November 2009

Hug a Veteran Today!

by kriggins on November 11, 2009

in Announcement, General

There are several times every year when I think about the armed services of the United States. Days like Independence Day, the anniversary of D-Day, the anniversary of the attack on Pearl Harbor and others. Many times, I have wanted to let the people who serve our country in this manner know how much I appreciate that service.

On occasion I have had the opportunity to walk up to a serving member of our armed services, shake their hand and say thank you for your service. Nearly every time, the reaction is one of surprise followed by gratitude. It deeply saddens me that the first reaction is surprise.

The men and women who serve in the Armed Services of the United States of America deserve our gratitude and our respect. It is through their sacrifice that we continue to experience the freedom and security we have.

Today is Veterans Day. I urge you to find at least one person who is serving or has served in the armed services and thank them. Shake their hand or, better yet, give them a hug. I will be. Let’s make today a special day for these people to whom we owe so much.

To all those who serve and have served to guarantee the freedom and security of the United States of America, I thank you from the bottom of my heart. Your sacrifice is greatly appreciated.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/09/2009

by kriggins on November 9, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andy poses the question (paraphrased) "You get to build a security program from the ground up. How do you go about it?" Go over and offer your thoughts.
    Building a security program from the ground up >> Andy ITGuy
    Tags: ( infosec-program )
  2. Want to learn how to write exploits. You should really check out Dino's exploitation class. I'll be going through it at my earliest convenience. Oh, and by the way, it's free.
    Penetration Testing and Vulnerability Analysis - Exploitation
    Tags: ( class education explolits )
  3. From the site: A group of PenTesters/Researchers have gotten together with the purpose of posting their useful scripts. Feel free to submit your scripts, we will gladly review them, even post them crediting you. You can submit them at scripts@pentesterscripting.com
    start [PenTester Scripting]
    Tags: ( pentest scripts tools )
  4. Some interesting thoughts that Richard shares from a talk given by Michael Hayden.
    TaoSecurity: Notes from Talk by Michael Hayden
    Tags: ( general )
  5. I agree with the Infosec Cynic. Allowing non-Latin characters is going to open up a whole new way for evil to be propagated.
    International Websites | The Infosec Cynic
    Tags: ( dns )
  6. If you haven't heard yet, there is a worm running around that Rick Rolls iPhones that have been jailbroken. This post isn't really about the worm, but about the individual who wrote, released and then talked about doing it.
    Worm author tells media he initially infected 100 iPhones | Graham Cluley's blog
    Tags: ( general worm iphone )
  7. A nifty use of netcat to image a drive over the network.
    How-to: Cloning a (Laptop) Hard Drive using DD over the network | Roer.com - Kai Roer's Rants on Infosec
    Tags: ( backup imaging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/06/2009

by kriggins on November 6, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I can't remember if I pointed to part one of this, but I think I did. Anyway, here are the answers. There is a link to part 1 if you haven't seen it yet.
    Can you find the vulnerabilites? Part Two << Security Ninja
    Tags: ( challenge answers )
  2. The Atlanta NAISG chapter is celebrating their one year anniversary. You should go check it out next week if you are in the area.
    Atlanta NAISG November Meeting >> Andy ITGuy
    Tags: ( meetings naisg atlanta )
  3. A couple of federal bills about breaches are getting closer to possibly becoming laws. See inside for a bit more detail.
    National Data Breach Laws Move Through Senate | Threat Level | Wired.com
    Tags: ( data-leakage breach law )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/05/2009

by kriggins on November 5, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There is some truth in this post. A corollary is the mommy/daddy principle. I'll ask mommy and if I don't get the answer I want I'll ask daddy.
    Network Security Blog >> I'll do anything! Absolutely anything!
    Tags: ( general )
  2. The CFP for Metricon is open.
    Mini Metricon 4.5 Call For Participation << The New School of Information Security
    Tags: ( conferences cfp metricon )
  3. This is a must see.
    YouTube - Marcus J. Ranum on Cloud Computing Security
    Tags: ( cloud humor )
  4. Here is the mother lode of cheat sheets. Focused on developers, but there are a few that are security related.
    Cheat Sheet and Quick Reference Card Directory | devcheatsheet.com - Cheat Sheets for Developers.
    Tags: ( cheatsheet )
  5. This is the author's page regarding the SSL/TLS vulnerability just announced. It was a bit more reader friendly and promises to be so again, but the information is still there.
    extendedsubset.com
    Tags: ( tls ssl vulnerability )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/04/2009

by kriggins on November 4, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Be careful. It doesn't appear that it is very hard to turn you Windows 7 install into an wireless access point.
    Errata Security: Windows 7 includes soft-ap
    Tags: ( windows-7 wifi )
  2. Some good tips for making sure your WordPress install is as secure as possible.
    10 Ways To Secure Your WordPress Install
    Tags: ( wordpress )
  3. Offensive Security is setting up the next iteration of milw0rm.
    Leaders in Online Information Security Training >> Offensive Security Exploit Archive
    Tags: ( milw0rm offensive-security )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/03/2009

by kriggins on November 3, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned.
    Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog
    Tags: ( virus windows-7 )
  2. Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently.
    Skeptikal.org: Cross-subdomain Cookie Attacks
    Tags: ( webappsec exploits )
  3. Thinking about virtualizing your databases? Make sure you are doing so for any of the mythical reasons that Adriane addresses in this article.
    Securosis Blog | Myths Surrounding Databases in Virtual Environments
    Tags: ( virtualization database )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 11/02/2009

by kriggins on November 2, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very good article on an issue that we need to think about as those who are very social media focused are working in our organizations.
    Lifestyle Hackers - CSO Online - Security and Risk
    Tags: ( social-media )
  2. You know you've been wanting to try it.
    Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
    Tags: ( passwords cloud cracking )
  3. Wonder what the latest changes to MA 201 CMR 17.00 are? Jack does us all a wonderful service by showing us the differences.
    Uncommon Sense Security: diff MA 201 CMR 17.00
    Tags: ( ma-201-cmr-17 )
  4. Part two of SynJunkie's latest story is up.
    Syn: Bobs Double Penetration Adventure - Part 2
    Tags: ( story wifi pentest )
  5. The latest version of Microsoft's Security Intelligence Report is available.
    Download details: Microsoft Security Intelligence Report volume 7 (January - June 2009)
    Tags: ( intelligence report microsoft )
  6. This post points out that we really need to be able to communicate with non-technical audiences. It then points to a new SANS short course that helps us learn how to do that more effectively. Looks very interesting.
    Keys to Professional Communication | Courses, Training | Enclave Forensics
    Tags: ( presenting speaking writing )
  7. This page contains links to a wealth of information on psychology and information security. Fascinating stuff that will keep you busy for quite some time.
    Hat tip: Adam @ The New School of Information Security Blog
    Psychology and Security Resource Page
    Tags: ( psychology )
  8. Here is the third and final part of SpyLogic's Enterprise Open Source Intelligence Gathering series. It focuses on monitoring and social media policies.
    Enterprise Open Source Intelligence Gathering - Part 3 Monitoring and Social Media Policies -- spylogic.net
    Tags: ( gathering intelligence )
  9. This is a nicely detailed post on using OWASP ESAPI for output validation. You are validating your output, right? It is actual the second in a series. The first part on input validation is linked to at the beginning and is also worthy of a gander.
    Output Validation using the OWASP ESAPI << Security Ninja
    Tags: ( output-validation owasp esapi )
  10. Anton posits that FUD is good sometimes. Interesting perspective. The New School Security blog has an interseted reponse too: http://newschoolsecurity.com/2009/10/just-say-no-to-fud/
    A Treatise on FUD - fudsec.com
    Tags: ( iis fud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Next Entries →