October 2008

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Symantec launches online PC tech support services | News - Security - CNET News
   Give remote access to your system to Symantec and for $39.99 or $69.99 and they will solve your PC problems. I'll leave you to come to your own conclusions here.
2. Security policy being bypassed by employees, survey finds
   This article just reinforces that you have to make the security controls you put in place manageable and easy to use. You also need to make sure you are enabling your users to act securely. You, as a security professional, are doing your business a disservice if you force the users to make choices that place the business at risk because they can't get their jobs done efficiently due to onerous or poorly designed security controls.
3. Bush signs PRO-IP antipiracy law
   The PRO-IP Act has been signed into law. There is a bit of a difference of opinion as to if this is a good thing or not.

That's it for today. Have fun!

Subscribe to my RSS feed here.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Using Cain to do a "Man in the Middle" attack by ARP poisoning (Hacking Illustrated Series InfoSec Tutorial Videos)
   Irongeek has a video up showing how to use cain for man in the middle attacks.
2. The Security Catalyst >> Join me at the Microsoft Small Business Summit This Wednesday
   Michael (SecurityCatalyst) will be presenting at the Microsoft Small Business Summit on Wednesday. You can watch along live if you wish. Details inside.
3. Grumpy Hacker News Network: OWASP EU Summit 2008
   The OWASP EU Summit 2009 has been annouced. It will take place in Portugal from November 3rd to the 7th.
4. DarkMarket carder forum revealed as FBI sting * The Register
   This is great. The FBI setup a carder forum as a sting operation.
5. Top security suites fail exploit tests
   Secunia has a report out in which 12 security suites are tested and don't do very well at all. Read the report for the specifics, but if you throw a bunch of malware at a system that is un-patched, no amount of security software is going to protect you from getting infected.

If you like these posts, you can get them easily by subscribing to my RSS feed.

That's it for today. Have fun!

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Schneier on Security: Threat Modeling at Microsoft
   Schneier points us to a white paper by Adam Shostack on Microsoft's threat modeling methodology. I have only read the first part, but it looks interesting.
2. McGrew Security Blog >> Blog Archive >> Slides for a forensics class lecture on ext2/3
   Welsey has put up the slides for a talk he is giving about ext2/ext3 file system forensics. You should go check them out.
3. Apocalyptic Vulnerability Percentages - FUD 101 ha.ckers.org web application security lab
   A good read from RSnake about just how vulnerable are we.
4. PPT_VeriSign_Webcast_Brazil_20081008.pdf (application/pdf Object)
   Slides from a threat briefing on Brazil that was given by Brazil last week.
5. Carnal0wnage Blog: OWASP APPSEC 2008 Conference Videos Online
   Videos are out from the OWASP AppSec 2008 conference.
6. Matasano Chargen >> Blog Archive >> Detecting Anonymizing Proxies
   A good article on how to detect anonymizing proxies on you network.
7. Matasano Chargen >> Blog Archive >> Owning Networks With Soldering Irons and Radio Shack Parts
   A great walk through of Stephen's experience with a recent pen test that required him to do some hardware hacking.
8. Dell Launches SingleClick Remote Access - Host security News Wire - Dark Reading
   Dell is now offering a "Go to my PC" like service.
9. Over half of U.K. firms have lost data
   Ouch. On top of the pure mind boggling statistic that 55% of British companies have had a breach and that 49% have had more than one, is the finding that only 10% were considered to be the result of malicious entities. Go take look.
10. U.S. proposes digital signing of DNS root zone file
    The U.S . department is looking for comments on how to implement DNSSEC for records in the root zone.
11. Error puts data on 30 million German phone users on Internet (AFP) by AFP: Yahoo! Tech
    Not once, but twice now, the Deutsche Telekom has lost personal data. Lots of it.

    Hat tip: @mckeay

That's it for today. Have fun!
Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. The Ethical Hacker Network - Scooby Doo and the Crypto Caper
   Ed Skoudis has another hacker challenge up.
2. Frame Injection Fun | GNUCITIZEN
   Interesting article about frame injection along with some toys to play with.
3. Event Registration (EVENT: 115053)
   The next Blackhat Webinar is next week. Sign up now.
4. Turbo-charged wireless hacks threaten networks * The Register
   It's getting easier and cheaper to build machines that can more quickly break Wi-Fi encryption.
5. Metasploit Hacking Tool Now Open for Licensing - Desktop Security News Analysis - Dark Reading
   Metasploit is now as open source as it can be.

That's it for today. Have fun!
Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Network Security Blog >> Step by step guide to the DNS vulnerability
   Martin points us to a good walk-through of the DNS vulnerability that Dan Kaminsky discovered. As he says, it is very complete.
2. Matasano Chargen >> Blog Archive >> I broke Opera
   Looks like it's time to patch Opera.
3. Firefox add-on blocks 'clickjacking' attacks
   The latest version of Noscript protects against at least some clickjacking attacks.
4. How botnets use 'bullet-proof' domains | News - Security - CNET News
   Article pointing to a new study that digs into why it is getting harder and harder to shut down botnets.

That's it for today. Have fun!
Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Why Risk Management Doesn't Work (?!) | RiskAnalys.is
   Alex gives us another thoughtful post on risk management and analysis in reponse to some questions he received in light of a recent Dark Reading article called "Why Risk Management Doesn't Work" Interesting insights follow.
2. Career Advice from the POPE | Security Incite: Analysis on Information Security
   Mike walks us through the thought process he used recently to help him make the decision to take on another career challenge. Very good stuff.
3. 8 things you can do with a proxy
   Lori gives us a useful list of things that proxies can be deployed for. Don't forget that she recently gave us a great primer on what proxies are and the different types that can be setup.
4. Clickjacking Details ha.ckers.org web application security lab
   Rsnake has posted details on clickjacking.
5. New Cyber Security Awareness Videos for Families - Desktop Security News Wire - Dark Reading
   Kudos to CryberPatrol for offering this free resource.
6. Tenn. student indicted for hacking Palin's e-mail
   Like the title says, the individual allegedly guilty of "hacking" Palin's email has been indicted.
7. Asus admits Eee Box mini PC shipped with virus | Register Hardware
   I'd love to say this is the first time this has ever happened, but, unfortunately, I can't. Seems to happen fairly regularly from a variety of vendors.
8. Symantec to buy MessageLabs for $695M | News - Security - CNET News
   And the consolidation dance continues.
9. IT contractor caught stealing Shell Oil employee info * The Register
   Yup, another case of an insider stealing data. The external threat is important, but don't forget the issue of insiders who already have access to your information.

That's it for today. Have fun!
Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.

1. Business of Security
   Some interesting stuff on risk management and assessment and analysis.
2. LoJack for Laptops (the Free Version) - Freakonomics - Opinion - New York Times Blog
   Title kinda says it all.

   Hat tip: @catalyst

That's it for today. Have fun!
Kevin

{ 0 comments }