November 2009

Interesting Information Security Bits for 11/30/2009

by kriggins on November 30, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Bruce points out a very interesting paper on scams and the psychology of why they work. Only part way through the paper, but it is very good.
    Schneier on Security: The Psychology of Being Scammed
    Tags: ( scams )
  2. Alex has a challenge for you. Go ahead and make those predictions, but they are going to keep track and see how well you do :)
    2010 Security Prognosticators - Put Your Money Where Your Mouth Is!!! << The New School of Information Security
    Tags: ( predictions )
  3. Mike is back. Check out the latest Incite and get ready to hear from him more often.
    The Daily Incite - 11/30/09 - Giving Thanks | Security Incite: Analysis on Information Security
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/29/2009

by kriggins on November 29, 2009

in Interesting Bits

To those in the U.S., welcome back to work unless, of course, you are reading this when it was posted :)

Here are some Interesting Information Security Bits from around the web.

  1. Sounds like Paul and I have the same pet peeve. If you are accepting credentials on a page, serve the whole page over SSL, not just the form submission part.
    Not just plain old http | Paul Ducklin's blog
    Tags: ( https integrity )
  2. Are you wondering what is a public network and what is not from a PCI perspective? If so, check out Branden's post.
    Branden Williams's Security Convergence Blog >> The Gobble-Gobble of Public Networks
    Tags: ( pci public )
  3. The call for papers for HITB 2010 Dubai is now open.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Hack In The Box (HITB) Security Conference 2010 Dubai
    Tags: ( conferences cfp hack-in-the-box )
  4. Some interesting data about usernames and passwords used during brute force attacks. It was collected by Microsoft.
    Microsoft Malware Protection Center : Do and don'ts for p@$$w0rd$
    Tags: ( passwords )
  5. The Notocon videos are available now.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Notacon 2009 video files are now online
    Tags: ( conferences notocon videos )
  6. Ever beat your head against the wall because you can't figure out why that stupid program keeps running every time you restart your computer? This fine list will help track down that pesky critter.
    Immutable Security >> Windows Startup Locations
    Tags: ( windows startup )
  7. This is very very cool. How about being able to ssh to your host on port 80, even when it has a fully functional Apache server running on the same port? Like I said, that is seriously cool.
    Creating Ghost Services with Single Packet Authorization
    Tags: ( access-control tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/24/2009

by kriggins on November 24, 2009

in Interesting Bits

It is Thanksgiving Day week in the U.S. and that means a couple of days off. I decided to tack on an extra day and won't be working tomorrow either. Yay! Five days off in a row.

Anywho, I will also be taking those days off from the Interesting Bits posts so this one will have to tide you over until Monday :)

Here are today's Interesting Information Security Bits from around the web.

  1. 10 things to think about not doing when on Facebook. This list will keep you safer.
    Errata Security: 10 Facebook Don'ts
    Tags: ( facebook )
  2. Is your iPhone infected with the Duh worm? Paul tells us how to clean it up.
    How to clean up the Duh iPhone worm | Paul Ducklin's blog
    Tags: ( iphone worm )
  3. Russel is looking for some collaborators on an research project he is working on. It looks to be very interesting. From his post: "The topic is the arms race between attackers and defenders from the perspective of innovation rates and "evolutionary success" - the Red Queen problem (running just to stand still). Here's a sample research question: "can bureaucracies (defenders) keep up with a decentralized black market (attackers)?", and similar." Read the rest of the post and drop him a line if you are interested.
    Information Security as an Evolutionary Arms Race - Research Collaborators Wanted << The New School of Information Security
    Tags: ( research )
  4. Shrdlu once again has penned an article that you should go read. Metrics are great, but they have to mean something.
    The meaning of metrics
    Tags: ( metrics risk )
  5. There is 0-day out there for IE 6 and IE 7. Microsoft's recommendation in some cases is to upgrade to IE 8. Um, oops.
    Major IE8 flaw makes 'safe' sites unsafe
    Tags: ( ie vulnerabilities )
  6. An interesting post that explores a conundrum that some organizations face when trying to comply with PCI. What happens when some of what I do requires me to be out of compliance with PCI-DSS?
    Branden Williams's Security Convergence Blog >> Multi-Function Service Providers, What To Do?
    Tags: ( pci )
  7. From the post: "We have uploaded the audio recording of select talks from the Ohio Information Security Summit that took place October 29-30, 2009 in Cleveland, Ohio." Looks like some good stuff is available. Check out the post for the details.
    Security Justice >> Blog Archive >> Select Talks from ISS2009 Now Available for Download
    Tags: ( audo conferences talks )
  8. A new tool is available that shows some interesting things about the internet.
    Room362.com - Blog - SHODAN The Computer Search
    Tags: ( tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/23/2009

by kriggins on November 23, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Check out this article for some hints and tips on stopping phishing.
    Stop Phishing: A simple guide - Michael M. Knight
    Tags: ( phishing )
  2. Chris offers some thoughts on working with external data sources in a narrowly scoped desire to build a "loss model." This series looks to be very interesting.
    Working With External Data (Part 1 of X) << Risktical Ramblings
    Tags: ( general )
  3. BSOFH! Enough said.
    BSOFH: Catering to a niche market.
    Tags: ( humor )
  4. Didier brings us another interesting utility that lets you start a process and select who its parent process is. This creates a problem. Read Didier's post to find out what that problem is.
    Quickpost: SelectMyParent or Playing With the Windows Process Tree << Didier Stevens
    Tags: ( windows )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/20/2009

by kriggins on November 20, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a nice post talking about fuzzing with Burp.
    ClearNet Security : need to do a GET before POST, fuzzing with BURP and WebScarab
    Tags: ( webappsec fuzzing burp )
  2. I know it seems like I point out every FudSec.org post that happens and, actually, I do. It's because they are all great posts that have good thought generating material. Jayson attacks Cyberwar in this week's edition.
    Beware of Falling Turtles (Plus other things that shouldn't really frighten us) - fudsec.com
    Tags: ( fudsec cyberwar )
  3. This is a must read in my opinion. I have only read the executive summary and skimmed the assurance framework part so far, but they alone are worth the price of admission. I look forward to digging into the assessment portion soon.
    Cloud Computing Risk Assessment -- ENISA
    Tags: ( cloud risk-assessment )
  4. Craig has an interview with Giles Hogben up with some insight into the new Cloud Security Risk Assessment mentioned above.
    ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben | Cloud Security
    Tags: ( cloud risk-assessment )
  5. Anton takes an interesting approach to why PCI is good.
    Anton Chuvakin Blog - "Security Warrior": Smart vs Stupid: But Not Why You Think So!
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/18/2009

by kriggins on November 18, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adobe offers some guidance on securely deploying cross-domain policy files (Hat tip to cgisecurity.com)
    Securely deploying cross-domain policy files - ASSET
    Tags: ( adobe crossdomain )
  2. I have to agree with this post. Free isn't always best.
    MSI :: State of Security >> Beware of 'Free' InfoSec
    Tags: ( pentesting webappsec )
  3. Is this really the best use of our legislature's time?
    Security Fix - Bill would ban P2P use on federal networks, PCs
    Tags: ( law p2p )
  4. Bob is at it again. Go see what he is up to.
    Syn: Bob The Backdoor Man - Part 1
    Tags: ( story pentesting )
  5. We will likely see more of this in the future. A DNA testing firm files bankruptcy.
    DNA Testing Firm Goes Bankrupt; Who Gets the Data? | Threat Level | Wired.com
    Tags: ( privacy dna )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Some Interesting Stats From My Bits Posts

by kriggins on November 17, 2009

in Announcement,General,Interesting Bits

I'm sitting at home this evening and I should have been doing any number of productive things, but foremost on my mind for some bizarre reason was the question "What kinds of stats can I generate from my bits posts?" I know, I know, you were thinking the exact same thing :)

So, with the help of a quick wget call to Delicious (wget --no-check-certificate -O <output.file> https://<username>:<password>@api.del.icio.us/v1/posts/all?tag=<tagyouwant>), a little awk, sort, and uniq magicĀ  plus a pivot table in Excel I bring you stats!

Current Number of Interesting Information Security Bits Posts = 1687

Number of Unique Sites = 428

Number of Links to Most Frequently Referenced Site = 60

Most Frequently Referenced Site = http://www.computerworld.com.

This is a bit distorted. For some reason all the direct links go to www.computerworld.com instead of the blog from which they came.

Number of Links to Most Frequently Referenced Non-"news" Site = 46

Most Frequently Referenced Non-"news" Site = http://www.securosis.com

Number of Links to Most Infrequently Referenced Site = 1 ( 230 sites tied)

The top 20 non-"news" sites:

http://securosis.com
http://www.securitycatalyst.com
http://blog.rootshell.be
http://taosecurity.blogspot.com
http://www.sophos.com
http://devcentral.f5.com
http://www.rationalsurvivability.com
http://blog.uncommonsensesecurity.com
http://sansforensics.wordpress.com
http://risktical.com
http://jeremiahgrossman.blogspot.com
http://synjunkie.blogspot.com
http://isc.sans.org
http://preachsecurity.blogspot.com
http://ha.ckers.org
http://blog.security4all.be
http://carnal0wnage.blogspot.com
http://www.f-secure.com
http://www.room362.com
http://www.mkeay.net

What does all this tell us? I have no idea, but it was fun to do ;) I will be creating a blog roll that contains the Top 20 referenced non-"news" sites and updating it periodically for those who are interested.

-Kevin

{ 0 comments }

Interesting Information Security Bits for 11/17/2009

by kriggins on November 17, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
    Reusable Code: The Mason Jars of Security | threatpost
    Tags: ( programming general )
  2. Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
    Securosis Blog | Why Successful Risk Management is Still a Failure
    Tags: ( general risk-management )
  3. I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
    Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
    Tags: ( reverse-engineering javascript shellcode )
  4. The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
    Offensive Security Exploit Archive Goes live | Security Active Blog
    Tags: ( exploits milw0rm )
  5. This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
    Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
    Tags: ( general )
  6. Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
    Metasploit: Metasploit Framework 3.3 Released!
    Tags: ( metasploit webappsec pentesting )
  7. Here is a quick how-to describing a method to decompile flash files.
    Carnal0wnage Blog: Decompiling Flash Files with SWFScan
    Tags: ( flash decompile webappsec )
  8. An interesting article that explores some real-life cross subdomain exploits.
    Real-Life Examples of Cross-Subdomain Issues | Social Hacking
    Tags: ( cross-subdomain webappsec )
  9. This is going to be a very cool project. Get involved.
    Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
    Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/16/2009

by kriggins on November 16, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier decided to fuzz his car. Good thing he didn't do it when he was driving down the road.
    /dev/random >> Fuzzing a Car Multimedia System?
    Tags: ( fuzzing )
  2. Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Links/tutorials on writing windows (stack based) exploits
    Tags: ( exploit-writing )
  3. An interesting exploration of the three-way TCP handshake process. Particularly, since it can be a four-way handshake. Very cool. It will be interesting to see what comes out of the research about to happen.
    TCP Portals: The Handshake's a Lie! -- BreakingPoint
    Tags: ( networking tcp-handshake )
  4. There is a new vulnerability in Flash and Mike does a great job of explaining it.
    Skeptikal.org: Flash Origin Attack FAQ
    Tags: ( adobe flash vulnerability )
  5. Thierry ZOLLER has put together a very nice document that describes and demonstrates the recent SSL/TLS vunerability. (Direct link to pdf)
    TLS and SSLv3 vulnerabilitys explained (PDF)
    Tags: ( ssl )
  6. Jack makes some good points about customer data, where it came from and where it is going.
    Uncommon Sense Security: Whose customers are they?
    Tags: ( data-leakage )
  7. Here is another resource to do some free monitoring of your websites.
    HolisticInfoSec.org: Sucuri NBIM: website integrity monitoring for free
    Tags: ( monitoring )
  8. (IN)Secure Magazine issue 23 is out. (Link goes directly to pdf)
    INSECURE-Mag-23.pdf (application/pdf Object)
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/12/2009

by kriggins on November 12, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Why Information Security is the Hardest Career | Information Security Leaders
    Tags: ( career )
  2. Layer 2 Network Protections against Man in the Middle Attacks
    Tags: ( defense networking )
  3. Acunetix Web Application Security Blog >> Looking back at 2009 through SQL Injection goggles
    Tags: ( sql )
  4. Branden Williams's Security Convergence Blog >> More Fun with Hashed PANs
    Tags: ( pci-dss pans creditcard )
  5. Pentesting Adobe Flex Applications with a Custom AMF Client - Gotham Digital Science
    Tags: ( pentesting webappsec flex )
  6. We need to learn more about the RBS Worldpay ATM attack
    Tags: ( atm )
  7. CFP: 9th Workshop on the Economics of Information Security (WEIS) << The New School of Information Security
    Tags: ( conferences cfp weis )
  8. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - winAUTOPWN version 2.0 has been released
    Tags: ( windows pentesting tools )
  9. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - UCSniff 3.0 Released
    Tags: ( pentesting tools voip )
  10. Researcher Takes Step Toward Integrating Penetration Test Tools - DarkReading
    Tags: ( owasp webappsec pentesting )
  11. Detailed look at using Circos for IT Investigation << fifth.sentinel
    Tags: ( visualization )
  12. For Information Security Newcomers, It's More Good than Bad. : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries