June 2009

Interesting Information Security Bits for 06/15/2009

by kriggins on June 15, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read it. Seriously. But make sure you aren't drinking anything when you do. :)
    If Twitter were all we had for security ...
    Tags: ( humor )
  2. Looks like something very nifty is coming soon to a phishing station near you.
    Coming soon to a pentest near you... | carnal0wnage.attackresearch.com
    Tags: ( tools )
  3. You might want to go ahead and changed your default passwords. It could get pretty expensive if you don't.
    Security Fix - Default Passwords Led to $55 Million in Bogus Phone Charges
    Tags: ( passwords )
  4. A great collection of sources for reverse engineering and malware analysis information from Rob.
    Getting your fill of Reverse Engineering and Malware Analysis | Room362.com
    Tags: ( reverse-engineering malware-analysis )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/12/2009

by kriggins on June 12, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Phrack #66 is out.
    .:: Phrack Magazine ::.
    Tags: ( phrack hacking )
  2. The original Dshield project is very useful. This has all the earmarks of another great project. Help them out.
    Dshield Web Honeypot going beta
    Tags: ( honeypot )
  3. More database encryption goodies.
    Securosis Blog | Application vs. Database Encryption
    Tags: ( database encryption )
  4. Here is the answer to the packet challenge posted a few days ago.
    Answer to Caesar's Challenge << I Smell Packets
    Tags: ( challenge answer )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/11/2009

by kriggins on June 11, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I find this a little alarming. Particularly with the number of recent Facebook worms that have cropped up.
    Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr | Danger Room | Wired.com
    Tags: ( social-media army )
  2. More on database encryption. Good stuff.
    Securosis Blog | Database Encryption, Part 2: Selection Process Overview
    Tags: ( database encryption )
  3. Good stuff, but remember making the boss look stupid is a career limiting move ;)
    A chat with the boss | The Infosec Cynic
    Tags: ( general )
  4. Here is an output of Project Quant. The first phase of the patch management cycle. Rich is looking for feedback.
    Details: Monitor for Advisories
    Tags: ( patch-management )
  5. Like a pet rock, a pet risk doesn't really help you much. Check out Ron's suggestions below.
    Pet Risks - A New View of Risk Management : The Security Catalyst
    Tags: ( risk-management )
  6. Chris was looking for some incident response templates and hit the motherlode of suggestions. He put them all together in a blog post. A very good reference page.
    Dr. InfoSec: Incident Response Templates, Cheat Sheets, and more
    Tags: ( incident-response )
  7. A couple days ago I pointed to the crossword puzzle challenge/contest being put on by Sophos. Well, it's all done and there is a winner. The link below contains the answer sheet if you are interested.
    Solution to computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Interesting Information Security Bits for 06/10/2009

by kriggins on June 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft is looking for some input from us on what we would like to see in the next iteration of the fine Sysinternals Tools. Help make these tools even better.
    SysInternals Survey
    Tags: ( tools sysinternals )
  2. Not specifically information security related, but very good information for those of us with hiring responsibilities.
    Uncommon Sense Security: How to not hire someone
    Tags: ( hiring )
  3. The latest Hak5 is out. Yummy things like packet injection, WPA attacks and virtualization are the topics.
    Hak5 - Technolust since 2005 >> Episode 517 - Packet Injection, WPA Attacks, Virtualization
    Tags: ( video )
  4. Oh boy. This looks very interesting. Time to play in the lab.
    Http over SMTP Proxy << SecTech
    Tags: ( tools pentest )
  5. You see me point at a lot of stuff that Christofer writes. Why? Because he often has things to say that should be heard/read. Therefore, when he says go look at something, I do. You should too! This presentation is awesome.
    Rational Survivability >> Mark Masterson's Brilliant Cloud Security Presentation
    Tags: ( cloud )
  6. Rob has written a nice walk-through on using the PassiveX feature of Metasploit. Obviously, only to be used for good, not evil.
    PassiveX fun with Metasploit | Room362.com
    Tags: ( metasploit pentest tutorial )
  7. Here is an interesting post, even if you are not super versed in Bayesian analysis.
    Voltage Superconductor : A Bayesian approach to understanding tokenization
    Tags: ( bayes )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

My Secure360 2009 Talk about FAIR

by kriggins on June 9, 2009

in Conferences, fair, Risk Management

This is the presentation I gave at Secure360 2009 titled "Measuring and Communicating Risk using Factor Analysis of Information Risk (FAIR)."

As always, I am interested in your feedback.

