March 2009

Interesting Information Security Bits for 03/23/2009

by kriggins on March 23, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good tips in this article about dealing with unkowns when performing a risk assessment.
    Assuming the breach: Mapping the Unknown Unknowns
    Tags: ( risk-management )
  2. Matt has a good article up that takes a quick look at what the power companies are doing.
    SMRT Grid : Liquidmatrix Security Digest
    Tags: ( power scada )
  3. Xavier talks about a nifty too called SEAT (Search Engine Assessment Tool.) Definitely worth taking a look at.
    /dev/random >> Blog Archive >> Introduction to SEAT
    Tags: ( tools seat )
  4. Chris posts part two of his rebuttal to Stuart King. Good stuff in there.
    Stuart King - Information Security Annoyances - Response 2 << Risktical Ramblings
    Tags: ( risk-modeling )
  5. Dave offers some suggestions on things we should be doing during these difficult times where layoff are becoming more and more prevalent.
    ShackF00 >> Security's Role in Downsizing
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Happy First Birthday Infosec Ramblings

by kriggins on March 22, 2009

in Announcement, General

On March 22nd, 2008, Infosec Ramblings was born. One year ago (as I write this), I clicked publish on my first blog post. It was titled Too Focused and was inspired by on Seth Godin's posts. Here it is if you are interested.

Since then I have published 245 posts including this one and two how-tos for Backtrack. I have really enjoyed the conversations that have occurred. I must admit that I was not sure how long I would keep this up, but find that I enjoy blogging more today than I did a year ago. I look forward to continuing to bring you daily Information Security Bits and other things that strike my, and hopefully, your fancy.

Thank you so much for reading and even more for responding! Soon we will be celebrating year two!

-Kevin

Photo courtesy of zappowbang.

Reblog this post [with Zemanta]

{ 3 comments }

Interesting Information Security Bits for 03/20/2009

by kriggins on March 20, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a description of day two of the pwn2own contest.
    TippingPoint | DVLabs | Pwn2Own Day 2
    Tags: ( pwn2own )
  2. An interesting look at an exploit generating toolkit.
    Finjan MCRC Blog 2009 - A strike for lucky - LuckySploit Toolkit Exposed
    Tags: ( exploits )
  3. Microsoft released IE8 yesterday. This article talks about some of the security features present.
    Internet Explorer 8 includes a bevy of security features
    Tags: ( ie8 )
  4. Lots of fun peaking at the inside of the Linksys router.
    Dissecting the WRT54G version 8
    Tags: ( hardware hacking )
  5. A nice rebuttal by Chris.
    Stuart King - Information Security Annoyances - Response 1 << Risktical Ramblings
    Tags: ( awareness )
  6. Ryan has a great interview of Charlie Miller, one of the winners of the pwn2own contest at CanSecWest.
    Questions for Pwn2Own hacker Charlie Miller | Zero Day | ZDNet.com
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/19/2009

by kriggins on March 19, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This looks like it will be a nifty tool.
    Microsoft to release exploitability tool
    Tags: ( microsoft code-review fuzzing )
  2. The patches for Adobe Acrobat and Reader version 7 and 8 are now available.
    Security Updates Available for Adobe Reader and Acrobat Versions 7 and 8 - Security Watch
    Tags: ( pdf vulnerability adobe patches )
  3. Whoops. First miss-configure things, then let people see it, then tell the folks that find it that they don't know what they are talking about. Trust me, these guys definitely know what they are talking about. Also made it to the Register.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: FOX News Fail on Twitter
    Tags: ( vulnerability )
  4. Not that there was much doubt that it would happen, but all three browsers have fallen in the CanSecWest conference hacking contest.
    A grim day for browser security at hacker contest * The Register
    Tags: ( hacking contest cansecwest )
  5. A nice article about privacy settings for LinkedIn.
    LinkedIn Privacy Settings: What You Need to Know - Network World
    Tags: ( privacy linkedin )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/18/2009

by kriggins on March 18, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just so you know.
    Vivek Kundra reinstated as federal CIO
    Tags: ( general )
  2. This reinforces the importance of physical access. If some has physical access to a device, you are going to be very hard pressed to prevent them from doing evil.
    Criminals sneak card-sniffing software on Diebold ATMs - Network World
    Tags: ( physical )
  3. Dave gives us a couple more tips of pulling binaries out of pcap file or from live network traffic, but more importantly does something that impresses me more. Addresses a miss-communication in a previous post.
    NetworkMiner follow up << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics network captures )
  4. A nice post cooked up in the Security Kitchen that provides us with two things. 1) A way to restrict browsing by location/machine and 2) a reminder that sometimes things are much simpler and easier than they appear. :)
    The Security Kitchen >> location-based browsing restrictions.
    Tags: ( controls tips )
  5. This has the potential to be very important. We will have to wait and see what come out tomorrow.
    Uh Oh, rootkit code to exploit major Intel chip flaw to be posted 3/19/09 | NetworkWorld.com Community
    Tags: ( vulnerability intel )
  6. Chris's slide deck from his talk at SOURCEBoston is available for download. Interesting stuff in there, even if you don't get the benefit of his patter to go along with the deck. :)
    Rational Survivability >> The Frogs Who Desired a King: A Virtualization & Cloud Computing Fable [Slides]
    Tags: ( cloud virtualization )
  7. Julie takes us to task for the the way we talk about our user populations and rightfully so. As she says, the way we talk in private can leak into our public discourse, often when we don't intend it to, leading to those whoops moments we all wish we could take back.
    Lazy. Apathetic. Careless. Stupid. : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Speaking at Secure360

by kriggins on March 16, 2009

in Announcement, Conferences, fair, Risk Management

I am really excited. I will be speaking at Secure360. The conference takes place on May 12th and 13th in St. Paul, Minnesota. I will be speaking in the afternoon on the 13th.

