Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- See if you agree with Christofer. I do and did even before I read all of this post.
Rational Survivability: Virtual Routing - The Anti-Matter of Network SECURITY...
Tags: ( virtualization networking routing )
- Isn't it rather pointless to be logging if you aren't looking at the logs?
Auditor: IRS doesn't check cyberaudit logs
Tags: ( irs log-monitoring )
- And for a hat trick, Opera also releases a patch for severe vulnerabilities. IE, Firefox and Opera have all three put out patches this week. Sheesh. It's enough to make a guy go back to lynx.
Opera releases update for 'extremely severe' vulns * The Register
Tags: ( vulnerability opera patches )
- It's fixed now, but American Express had a significant XSS bug in their site.
American Express web bug exposes card holders * The Register
Tags: ( vulnerability xss )
- Microsoft has updated their Anti-XSS code analysis tool.
Microsoft updates code analysis tool, SQL injection XSS library
Tags: ( tools analysis sql xss )
- You probably already know, but Microsoft is releasing an out of cycle patch today for the IE 0-day.
Microsoft issues emergency patch warning for IE * The Register
Tags: ( microsoft ie patch )
- Time to update your Mozilla apps.
10 Bugs Fixed in New Mozilla Apps - Security Watch
Tags: ( vulnerability firefox patches )
- A nice list of programs that allow you to view and extract information from various file types like html, swf, registry files, etc.
Windows Viewers & Information Extractors for Various File Types << SANS Computer Forensics, Investigation, and Response
Tags: ( windows viewers )
- A couple of visualization tools have been released by Utah State University under the GPL license.
New IP visualization tools released as open source by Utah State University | SecViz
Tags: ( visualization )
- A nice article about including security development lifecycle practices into agile development.
Agile SDL: Streamline Security Practices For Agile Development
Tags: ( programming sdl )
- Get those banners with nmap and a little script-fu.
Banner Grabbing with Nmap: Reloaded
Tags: ( nmap scripting )
- The next webcast in the Blackhat series is coming up on the 18th of December.
Black Hat Webcast Series: Database Forensics with David Litchfield
Tags: ( webcasts blackhat )
- Josh has written a paper about Vista and some things you can do with wireless penetration testing. I haven't had a chance to read through it yet, but I skimmed it. Looks interesting.
Vista WIreless Power Tools for the Penetration Tester
Tags: ( pentest vista wifi )
- Part 6. As usual, there are links to the previous parts of the series. Just so you know, these posts are going to be wrapped up into a whitepaper. So get involved in the discussion.
Building a Web Application Security Program: Part 6, Secure Deployment | securosis.com
Tags: ( webappsec program )
- A nice review of the Offensive Security 101 course.
Offensive Security 101 Review | Infosec Events
Tags: ( training review )
- Hot off the press, it's version 3 of the OWASP Security Testing Guide. Go get some.
Writing Secure Software: OWASP Security Testing Guide Vs 3 Officially Released!
Tags: ( pentest webappsec owasp guides )
- Craig is offering to answer your questions about the IT Security Profession from a mentoring perspective. My suggestion, bury him
Seriously, this is a great opportunity for those who have questions about entering or advancing in our profession.
Announcing the Infosec 10 Minute Mentor | Security Wannabe
Tags: ( career )
- Some good guidance in here.
10 golden rules of using public WIFI | Roer.Com Information Security Blog
Tags: ( wireless tips )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
by kriggins on December 16, 2008
in Awareness
According to a survey performed in 2006 by Cox Communications and the National Center for Missing and Exploited Children (NCMEC), 61% of children between the age of 13 and 17 have a personal profile on sites such as MySpace, Friendster, or Xanga. Half of them have posted pictures of themselves online.
That was 2006 folks. I’m willing to bet the numbers are even higher. From the same survey, our kids have experienced the following:
- 71% reported receiving messages online from someone they don’t know.
- 45% have been asked for personal information by someone they don’t know.
- 30% have considered meeting someone that they’ve only talked to online
- 14% have actually met a person face-to-face they they’ve only spoken to over the Internet (9% of 13-15s; 22% of 16-17s).
Not scary enough? How about these statistics from the Online Victimization of Youth: Five Years Later (2006):
- More than one-third of youth Internet users (34%) saw sexual material online they did not want to see
- Online harassment also increased to 9% of youth Internet users
- Approximately 1 in 7 (13%) received unwanted sexual solicitations
So what can we do about this other than to ban our children from using the internet? Educate them. Enter the NetSmartz program.
From the website:
The NetSmartz Workshop is an interactive, educational safety resource from the National Center for Missing & Exploited Children® (NCMEC) and Boys & Girls Clubs of America (BGCA) for children aged 5 to 17, parents, guardians, educators, and law enforcement that uses age-appropriate, 3-D activities to teach children how to stay safer on the Internet.
I learned about this program last week at the Infragard Cyber Sector meeting. It is a really neat program. They have developed several sets of materials that can be downloaded and used free of charge. The download page is here. In addition to the downloadable materials, there are many resources available on their website that provide even more information and tools.
I was not aware of this great resource until last week. Please help spread the word about it. Our children need to know how to protect themselves online and this seems like just about the best way to go about it I have seen yet. There is going to be a train-the-trainer type session at next month’s Cyber Sector meeting. I will bring this up again after I have attended that meeting.
Kevin
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=d0a65755-28fe-4b42-a348-9c27ede08bc7)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=c99d2989-aa5c-45e9-9e76-00e40d820983)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=36c77ae7-0dff-46ac-9973-9869c2244854)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=8075da3e-6d5a-4e8d-b46c-665c2b029ade)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=7ccfa5d2-8421-4cb1-ba86-664069c61c92)