July 2009

Interesting Information Security Bits for 07/15/2009

by kriggins on July 15, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. eBay/Paypal is being particularly bothersome. See why in this post.
    EBay / Paypal Reports Security Blog To FBI For Phish Screenshot - SpywareGuide Greynets Blog
    Tags: ( phishing )
  2. This has nothing to do with information security. I have read several books about Dr. Feynan and his biography. He was a fascinating man and scientist. These classic videos will be fun to watch. Note: You have to have Silverlight 3.0 installed to watch them. Sorry.
    The Messenger Series - Microsoft Research - Richard Feynman
    Tags: ( general )
  3. Richard has followed up his "$1 millon dollar/yer Black Hat Team" post with one for the whitehats. It is not near as easy for the whilehats.
    TaoSecurity: White Hat Budgeting
    Tags: ( general )
  4. Get'em while they're hot. Rainbow tables for WPA.
    SecuriTeam Blogs >> Offensive-Security WPA Rainbow Tables
    Tags: ( rainbow-tables wpa )
  5. Adriane brings up something that we should keep in mind when we are pitching a product to our customers or business units. It is very important. They don't really care about the "How cool is that?" argument.
    Securosis Blog | Technology vs. Practicality
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

There is no Firefox 3.5 DNS Leakage

by kriggins on July 14, 2009

in Announcement, Interesting Bits

In the Interesting Bits post for today I pointed to an article that spoke about a flaw in Firefox 3.5 that supposedly resulted in DNS queries not being proxied correctly when using a SOCKS proxy.

Eric "SecRunner" posted a comment that this was not the case. He indicated that it was a proxy management add-on that is the culprit.

He is absolutely correct in his assertion that Firefox 3.5 does not leak DNS queries when a SOCKS proxy is configured. I tested it myself in my lab and saw no leakage.

I have not personally confirmed the proxy management add-on issue at this time so will refrain from commenting on that.

I apologize for feeding you erroneous information.

-Kevin

{ 0 comments }

Interesting Information Security Bits for 07/14/2009

by kriggins on July 14, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The videos from Source Boston 2009 are available. Good stuff.
    Source Boston 2009 Videos
    Tags: ( source )
  2. A very nice example of data leakage.
    Firefox 3.5 DNS LEAKS like a waterfall | The Edge of I-Hacked
    Tags: ( firefox dns )
  3. Panda's second challenge is up.
    Panda Challenge: Medium Level - PandaLabs
    Tags: ( challenge )
  4. Keydet89 answers the questions "What is the worst thing an incident response team internally will do?"
    Windows Incident Response: SANS Summit Question
    Tags: ( incident-response )
  5. Not security related, but it's bugged me for a while. I love Firefox, but the molasses slow start time is a real joy killer. Finally an explanation why. Hopefully a fix will come out soon.
    Slow Firefox 3.5 start up time - News - The H Security: News and features
    Tags: ( firefox )
  6. I strongly suggest you read this post before you test out the OpenOwn.c code that is running about. In other words, you will hurt yourself if you don't.
    Secdev - Thierry Zoller: 0pen0wn.c - Shellcode "dissasembled"
    Tags: ( hacker dont-do-that )
  7. As @id084895 says, "wow, just discovered Robtex.com !!! Your src for whois, bgp, AS, RBL checks and lost more: simple & fast => i like ;-) "
    robtex
    Tags: ( tools on-line )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Interesting Information Security Bits for 07/13/2009

by kriggins on July 13, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Infocon to yellow for 24 hours.
    * Infocon raised to yellow for Excel Web Components ActiveX vulnerability
    Tags: ( infocon )
  2. I knew it was not going to end well when I first heard that ATMs were going to be armed with pepper spray.
    Pepper Spray-Armed ATM Misfires, Shoots Workers | Threat Level | Wired.com
    Tags: ( general )
  3. Didier gives us a nifty little tip on hiding the fact that our laptop is encrypted.
    Quickpost: TrueCrypt's Boot Loader Screen Options << Didier Stevens
    Tags: ( encryption truecrypt )
  4. The solution and winners for the first Panda Labs challenge are up.
    1st Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge answer )
  5. This is cool. One of the teams that participated in the Defcon 17 CTF qualifiers made a comic of how they answered one of the challenges. (Hat tip: @mubix)
    http://hackerschool.org/DefconCTF/17/B300.html
    Tags: ( ctf defcon )
  6. Rafal talks about a comment spam toolkit. The comments are very interesting too.
    Digital Soapbox - Preaching Security to the Digital Masses: Devastated by a Link-Spam Tool?
    Tags: ( spam )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 07/10/2009

by kriggins on July 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. While not information security specific, each of these can be applied.
    20 Business Lessons Learned from Monty Python | Small Business | Focus.com
    Tags: ( general )
  2. This is an interesting article on what your credit card company knows about you, both specifically and generally.
    What Does Your Credit-Card Company Know About You? - NYTimes.com
    Tags: ( privacy )
  3. Some interesting stuff on privacy from Benny.
    Big Brother 2009: Has the rebellion started? | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( privacy )
  4. The Hoff is at it again. Funny stuff...unless you are a "Social Media Expert."
    Rational Survivability >> You Might Be A Social Media Expert If...
    Tags: ( humor )
  5. A nice list of reading material related to application security. Many have been mentioned here before.
    Jeremiah Grossman: The Best of Application Security 2009 (Mid-Year)
    Tags: ( appsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 07/09/2009

