Here are today's Interesting Information Security Bits from around the web.

1. In their continuing series that documents the infosec community in various cities, InfosecEvents looks at Las Vegas this week.
   Las Vegas Security Community | Infosec Events
   Tags: ( community )
2. Looks like the folks on the Vulnerability Research Team at Sourcefire have come up with a new tool for us to play with, Razorback. From the post "Razorback is an Open-Source Framework for an intelligence driven security solution." Looks like fun.
   Project Razorback has been unleashed on the World | Joel Esler
   Tags: ( sourcefire tools razorback )
3. A new certificate is coming that hope to raise the knowledge level of IT professionals on the topic of security and cloud computing. The reference material is very good material from ENISA and the Cloud Security Alliance.
   Certificate of Cloud Security Knowledge | Cloud Security Alliance
   Tags: ( cloud certification )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. There is a data dump of all publicly searchable Facebook users out there right now. The Harmony Guy has an interesting post talking about the situation.
   Security Through Obscurity and Privacy in Practice | Social Hacking
   Tags: ( facebook privacy )
2. Check out this post for some information about two privacy bills currently working their way through the US Congress.
   Sunbelt Blog: Privacy bills in U.S. Congress in brief
   Tags: ( privacy laws )
3. Here a reasoned post on the susceptibility of Apple products to the same threats that exist for Windows products.
   Yes Virginia, Mac's Can Get Viruses | Optimal Security: The Lumension Blog
   Tags: ( apple malware )
4. Here is a machine readable Defcon 18 schedule. Very nice. It is available in XML, iCal and HTML formats.
   DefCon 18 Schedule | Perimeter Grid
   Tags: ( )
5. The 2010 Verizon Data Breach report has been released. This year it includes data from the U.S. Secret Service. I am looking forward to reading it. You should too.
   Verizon Business Security Blog >> Blog Archive >> 2010 Data Breach Investigations Report Released
   Tags: ( data-breach dbir )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. In the continuing series on the infosec community in various cities, Washington D.C. gets some attention. If you are in the DC area, you should check out these opportunities.
   Washington, DC Security Community | Infosec Events
   Tags: ( community )
2. Mike and Lee's 2010 Compensation Survey results are now available. Some interesting stuff in there.
   2010 Compensation Survey : Information Security Leaders
   Tags: ( career compensation )
3. Anton has penned another career focused post. Very good advice in here. You should read it.
   Anton Chuvakin Blog - "Security Warrior": Skills for Work vs Skills for Getting Hired
   Tags: ( career )
4. Hmm. Interesting thoughts on DMCA and reverse engineering software.
   HP Blogs - The DMCA vs "Reverse Engineering" Software - HP Blogs
   Tags: ( general )
5. If you like podcasts, check out Wim's list.
   The Security Kitchen >> Blog Archive >> list of podcasts
   Tags: ( podcasts )
6. Andrew offers up a few basic things you can do to make your SSH service a bit more secure.
   Basic SSH server hardening << Infosanity's Blog
   Tags: ( ssh tips )
7. Alex points out that Cisco's security report is available.
   Cisco's Artichoke of Attack << The New School of Information Security
   Tags: ( report cisco )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. Alchemist has offered up some dos and don'ts for when you are evaluating products/solutions. Some good tips and things to think about.
   Technology Evaluation Do's and Don'ts << An alchemists view from the bar
   Tags: ( infoec evaluation )
2. Just read it. It kind of defies description.
   Last In - First Out: Just another day in Internet-land
   Tags: ( general )
3. This looks like a nifty post installation script. It installs some stuff and tweaks some stuff. I have taken a cursory look at what it does and it appears good. Please double check everything yourself though.
   infond: infondlinux - a post installation script for Ubuntu
   Tags: ( linux )
4. Looks like Adobe is taking a very good step forward in security Reader.
   Adobe: 'Sandbox' Will Stave Off Reader Attacks -- Krebs on Security
   Tags: ( adobe reader )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. Ukraine now has a data protection law.
   Ukraine Adopts a New Data Protection Law : Privacy & Information Security Law Blog
   Tags: ( privacy law ukraine )
2. Wow. This is both very very cool and very very scary. That means it is useful for showing the dangers of XSS. Check it out.
   Attack and Defense Labs: Shell of the Future - Reverse Web Shell Handler for XSS Exploitation
   Tags: ( pentesting xss shell )
3. As I clicked publish on the last IISB, which mentioned this challenge, I saw tweet with the answer. Sorry about that folks.
   Solution and Winner of the 1st Panda Challenge 2010 | PandaLabs Blog
   Tags: ( challenge panda )
4. Just go read this. It's important.
   What's "a risk" anyway? | RiskAnalys.is
   Tags: ( risk )
5. Here is nifty plugin from Qualys. It checks for security updates for a number of browser support apps like Reader, Java, etc.
   Qualys BrowserCheck
   Tags: ( browser tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

