May 2009

Interesting Information Security Bits for 05/28/2009

by kriggins on May 28, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very interesting blog post. The obvious is not always where you should be looking.
    Developing Security: The Curious Case of the Careless Civic
    Tags: ( incident-response )
  2. CIS has a free benchmark for the iPhone available. If you are familiar with their efforts in the world of Windows and others, you will know that they put out quality stuff.
    CIS issues free benchmark on iPhone security
    Tags: ( cis benchmark iphone )
  3. Russ points out that Applicure has a free tool, WebTuff, available that will test you systems for the IIS 5-6 WebDAV vulnerability.
    HolisticInfoSec.org: WebTuff checks for WebDAV vulnerability
    Tags: ( tools webdav )
  4. Defcon has a new area that archives tools talked about at the conference. Thanks to Rob Fuller for helping out.
    DEFCON(r) Hacking Conference - Archive of Hacking Tools Released at DEFCON
    Tags: ( defcon tools )
  5. Chris has posted some tips and guidance on things to consider when issuing an RFP for your QSA vendor. First read it for just that. Then replace QSA with penetration test, consulting gig, etc. These are great tips for all RFP processes.
    QSA Vendor Selection - Points of Consideration << Risktical Ramblings
    Tags: ( rfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 05/27/2009

by kriggins on May 27, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Mike Murray and Lee Kushner have a podcast series that each of us should be listening to.
    When Your Security Career Gets Hacked - Dark Dominion Blog - Dark Reading
    Tags: ( career )
  2. Both amusing and helpful.
    Job Interview: How To Nail An Interview (20 Tips)
    Tags: ( career interviewing )
  3. Go ahead write those passwords down. Just not all of it. I like this idea as long as we are careful in picking the "pin" part, i.e. don't use your birthday :)
    Put Your Passwords on a Post-it - F-Secure Weblog : News from the Lab
    Tags: ( passwords )
  4. The annual FBI cryptography challenge is up. Go crack em' up.
    FBI Annouces Annual Can-You-Crack-the-Code Challenge
    Tags: ( cryptography challenge )
  5. Christofer is talking about something he touched on at RSA and before, who manages the network in the virtually cloudy world, the server admins or the network admins or both?
    Rational Survivability >> Quick Bit: Virtual & Cloud Networking - Where It ISN'T Going...
    Tags: ( virtualization networking )
  6. Another PDF parsing vulnerability in BES. I believe a patch is now available.
    How to control a Blackberry Enterprise Server with just a PDF | Graham Cluley's blog
    Tags: ( pdf rim blackberry vulnerability )
  7. McAfee did a study to determine what the riskiest search terms are. This report is the result of that study. Note: Link goes to PDF (via: eWeek)
    The Web's Most Dangerous Search Terms
    Tags: ( malware search )
  8. This is a nice article on using ITIL to improve and strengthen your information security program.
    How ITIL Can Improve Information Security
    Tags: ( itil )
  9. An interesting exploration of a insider attack on California Water Service Company that occurred recently.
    Ascension Blog >> He did WHAT?!?!
    Tags: ( breach )
  10. L0phtcrack is back and raring to go.
    L0phtcrack 6 Site Is Live : Liquidmatrix Security Digest
    Tags: ( passwords tools l0phtcrack )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Backtrack 4 USB How-to Updated for Nessus 4.0.1

by kriggins on May 26, 2009

in Uncategorized

Just a quick note to let you know that the Backtrack 4 USB How-to with Persistent Changes and Nessus has been updated for Nessus 4.0.1.

That is all.

-Kevin

{ 0 comments }

Interesting Information Security Bits for 05/26/2009

by kriggins on May 26, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Nessus 4.0.1 has been released. I will be updating the Backtrack how-to sometime this week to reflect this.
    Tenable Network Security: Nessus 4.0.1 Released
    Tags: ( nessus )
  2. Service Pack 2 for Vista Server 2008 is ready for you to start testing. You do test before deploying, right?
    SP2 For Vista, Windows Server 2008 Available For Download - Security Watch
    Tags: ( vista patches )
  3. Just the thing for that UNIX geek that is so difficult to buy for. Of course, he's going to have to have a pretty good sized cube to hang it in. (via The Register)
    Eric Levenezs' Gorgeous Unix Diagram
    Tags: ( general )
  4. Here is what looks to be a very nice paper on the Kraken bot. I have ready the beginning and look forward to finishing it.
    SecSci Social Scene: Dissecting the Kraken
    Tags: ( botnet kraken analysis )
  5. Paul has posted some slides on using Nessus during a web application assessment.
    Tenable Network Security: Presentation "Using Nessus In Web Application Assessments"
    Tags: ( webappsec nessus )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 05/22/2009

