
- Richard puts pen to paper and figures out what you could do with a million dollars as a blackhat. Answer: Just about anything you want to.
TaoSecurity: Black Hat Budgeting
Tags: ( hacking )
- Christofer has lost his mind and can’t remember what he was doing when he created the diagram in this post. He is looking for you to help him remember. If you give him the best answer, he will even give you enough to buy several Hoffacinos.
Rational Survivability >> What The Hell Was I Thinking?…Help Me Remember & Win $25
Tags: ( challenge )
- Part 2 of the Application Security Street Fighter blog’s exploration of PHP and session attacks is up.
AppSec Street Fighter – SANS Institute >> Session Attacks and PHP – Part 2
Tags: ( php session )
- Need some log data for research? Anton is here to help you out.
Anton Chuvakin Blog – “Security Warrior”: Free Log Data For Research!
Tags: ( logs )
- This is nifty. Rob has created a way to drop the metasploit framework on a target as a payload. Very fun.
Room362.com >> Blog Archive >> Metasploit Framework as a Payload
Tags: ( metasploit )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- The CFP for BSides Talks in Vegas is open.
Security B-Sides / BSidesLasVegasTalks
Tags: ( conference )
- Be careful with those quizzes on social media sites. You might be giving away more than you intended to, like your identity.
How I’m going to use social networking to steal your identity!
Tags: ( identity )
- An easy way to remember how to get to the sysinternals tools no matter where you are.
Sunbelt Blog: Using live.sysinternals.com as an ad-hoc analysis toolset
Tags: ( sysinternals tools )
- You probably already know, but Clear is gone. Steve shares some thoughts about this.
Steve Goodbarn: Clear and Present Bankruptcy
Tags: ( iisn clear )
- Dave shares a few things about auditors that you should probably keep in mind when you are at their tender mercies.
ShackF00 >> 10 Things Your Auditor Isn’t Telling You
Tags: ( audit compliance )
- Dideir is at it again. This time injecting VBScript into running processes.
bpmtk: Injecting VBScript << Didier Stevens
Tags: ( injection code dll )
- Lori tells us five questions we should ask when looking at load balancing in the cloud and why we should ask them.
Five questions you need to ask about load balancing and the cloud
Tags: ( cloud )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- There is some confusion about when the bi-hourly shutdowns for Windows 7 Beta start. They start July 1st, 2009.
Clarification on the Date for Bi-hourly Shutdowns for the Windows 7 Beta – Windows 7 Team Blog – The Windows Blog
Tags: ( windows-7 beta )
- More ASP.Net and session attacks. Good stuff.
AppSec Street Fighter – SANS Institute >> Session Attacks and ASP.NET – Part 2
Tags: ( asp.net session )
- Here’s an interesting exploration of the validity of the election returns of the recent presidential election in Iran.
The Devil Is in the Digits: Evidence That Iran’s Election Was Rigged – washingtonpost.com
Tags: ( election iran )
- A nice article on writing information security policies.
How to Write an Information Security Policy
Tags: ( policy )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.
Here are today’s Interesting Information Security Bits from around the web.
- A new packet challenge is up at I Smell Packets.
Packet Challenge – Name that Exploit << I Smell Packets
Tags: ( challenge packet-capture )
- This is an interesting post with some thoughts that can be extended well beyond virtualization.
View Yonder >> Free the Gladiators!
Tags: ( virtualization )
- This time a peak at php and sessions.
AppSec Street Fighter – SANS Institute >> Session Attacks and PHP
Tags: ( session )
- Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
On “PCI Letter”
Tags: ( pci letter )
- Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
Shutting Down XSS with Content Security Policy at Mozilla Security Blog
Tags: ( csp mozilla )
- Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
Rational Survivability >> Incomplete Thought – Cloudanatomy: Infrastructure, Metastructure & Infostructure
Tags: ( cloud )
- The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
Apache HTTP DoS tool mitigation
Tags: ( apache dos )
- RSnake take a look at detecting man-in-the-middle proxies.
Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
Tags: ( mitm )
- Lori offers some thoughts on IPv6 that you should also be thinking about.
You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
Tags: ( ipv6 )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Woot. Offensive Security has released Backtrack 4 Pre-Final to the public.
I updated my Backtrack 4 USB/Persistent Changes/Nessus How-to a couple weeks ago with instructions, but a public link was not available. The how-to has been updated with download locations and links to the md5sum and sha256sums.
Have fun.
-Kevin
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- This really is not good from an enterprise security perspective.
Opera Unite: A Great idea or horrible security risk? – Security
Tags: ( browser opera )
- As Martin says, Level 2 merchants are now faced with a little bit higher bar to get over.
Network Security Blog >> Level 2 merchants are going to have to get serious about PCI
Tags: ( pci )
- Andrew has started a series on SIEM. Check it out for some good advice.
Andrew Hay >> Blog Archive >> A SIEM Solution is Like a Garden
Tags: ( siem )
- Rafal talks about a nifty looking tool that I’ll be checking out.
Digital Soapbox – Preaching Security to the Digital Masses: Watcher – Web Vulnerabilities Served Up Passively
Tags: ( tools webappsec )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Published on
June 17, 2009 in
Interesting Bits.
Tags: dos, education, http, humor, kindle, malware, opera, session, source code, Wireshark.
Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- ISC has a nifty services file that also includes a bunch of ports on which different trojans and malware listen.
http://isc.sans.org/services.html
Tags: ( ports malware )
- Here’s a little something to play with in your reversing lab, the Kindle machine readable source code.
Amazon.com: Help > Digital Products Help > Amazon Kindle Wireless Reading Device > Amazon Kindle Terms, Warranties, & Notices > Source Code Notice
Tags: ( kindle )
- Amusing.
YouTube – 50 Ways to Inject Your SQL
Tags: ( humor sql )
- The entire Penetration Testing and Vulnerability Analysis course at Polytechnic Institute of New York University is now available on the web for free. Very cool.
Penetration Testing and Vulnerability Analysis – Home
Tags: ( education )
- The start of what looks to be an interesting series on session attacks against ASP.NET.
AppSec Street Fighter – SANS Institute >> Session Attacks and ASP.NET – Part 1
Tags: ( asp.net session )
- Opera release version 10 of its browser yesterday and it contains something new called Unite. It should scare you if you are responsible for protecting your enterprises data assets. Any user can now quickly and, supposedly, easily setup a web server/service.
Boaz Gelbord: Opera Invites You to Join the Cloud
Tags: ( opera browser )
- A new version of Wireshark has been released. Wireshark is an awesome open source network sniffer that is very robust and full of functionality.
Wireshark 1.2.0 released
Tags: ( wireshark packet-capture sniffer tools )
- Interesting. Low bandwidth denial of service on a web server without affecting other services and easily started and stopped.
Slowloris HTTP DoS ha.ckers.org web application security lab
Tags: ( dos http apache )
That’s it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
