Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- Raf interviews Andre Gironda.
Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
Tags: ( interview ) - Here is the solution and winners of the third PandaLabs challenge.
3rd Panda Challenge solution & winners - PandaLabs
Tags: ( challenge ) - Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
Tags: ( webappsec ) - Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
Project Quant Version 1.0 Report and Survey Results
Tags: ( patching ) - Part 3 of Ax0n's recipe for evilness.
HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
Tags: ( wireless hacking ) - Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
Tags: ( registry malware ) - Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
Looking beyond the surface ... << The Security Kitchen
Tags: ( data-leakage ) - Martin points out some basic truths you should be aware of.
Incident Response Leadership: Basic Truths : The Security Catalyst
Tags: ( incident-response ) - You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
Uncommon Sense Security: A good primer on Social Networking and Security Risks
Tags: ( social-networks ) - Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
Tags: ( data-leakage )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
{ 1 comment… read it below or add one }
I have found that finding good patch management software is becoming more and more difficult as machines are less accessible to the management console. Personally, I would recommend using patch management software from Kaseya. Because of the agent based framework, I have connectivity to every machine that is connected to the Internet, independent of location.