-Kevin

{ 4 comments }

Interesting Information Security Bits for 06/09/2009

by kriggins on June 9, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good stuff for you to read by Rsnake.
    RFC1918 Blues ha.ckers.org web application security lab
    Tags: ( networking security )
  2. Want some Sophos swag? All you have to do is successfully complete this crossword puzzle, then be picked out of a hat.
    Computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge puzzle )
  3. Over the last couple of days there has been a lot of news and blog traffic about an alleged 0wning of T-Mobile. I was reluctant to mention anything about it until it was more certain that it was true. Looks like it is.
    T-Mobile data on Full Disclosure is real | threatpost
    Tags: ( t-mobile breach )
  4. My dad was a doctor. This post reminds me of things he used to say. Read along as Rich re-interprets emergency medicine tenets as information security ones :)
    Securosis Blog | The Laws of Emergency Medicine--Security Style
    Tags: ( general )
  5. A nice post about using VMWare and NFS together. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual NFS customers using VMware
    Tags: ( nfs vmware )
  6. This is a very good article about using VMWare and iSCSI together. It was published in January of this year. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual iSCSI customers using VMware
    Tags: ( vmware iscsi )
  7. I have skimmed the first part of the paper referenced here. It looks very interesting.
    New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks
    Tags: ( paper privacy )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/08/2009

by kriggins on June 8, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. It will be worth keeping an eye on what happens in the future as the council goes forward.
    Hacker named to Homeland Security Advisory Council | Security - CNET News
    Tags: ( government )
  2. Looks like the spammers are up to a new trick that appears to be working at the moment.
    RTF File Spam Makes Its Way Through Filters - Security Watch
    Tags: ( spam )
  3. Nifty. Another tool to freely scan files for malware.
    Paretologic Released a New Free Online Malware Scan
    Tags: ( malware scanning )
  4. Here is an interesting way to keep some or all robots from crawling your website.
    Security - The Global Perspective: How to block robots.. before they hit robots.txt - ala: mod_security
    Tags: ( robots )
  5. Do you want to know more about DEP (Data Execution Prevention)? Check this out.
    Security Research & Defense : Understanding DEP as a mitigation technology part 1
    Tags: ( dep )
  6. A new packet challenge is up on Caesar's site.
    Caesar's Challenge << I Smell Packets
    Tags: ( challenge networking. )
  7. The Black Hat 2009 schedule is available now.
    Black Hat USA 2009 Schedule
    Tags: ( blackhat 2009 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/05/2009

by kriggins on June 5, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Ouch. Kinda glad I use wired keyboards and mice at this point :)
    Greg Martin's blog - InfoSecurity 2.0: Wireless Keyboard Sniffing
    Tags: ( wireless keyboard sniffing )
  2. EFF has a new tool that tracks the changes to the Terms of Service of some of the larger organization on the web like Facebook, Goggle, etc. Pretty cool.
    EFF Posts 'Terms of Service' Tracker | Threat Level | Wired.com
    Tags: ( eff )
  3. A nice article with some interesting ideas about putting things in your app that when accessed indicate you are under attack. I can think of a name for that, but it has a very unfortunate acronym, so will refrain from writing it here.
    AppSec Street Fighter - SANS Institute >> My Top 6 Honeytokens
    Tags: ( webappsec )
  4. Lori has a really good analogy for us. Take a few minutes to check it out.
    The Gluten-free Application Network
    Tags: ( webappsec )
  5. Your host isn't safe if you are using VMWare Workstation and haven't patched things like you ought to.
    Hacking Tool Lets A VM Break Out And Attack Its Host - DarkReading
    Tags: ( vmware exploit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/04/2009

by kriggins on June 4, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Oops. Didn't mean for that super secret list of civilian nuclear sites to be posted.
    Government Accidently Posts Sensitive Nuclear Documents Online -- Government IT Security
    Tags: ( data-leakage )
  2. If you are using Rails 2.3 and performing digest authentication, you need to read this and implement the fix provided.
    Nate's Tumble Log, Security hole found in Rails 2.3's http_authentication.rb
    Tags: ( rails ruby )
  3. Xavier has a nice tutorial on integrating Didier Stevens handy PDFiD tool with Nautilus on a Linux system.
    /dev/random >> Blog Archive >> PDFiD Integration with Nautilus
    Tags: ( pdf pdfid )
  4. If you see visits to these sites in your proxy logs, you have some work to do. Also, if you don't have a proxy or don't look at the logs, you have even more work to do :)
    Google Online Security Blog: Top 10 Malware Sites
    Tags: ( malware )
  5. Rich and Adrian are looking for some help with Project Quant. They have a survey up about patch management they would really like for you to participate in.
    TAKE PART IN PROJECT QUANT (please)! << The New School of Information Security
    Tags: ( patching )
  6. If you are in the Atlanta area, the June meeting of NAISG is happening on the 10th. Stop on by.
    June Atlanta NAISG Meeting >> Andy ITGuy
    Tags: ( naisg )
  7. A new release of BASE is available.
    New version (v 1.4.3.1) of BASE available
    Tags: ( ids base snort )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/03/2009

by kriggins on June 3, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Nick provides some good guidance in preparing for a third-party application assessment. (Via Branden Williams' Security Convergence Blog)
    Nick Coblentz: Preparing For a Third Party Application Assessment
    Tags: ( webappsec assessment )
  2. Stop what you are doing and go read this. Yes all of it. Then send it to your programmers.
    Matasano Chargen >> Blog Archive >> Typing The Letters A-E-S Into Your Code? You're Doing It Wrong!
    Tags: ( cryptography )
  3. An interesting article on Wired about Tobias Bluzmanis. Bonus: Video of Medico high security locks being picked and bumped. (Via Infosec.us)
    The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit
    Tags: ( lockpicking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries

Next Entries →