by kriggins on July 9, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dark Reading is hosting a free all-day virtual conference titled "Dealing with Insider Threats" next week.
    Dark Reading To Hold Virtual Conference On Insider Threats Next Week - security events/Security - DarkReading
    Tags: ( conference )
  2. You can download the cfp document and instructions for RSA USA 2010 already. The website will be live for submission soon. The deadline is August 15th since the conference is a month earlier next year.
    RSA Conference 365
    Tags: ( cfp rsa-usa-2010 )
  3. Mubix gave an impromptu talk about Metasploit last night and this happened. Just hilarious.
    YouTube - Anon's raid Mubix
    Tags: ( humor )
  4. Here's a place to read about information security FUD or offer your own stories about it.
    Welcome To fudsec.com - fudsec.com
    Tags: ( fud )
  5. Jeremiah offers some thoughts on why vulnerable code should still be fixed after a web application firewall has been installed. Good comments too.
    Jeremiah Grossman: Why vulnerable code should be fixed even after WAF mitigation
    Tags: ( waf )
  6. Looks like all the hoopla about OpenSSH yesterday was just that, hoopla.
    OpenSSH 0day FUD
    Tags: ( openssh )
  7. A nifty reference card for 802.11.
    Will Hack For SUSHI >> 802.11 Pocket Reference Guide
    Tags: ( 802.11 )
  8. Lee Kushner and Mike Murray will be on PaulDotCom tonight at 7:00PM EDT. Cool stuff. Post tells what they will be talking about.
    InfoSec Leaders on PaulDotCom Tonight | Information Security Leaders
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Interesting Information Security Bits for 07/08/2009

by kriggins on July 8, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You have probably already seen that Google announced they will be releasing the Google OS next year. Here is the official announcement. Personally, it seems like just another flavor of Linux to me. Hopefully I am proven wrong.
    Official Google Blog: Introducing the Google Chrome OS
    Tags: ( google )
  2. In these difficult times, with layoffs and job searches going on all the time, it helps to be ready for those wonderful interview questions. Here are 50 common ones with some guidance on coming up with an answer. Having answers prepared before you enter the interview room is a great thing to do. It has always helped me.
    50 COMMON INTERVIEW Q&A << Bhuvana Sundaramoorthy's Blog
    Tags: ( career )
  3. /str0ke announced yesterday that he would no longer be moderating MilW0rm. There was all sorts of panic on the interwebs. Luckily he tweeted today that he has found others to take up the reins. Yeah!
    milw0rm Shutting The Doors : Liquidmatrix Security Digest
    Tags: ( exploits )
  4. Dave has some good thoughts and some slides answering the question he himself posed to a panel he sat on at the SANS Forensics Summit. The question was "What should incident handlers be doing to help improve information security operations overall?"
    trustedsignal -- blog: SANS Forensics Summit
    Tags: ( incident-response )
  5. The contest to find security vulnerabilities in Google Native Client is over. See who the winner is in this article.
    Google announces winner of the Native Client Security Contest - News - The H Security: News and features
    Tags: ( google )
  6. Here is a nice description of a how Distributed Denial of Service attacks work. It even has pretty pictures for people like me :)
    Roger's Security Blog : Distributed Denial of Service - and how it works
    Tags: ( ddos )
  7. Raf has a good point. You need to understand the app you are testing. He offers some thoughts on a method of doing that.
    Digital Soapbox - Preaching Security to the Digital Masses: The Importance of Understanding Flow
    Tags: ( appsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 07/07/2009

by kriggins on July 7, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A Panda Labs challenge is up. This is the first of three this month.
    Panda Challenge - "All that glitters is not gold" - PandaLabs
    Tags: ( challenge )
  2. Someone asked Lee what he should be looking for when seeking a recruiter to help him find employment. Lee's response is golden. Check it out.
    Career Advice Tuesday - Selecting a Recruiter | Information Security Leaders
    Tags: ( career recruiter )
  3. Part 4 of Wesley's story about catching a hacker.
    GhostExodus, the ETA, and a Control System Incident at Carrell Clinic (Part 4) << McGrew Security Blog
    Tags: ( hacker )
  4. Hoff has some words on the cloud, security, and enterprises.
    Rational Survivability >> These Apocalyptic Assessments Of Cloud Security Readiness Are Irrelevant...
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 07/06/2009

by kriggins on July 6, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well. Things look a little different below because Delicious's API appears to be having issues at the moment.  Anyway, here are today's Interesting Information Security Bits from around the web.

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Backtrack 4 How-to Updated: Correct Default Boot Setting

by kriggins on July 1, 2009

in Announcement, Educational

I made an error in the how-to on configuring the system to automatically boot to persistent mode.

Instead of 'Default 5', it should be 'Default <label>' where label is the text following the 'label' line for the menu option you want to boot. In my case it looks like 'Default ubnentry5'.

I apologize for the confusion and the how-to has been updated.

-Kevin

{ 0 comments }

← Previous Entries

Next Entries →