by kriggins on May 22, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some interesting documents have been published recently. This article points out a couple of them. Both have been added to my reading pile.
    Techworld.com - Risk assessment guides launched
    Tags: ( risk-management metrics )
  2. Jack offers some alternatives to saying "No." Very good ideas and we (not the royal we) should use them.
    Uncommon Sense Security: Don't say "No"
    Tags: ( communication )
  3. Want to know more about Johnny Long. Here you go.
    Sunbelt Blog: Johnny Long's story
    Tags: ( hackersforcharity )
  4. Chris works through an interesting exercise in quantifying loss. He then offers some thoughts on communicating loss. I need to read it again, but it strikes me as very useful. For those FAIR fans out there, it is very applicable to using FAIR.
    The Risk Is Right. << Risktical Ramblings
    Tags: ( risk-management )
  5. Lori has once again nailed it.
    The IT Security Flowchart
    Tags: ( general )
  6. This breaks things down very succinctly. As Rich says, that doesn't mean it's easy.
    Securosis Blog | The Pragmatic Data (Information-Centric) Security Cycle
    Tags: ( security-lifecycle )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 05/20/2009

by kriggins on May 20, 2009

in Interesting Bits

First of all, this is my 300th post to the blog. WooHoo! I am simply amazed by that number and by the fact that I still enjoy doing this so much.

Anyway, good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You can now control, to a certain extent, what and when some Google apps, including Chrome, will be updated via group policy objects.
    Google Changes Chrome Update Features - Security Watch
    Tags: ( google chrome updates )
  2. Got some extra equipment laying around? Johnny is looking for donations for the work they will be doing in Uganda.
    The equipment donation list | IHS
    Tags: ( general )
  3. Rich offers some thoughts on things to think about when securing medical records.
    Securosis Blog | Security Requirements for Electronic Medical Records
    Tags: ( medical )
  4. Matt has pulled together a bunch of links and posts with tips to getting into information security and what to do once you get there.
    A lot of Information Security Career Advice | MattJay Security
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Interesting Information Security Bits for 05/19/2009

by kriggins on May 19, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go look.
    Klingon Anti-Virus
    Tags: ( humor )
  2. Here's an interesting one-stop-shop for NIST documents related to their Risk Management Framework. It includes FIPS docs, NIST publications, FAQs, and other docs in a neat lifecycle like representation.
    NIST.gov - Computer Security Division - Computer Security Resource Center
    Tags: ( risk-management )
  3. Time to patch ssh. Don't want anybody seeing your secret bits :)
    OpenSSH chink bares encrypted data packets * The Register
    Tags: ( openssh vulnerability patches )
  4. Check out Andrew's answer to the question he poses. I agree with him.
    Andrew Hay >> Blog Archive >> Should the Helpdesk be a Mandatory Start for an IT Career?
    Tags: ( general )
  5. Things people say when faced with a web app vulnerability. I've heard most if not all of these at one time or another.
    But That's Impossible!
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 05/18/2009

by kriggins on May 18, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Shrdlu points out that knowledge bias is a problem we need to be aware. I'll leave it to Shrdlu to explain what knowledge bias (my term) is :)
    "Security is dead" must DIE.
    Tags: ( bias )
  2. Jack offers some good advice on cutting through the flack being fed to us when we are trying to get to the bottom of an issue.
    Uncommon Sense Security: It isn't magic
    Tags: ( pci general )
  3. If you haven't figured out the best and easiest ways to lose data, Nick is here to help you out. Check out his list of 21 ways to lose data.
    Some of the Best Ways to Lose Your System Data
    Tags: ( humor )
  4. Time to patch up your Oracle Linux installations.
    Weekend Patching: Oracle Linux Security Updates
    Tags: ( oracle linux vulnerability patches )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Starting that Information Security Career

by kriggins on May 18, 2009

in Uncategorized

Over the course of the last week or so, there has been a great thread on the PaulDotCom mailing list related to getting started in information security. Paul has posted a nice article that gathers some of the comments together.

The time spent reading the article and then the actual thread is well spent for both those seeking to enter the market and for those already in it. For those seeking to become information security professionals, it offers great advice and tips. For those who are already practicing security professionals, it provides you with a great set of answers for when you get asked the question "How do I get started in information security?"

The post is here.

By the way, the mailing list is a great resource in and of itself. You should check it out too!

-Kevin

{ 0 comments }

Interesting Information Security Bits for 05/14/2009

by kriggins on May 14, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Do you trust your web application firewall? If so, you might want to rethink that decision.
    Researchers Hack Web Application Firewalls - DarkReading
    Tags: ( waf )
  2. Alex has posted another good. It is very much worth reading and thinking about.
    Richard Bejtlich's Quantum State << The New School of Information Security
    Tags: ( risk-management risk-analysis )
  3. A nifty article on how to use hackvertor to de-obfuscate javascript.
    The Spanner - Hackvertor obfuscated code tutorial
    Tags: ( malware javascript )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries