November 2008

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. Use these practices to significantly improve the security of your code.
   Top 10 Secure Coding Practices - CERT Secure Coding Standards
2. Here are the secure coding standards for Java, C, and C++ developed by CERT.
   CERT Secure Coding Standards - CERT Secure Coding Standards
3. A nifty free resource on secure programming in Linux and Unix environments.
   Secure Programming for Linux and Unix HOWTO -- Information on Creating Secure Software
4. CG has part one posted of a neat walk-through on using metasploit to find out some things about oracle databases.
   Carnal0wnage Blog: Oracle Pwnage with the Metasploit Oracle Modules Part 1
5. Jack points out that just because your brower is not keeping track of where you going (incognito in Chrome) doesn't mean that you are leaving no tracks.
   Uncommon Sense Security: Not so private "private browsing"
6. SynJunkie has a very cool project going on. He is writing a demonstration or walk-through of a simulated pen test. Parts one and two are up. Very cool.
   SynJunkie: The Story of a Hack - Introduction
7. This is an interesting concept.
   QuickStudy: Identity-based encryption
8. This looks to be fun to play with.
   NetWitness To Release Free Cyber Forensics Software -- Network Forensics Security
9. I have talked before about privacy and the amount of information that is present on the intarwebs previously. This article walks through an attempt to remove some of that info that you no longer want available on the nets.
   Deleting your digital past -- for good

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. RSA Conference 365: RSA Conference Blog: Ramping up for RSA Conference 2009
   Looks like registration opens today for RSA Conference 2009 in San Francisco. Press registration doesn't open until January for those interested.
2. Interview with the SANS CEO - Part I: INFOSEC in Rural Areas
   Jeff had the opportunity to sit down and talk with Steven Northcutt. This is the first part of that interview. Well worth spending a few minutes to read.
3. The Dark Visitor >> Chinese hacker attack flowchart
   As has been mentioned in other arenas, the online criminal community is no longer just a bunch of script kiddies. They are organized, focused and have good processes. This flowchart is a good example.
4. PCI Blog - Compliance Demystified >> Blog Archive >> Visa sets global PCI DSS deadlines
   Check out this article so you will be aware of some upcoming global deadlines that relate to PCI DSS.
5. Emergent Chaos: SDL Announcements
   There is some very cool stuff going on in SDL. New tools, models, and support networks.
6. Google patches Chrome file-stealing bug
   Yup, Google also has to patch a browser.
7. Apple plays catch-up, ads anti-fraud safeguard to Safari
   Apple joins the rest of the worlds browsers by finally offering anti-fraud functionalitly.
8. AVG slaps Trojan label on Adobe Flash * The Register
   Looks like AVG really needs to get a handle on the quality assurance testing. Yet another miss-labeled file that breaks systems.

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. ISP Cut off From Internet After Security Concerns - Business Center - PC World
   Interesting story about the shutdown of McColo.
2. $10k hacking contest announced | Zero Day | ZDNet.com
   Want to test your l33t skillz? Here you go.
3. Black Hat (r) : The World's Premier Technical Security Conference
   Call for Proposals is not open for Blackhat DC 2009 and Blackhat Europe 2009
4. Mozilla fixes 11 new flaws in Firefox, six critical
   Time to update. Details inside.
5. Microsoft explains seven-year-old patch delay
   Short answer: It was really hard.
6. On Security & Risk Management Innovation | RiskAnalys.is
   Alex has posted a great article on risk management and innovation. You will not regret giving it a read. It has a great suggestion for dealing with budget cuts.
7. Myth or truism? Security experts judge conventional wisdom - Network World
   This article is a nice read. It is interesting to read the different view points of the respondents to the same questions.
8. Carnal0wnage Blog: Passing the Hash and other fun with Tenable smbshell
   CG points out some interesting things we can do with the smbshell tool that is provided by Tenable as part of Nessus.

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. Rich has returned to a series he started some time ago. Some good info for us to consider.
   Database Encryption- Option 1, Media Protection | securosis.com
2. This is very cool. Q1 has a new toy for us to play with. Go check it out.
   Free Q1 Labs tool collects logs, manages security and compliance
3. Oops. Looks like AVG did a bad thing to Windows XP users. They are not alone is this type of error though.
   Update: Flawed AVG antivirus update cripples Windows XP PCs
4. Some interesting information on the recent Android vulnerabilities that have been patched.
   Google details 'reboot' bug, Android security fixes | Latest Security News - CNET News
5. Looks like it's time to update your SAP installations.
   Critical SAP flaw leaves systems vulnerable to attack
6. I meant to point out this post of Didier's yesterday. Very neat walk-through of the maturation of an exploit.
   Shoulder Surfing a Malicious PDF Author << Didier Stevens

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hello everybody.  Sorry today's bits is a little late.

Here are today's Interesting Information Security Bits from around the web.

1. VRT: Advanced Windows Buffer Overflow 5
   A new Windows Buffer Overflow exercise is ready. Time to learn something new.
2. 'Memoryze' utility pinpoints malware code in live memory | Zero Day | ZDNet.com
   A new tool from Mandiant. Very cool. It will find malware in memory that does not exist anywhere on disk.
3. Rational Survivability: I Can Haz TCG IF-MAP Support In Your Security Product, Please...
   Mr. Hoff has a post about a technology, IF-MAP, and extension to the Trusted Network Connect architecture that will be very useful. See his post fo details.

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. The Two Kinds Of Security Threats, And How They Affect Your Life | securosis.com
   Rich has an article posted about two kinds of security threats. You should go read it. We should really be thinking very hard about what he says as we analyze and manage our information security programs.
2. /dev/random >> Blog Archive >> iPhone - Linux VPN
   Xavier has given a very nice article on setting up an iPhone with a VPN connection to a Linux machine. Very nice indeed.
3. McGoodies from operat0r - Room362.com
   Mubix points us to a source, http://mccurdy.com, that has a few very handy tools that have been made to work as portable apps, w3af, Metasploit and WebScaram.
4. Security expert talks Russian gangs, botnets | Defense in Depth - computer security, hacking, crime, viruses - CNET News
   A very interesting and complete article about the life of a botnet.

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }