September 2009

Interesting Information Security Bits for 09/17/2009

by kriggins on September 17, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has released a couple of nifty tools for developers to help them ensure their code is more secure. Bonus: They are FREE!
    Jeff Jones Security Blog : SDL Team Adds Test Tools to the SDL Tools Arsenel
    Tags: ( sdl )
  2. Here is a method to help you generate easily recreatable (for you) complex passwords. I have used similar methods before.
    Magic Formula for Passwords : The Security Catalyst
    Tags: ( passwords )
  3. A closer step to using frequency analysis to detect encrypted traffic on your network. Neat stuff.
    Detecting encrypted traffic with net-entropy, part one << wirewatcher
    Tags: ( monitoring encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Barcamp – Des Moines, IA – 2009

by kriggins on September 17, 2009

in Conferences, Educational

barcampdesmoines_large

I have never attended a Barcamp conference, but have heard good things about them. There was one last year in Des Moines and it is happening again this year.

Date: Saturday, September 26, 2009
Time: 8 am - 10 pm
Cost: FREE (food too!)
Location: Impromtu Studio, 300 SW 5th Street, Des Moines, IA 50309

Go to the website for more information. You can register from the site or go here.

-Kevin

{ 0 comments }

Interesting Information Security Bits for 09/16/2009

by kriggins on September 16, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Two new and nifty things are coming, a social engineering framework and a new training module from Offensive Security on Metasploit. Yum!
    Social Engineering Framework and Metasploit Unleashed | SecuraBit
    Tags: ( training social-engineering metasploit )
  2. Looks like the gubment is looking at OpenID.
    Technology Security: US Government moves towards OpenID
    Tags: ( openid governement )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/15/2009

by kriggins on September 15, 2009

in Interesting Bits

Good afternoon everybody! Sorry for missing both Friday's and yesterdays bits posts. My Friday was spent working with Habitat for Humanity on a new home for a deserving family. It was a great experience and I heartily recommend it as time well spent. Yesterday was just too busy :)

Anyway, here are today's, and a few from this weekend, Interesting Information Security Bits from around the web.

  1. A new version of OffVis is available along with a training video.
    Security Research & Defense : OffVis updated, Office file format training video created
    Tags: ( tools microsoft office )
  2. Here is an interesting adaption of "The Joel Test."
    Matasano Security LLC - Chargen - The Joel Test: 12 Steps To Better IT Management
    Tags: ( general )
  3. A great article from Russel. This one contains some tips for building an Information Security Risk Scorecard.
    12 Tips for Designing an InfoSec Risk Scorecard (its harder than it looks) << The New School of Information Security
    Tags: ( scorecard risk )
  4. This is a very interesting article about backups and virtualization strategies. A very import part of your strategy needs to be, How are you going to deal with backups?
    The Side Effects of Backup on Server Virtualization - Backup & Beyond
    Tags: ( virtualization backup )
  5. The latest version of the SANS Top Cyber Security Risks report is out.
    SANS: The Top Cyber Security Risks
    Tags: ( risks )
  6. Here is a nice article with some questions to ask when considering the implementation of an identity management solutions. (Hat Tip: http://securityblog.typepad.com)
    12 questions to ask before implementing an identity management system -- Government Computer News
    Tags: ( identity-management )
  7. The Security Twits bus is off on another adventure as it gathers up a bunch to twits and heads to SecTor. Let Jack know if you want to be picked up :)
    Uncommon Sense Security: Security Twits Road Trip III, the SecTorBus
    Tags: ( conferences security-twits )
  8. Rsnake has a whole pile of HTTP headers for you to play with should you want to. I bet some interesting things can be found out.
    Half a Million HTTP Headers ha.ckers.org web application security lab
    Tags: ( data )
  9. An entirely virtual security conference is taking place on November 6th-8th. Very cool. What's even better is that all CFPs are being accepted.
    SecurityTubeCon - Democratizing Hacker Cons
    Tags: ( conference cfp securitytube )
  10. Want to setup some motion sensors to tweet activity? Ax0n shows us how.
    HiR Information Report: Gustav, the hackerspace twitter-bot
    Tags: ( hardware-hacking )
  11. SynJunkie took a short break from his CCNA studies (good posts in that series too) to give a post about using Fgdump, John the Ripper and Powershell together to do some nifty scripted password auditing.
    Syn: Password Auditing with Fgdump, John the Ripper & PowerShell
    Tags: ( passwords cracking )
  12. Russel has an interesting challenge for us. I know a few in academia that might enjoy this conversation.
    This Friday is "Take an Academic Friend to Work Day" << The New School of Information Security
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/10/2009

by kriggins on September 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Check out your ability to get off the hook in a phishing attack. :)
    Network Security Blog >> How's your phishing savvy?
    Tags: ( phishing )
  2. If by chance you didn't get your WordPress installation patched in time and ended up comprised, here are a couple references for cleaning up that situation. Granted, a scorched earth policy is probably best, but it may just not work for you.
    How to clean up a hacked WordPress installation - The HP Security Laboratory Blog -
    Tags: ( wordpress tips )
  3. Good stuff from James on establishing/writing/rewriting your information security policies.
    Policies don't have to be painful : The Security Catalyst
    Tags: ( policy )
  4. This is a must see. (Hat tip to @aneel)
    Nerd Venn Diagram [PIC]
    Tags: ( humor )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/09/2009