From the Secure360 website:

The Upper Midwest Security Alliance (UMSA) serves business, government, and education professionals in the Twin Cities and surrounding areas. The Secure360 conference is the primary mission of UMSA. The annual event is a unique opportunity to explore the latest threats and opportunities in enterprise risk management.

The title of my talk is "Measuring and Communicating Risk with Factor Analysis of Information Risk (FAIR)."

-Kevin

{ 0 comments }

Interesting Information Security Bits for 03/16/2009

by kriggins on March 16, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You may have already heard, but Heartland and RBS are having some PCI issues.
    Visa yanks creds for payment card processing pair * The Register
    Tags: ( pci )
  2. Good tips and suggestions here.
    Gaining and Maintaining Professional Momentum During Difficult Times : The Security Catalyst
    Tags: ( career )
  3. Nifty information on digging into what information Firefox keeps as you peruse the internet.
    Firefox 3.X Forensics: Using F3e << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics firefox )
  4. A nice source for lots of HIPAA information. (Via @privacyprof)
    FAQ: What is the impact of HIPAA on IT operations?
    Tags: ( hipaa )
  5. Yup. Part 3 of Synjunkie's "Abusing Citrix" series is up. Again, good stuff.
    Syn: Abusing Citrix - Part 3
    Tags: ( hacking citrix )
  6. Jeff has a great post about first solutions and thoughts. Good stuff.
    How to Catch a Balloon : The Security Catalyst
    Tags: ( general )
  7. Chris has a real good primer/reminder on performing an effective and complete application security risk assessment. Good stuff. I hope he gets permission to share more details.
    Application Security Risk Assessments << Risktical Ramblings
    Tags: ( risk assessment application )
  8. Bill has a slide show up from his trip to Boston for SOURCEBoston.
    CSO Online - Security and Risk - Slideshow - SOURCE Boston Security Conference - Slide 1
    Tags: ( source conferences )
  9. Wow. Just wow. (via @brianhonan)
    Drunken BOFH wreaks $1.2m in Oz damage * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/13/2009

by kriggins on March 13, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some will remember Tempest which was able to read what was on someones screen via radio frequency emissions. Well, now you can do something similar with keyboard strokes. It's a whole different kind of keystroke logger.
    Researchers sniff PC keyboard strokes from thin air
    Tags: ( surveillance data-leakage )
  2. A nice interview of Michael Santarcangelo, author of "Into the Breach." Michael is a great guy with some really good ideas and a passion for sharing and teaching. You should read the interview, then the book and then make sure to are watching http://securitycatalyst.com.
    5 Steps to Communicate Security's Value to Non-security People - CSO Online - Security and Risk
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/12/2009

by kriggins on March 12, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Via @alexhutton, this article is very interesting. Those who are interested in measuring and communicating risk should read it.
    2845 ways to spin the Risk | Understanding Uncertainty
    Tags: ( risk management )
  2. Rob (@mubix) posted a nifty how-to the other day and was taken to task for it. He responds publicly. His response and the comments are worthy of a read.
    The Ethics of Teaching Hacking | Room362.com
    Tags: ( ethics )
  3. Yup, time to make sure your patching is working on your Windows 7 Beta installs.
    Windows 7 beta gets its first security update - Ars Technica
    Tags: ( infsec microsoft patches windows-7 )
  4. This is quite cool. Requires authenticated scans, but does give the opportunity to see who is using USB drives on your systems.
    Tenable Network Security: USB Device History Auditing with Nessus
    Tags: ( nessus )
  5. Here's a script to help you lock down your IIS 6 installations. Careful though. It's brand new and has not been tested extensively.
    Script to lock down IIS paths - Nazim's IIS Security Blog : The Official Microsoft IIS Site
    Tags: ( iis scripts securing )
  6. Part 2 is up on not being nice to your Citrix installation :)
    Syn: Abusing Citrix - Part 2
    Tags: ( hacking citrix )
  7. In my opinion, yes, the BBC broke the law.
    Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog
    Tags: ( botnet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/11/2009

by kriggins on March 11, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. An update is available for Version 9 of Adobe Acrobat that take care of the recent 0-day. Versions 7 and 8 are still unpatched and will remain so until later this month.
    Acrobat and Reader 9.1 Update Available for Windows and Mac - Security Watch
    Tags: ( exploit vulnerability adobe patches )
  2. Wanna see what binaries are floating about on your network. This'll help you figure out just that thing.
    Pulling binaries from pcaps << SANS Computer Forensics, Investigation, and Response
    Tags: ( sniffer )
  3. This is pretty nifty. Side note: it is also another reason why it is very important to not allow port 53 outbound from your internal network except for your actual DNS servers. Think proxy bypass, data leakage, etc.
    OzymanDNS - Tunneling SSH over DNS | Room362.com
    Tags: ( dns tunneling )
  4. There is some important information you need to be aware of regarding Microsoft patch MS09-008. There are issues not addressed for exploited servers. Read on for details.
    Successful Exploit Renders Microsoft Patch Ineffective (VERT)
    Tags: ( microsoft patches )
  5. These are great resources from Lenny Zeltser. Cheatsheats available: Securty Incident Survey Cheat Sheet for Server Administrators, Initial Security Incident Questionnaire for Responders, Network DDOS Incident Response Cheat Sheet, Revers-Engineering Cheat Sheet, Information Security Assessment RFP Cheat Sheet, and How to Suck at Information Security :)
    Lenny Zeltser - IT Security Cheat Sheets
    Tags: ( cheatsheet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries

Next Entries →