by kriggins on September 9, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A quick video demonstrating a banking trojan.
    Live Demo: Banking Trojans - PandaLabs
    Tags: ( trojan malware video )
  2. I think Lori is poking at a bear here. I can argue both sides of this issue. There is also a conversation going on over ycombinator too.. http://news.ycombinator.com/item?id=812865
    Log Files Do Not Improve Security
    Tags: ( logging )
  3. A very good analogy and question to ask yourself.
    Digital Soapbox - Preaching Security to the Digital Masses: Good vs. Good Enough
    Tags: ( general )
  4. There is link to a video demonstration the effects of a 16oz bottle of liquid exploding on an airplane.
    Schneier on Security: Demonstration of a Liquid Explosive
    Tags: ( general )
  5. It's a good idea to do a vanity search every once in a while. You never know what might turn up.
    SecuriTeam Blogs >> Robert Who?
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/07/2009

by kriggins on September 7, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There were a couple of incidents with ATMs at the recent Defcon conference. See Chris's post about a warning from ENISA with some guidance on what to look for to keep safe.
    Dr. InfoSec: ENISA Warns of Alarming Increase in ATM Crime
    Tags: ( atm )
  2. This is very cool. An open source virtual switch. (Hat tip: @aneel)
    Open vSwitch
    Tags: ( virtualization switch )
  3. There is some good information about DirectAccess in this article.
    Understand the pros and cons of Microsoft Windows 7 DirectAccess
    Tags: ( directaccess windows-7 )
  4. Looks like there are still some issues with firewire and access to memory. Check out this post for more information.
    Windows 7 Firewire Attacks << Ramblings of the anal security guy
    Tags: ( firewire windows-7 )
  5. Chris has posted a nice list of podcasts that you should check out if you looking for some new information security listening pleasure.
    Filling your ipod... << Ramblings of the anal security guy
    Tags: ( podcasts )
  6. The packet captures from Defcon 17 are now available via bittorrent.
    Diutinus Defense Techonologies Corp. / Home
    Tags: ( defcon ctf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/04/2009

by kriggins on September 4, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Old attacks find a new home. Side-channel attacks against the "Cloud"
    Researchers Find a New Way to Attack The Cloud | threatpost
    Tags: ( cloud )
  2. This seems like a very poor decision.
    Oracle Delays Security Patches For OpenWorld : Liquidmatrix Security Digest
    Tags: ( oracle )
  3. Like Agent J says in "Men in Black II", "No, what you remember is that you used to drive that old busted junk. See, I drive... the new hotness." Brick and mortar bank robbery is the old busted, electronic bank robbery is the new hotness.
    Security Fix - More Business Banking Victims Speak Out
    Tags: ( theft )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/03/2009

by kriggins on September 3, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You can download the raw anonymized survey results from the Project Quant survey.
    Raw Project Quant Survey Results
    Tags: ( patching )
  2. Want to hear about writing a security book? Andrew will be SANS Network Security 2009 talking about that very thing.
    Andrew Hay >> Blog Archive >> Presenting at SANS Network Security 2009 - "So You Want to Write a Security Book, Eh?"
    Tags: ( writing books )
  3. Some thoughts on compliance in a virtualized environment.
    Five Ways To Meet Compliance In A Virtualized Environment - DarkReading
    Tags: ( virtualization )
  4. A couple things to check and do after you upgrade to Snow Leopard.
    Snow Leopard downgrades security and misses opportunity to improve | Chester Wisniewski's Blog
    Tags: ( apple macosx )
  5. In case you didn't know, there is going to be a blogger meetup at RSA Europe in October. :)
    RSA Conference - Security Bloggers Meet up 2009 - London | Security Active Blog
    Tags: ( meetup )
  6. This post strikes a particular chord with me as I have been thinking about this quite a bit lately. Most of us are operating under some pretty crushing workloads, but it we don't take time to manage our people, those workloads will just even heavier.
    Security Ripcord >> Blog Archive >> Take Time To Manage
    Tags: ( management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

You Never Know Where a Fingerprint Might End Up

by kriggins on September 3, 2009

in Uncategorized

I was looking at my checking account on-line a few days ago and saw something that sparked this blog post.Fingerprint

My bank has a very handy service where they scan the checks we write (yes, checks are still used in some cases :) ) and you can view them online for a limited time. Very cool. Nothing wrong with that, right?

I didn't think so until recently.

We wrote a check to an individual recently and they cashed it at their bank. Somewhere along the line a fingerprint was put on the check, a very well done, clean, and clear fingerprint. I'm assuming that the fingerprint belongs to the individual who the check was written to, but I have not verified that.

First, why is the bank taking a finger print? Seems a bit extreme to me.

Second, why are they sticking it on a check that they know is going to be out of their control at some point?

This seems like a recipe for disaster to me. What do you think?

-Kevin

Reblog this post [with Zemanta]

{ 0 comments }

← Previous Entries

Next Entries →