1. The 1st 2010 challenge from Panda is up.
   Panda Challenge 2010 Edition: 1st challenge up! | PandaLabs Blog
   Tags: ( challenge panda )
2. Malware is very tricky in how it makes itself available across reboots. This post points out yet another way it does so.
   M-unition >> Blog Archive >> Malware Persistence without the Windows Registry
   Tags: ( malware auto-start )
3. What do Shakespeare and botnets have in common? Lori knows something about both. Take a peek. Good suggestions in here.
   Out, Damn'd Bot! Out, I Say!
   Tags: ( botnets )
4. Ghostnomad uses the cleaning of his kitchen floor tile grout as an analogy for dealing with infosec risk. I like it.
   GhostNomad.com >> Tale of Grout
   Tags: ( risk-management )
5. Mark has a list of 10 crazy ideas that he thinks might just change the state of the information security industry. Check it out.
   Curphey 2.0 >> 10 Crazy Ideas That Might Just Change the State of the Security Industry
   Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. Anton is looking for some feedback from you for the 2010 version of the SANS Top 5 Essential Log Reports. Go help him out.
   Anton Chuvakin Blog - "Security Warrior": SANS Top 5 Essential Log Reports Update!
   Tags: ( logging )
2. Another great response to a good question from Mike and Lee. It covers compensation negotiation for a new gig.
   Career Advice Tuesday - "Advice on Negotiating Compensation" | Information Security Leaders
   Tags: ( career negotiation )
3. Looks like AppSec USA 2010 has been announced.
   The Ashimmy Blog: AppSec USA 2010, September 7 to 10 at the University of California at Irvine
   Tags: ( owasp conferences appsec )
4. Rich has posted a sneak peek at some of the data from the Data Security Survey that Securosis has been running. Interesting stuff. There is still time to contribute if you haven't yet.
   Securosis Blog | Preliminary Results from the Data Security Survey
   Tags: ( data )
5. HTML 5 is cool and has nifty things like local storage, but beware, there are some things to think about from an information security perspective. Check out Michael's post for a few items.
   ...Application Security...: HTML5, Local Storage, and XSS
   Tags: ( html5 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Hello everybody. This post brings us up-to-date on the bits posts from my time off over the few couple weeks. See how dedicated I am to you, my faithful readers. While tempted, I didn't click 'mark all read'

Here are today's Interesting Information Security Bits from around the web.

1. While I agree in spirit with @shrdlu's thoughts, in practice, regulatory requirements get in the way really quickly. I will say there appears to be some things brewing on the horizon that will make this easier...hopefully.
   Layer 8 - Crazy talk.
   Tags: ( mobile )
2. Rich offers three tips to help us simplify our DLP implementation.
   Securosis Blog | Top 3 Steps to Simplify DLP Without Compromise
   Tags: ( dlp )
3. Shrdlu has taken on the topic of exceptions to policy. Very good stuff. Go read it.
   The exception IS the rule.
   Tags: ( policy )
4. Want to do some malware reverse-engineering, but don't have the tools? Check out REMnux.
   REMnux: A Linux Distribution For Reverse-Engineering Malware | Darknet - The Darkside
   Tags: ( reverse-engineering malware )
5. In what I think is the first in a series of posts about local infosec get to-gethers in various cities, InfosecEvents covers New York City. A very nice list.
   New York City Security Community | Infosec Events
   Tags: ( meetings )
6. Mexico's new Data Protection Law is now in effect.
   Mexico's Data Protection Law Now in Effect : Privacy & Information Security Law Blog
   Tags: ( privacy mexico legistation )
7. Very cool. A new feature in Metasploit, called railgun, was released about a month ago. Windows API calls without custom DLLs. Neat.
   Room362.com - Blog - Intro to RailGun: WIN API for Meterpreter
   Tags: ( metasploit )
8. Interesting way to prevent your screen saver from kicking in. Granted there are very limited cases when you want this to happen, but I can think of some sneaky reasons to do it.
   /dev/random >> How to Prevent the Windows Screensaver Autolock Feature?
   Tags: ( tricks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Thought for the day: "“You know, it would be better if you would get more coachable.” ~ Coach Bill Starr

Ever had the opportunity to learn from somebody, but you didn't because you weren't coachable? You said you were ready to learn something, but you ended up not paying attention or arguing with the individual you are trying to learn from.

I've been that person before and probably will be again, but boy do I work hard to be coachable now.

We should all strive to be a sponge when those with more knowledge than us deign to share it. Otherwise, we should just let them get on with more important things than trying to put up with us wasting their time.

Here are today's Interesting Information Security Bits from around the web.

1. Split-horizon assessment, i.e. audience dependent reporting. Interesting concept. rybolov is looking for thoughts on this idea. Go offer yours.
   Split-Horizon Assessments and the Oversight Effect | The Guerilla CISO
   Tags: ( security-assessment )
2. If you must ask these 7 questions as an interviewer, then you need to be able to answer them as an interviewee.
   The 7 Interview Questions You Must Ask | BNET
   Tags: ( career interviewing )
3. Looking for some penetration testing tools written in Python? Look no further. Here is an awesome list.
   Dirk Loss: Python tools for penetration testers
   Tags: ( pentesting tools python )
4. This is a nice post about cloud security for Federal IT. It also contains a pointer to a nice whitepaper on cloud security considerations for the rest of us. Take peek.
   Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud - Roger's Security Blog - Site Home - TechNet Blogs
   Tags: ( cloud )
5. If you ever wanted to run an SSH honeypot, check out Andrew's post on Kippo.
   Starting with Kippo << Infosanity's Blog
   Tags: ( honeypost ssh tools )
6. Here is a handy post if you ever need to compile the OSSEC Windows agent on a Windows platform.
   Immutable Security >> Compiling the OSSEC Windows Agent on Windows
   Tags: ( ossec )
7. Here are 10 things you can do to make your WordPress install a bit more secure.
   10 Useful WordPress Security Tweaks - Smashing Magazine
   Tags: ( wordpress )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Here are today's Interesting Information Security Bits from around the web.

1. All sorts of interesting posts about executives popping up. Mike has a different perspective regarding executives than Jack does, but he does offer some suggestions on how to work with executives that are valuable either way.
   Securosis Blog | Know Your Adversary
   Tags: ( general )
2. I pointed to Jack Freund's post yesterday about executives not being stupid. Jay has taken that post as a launching pad for a post on decision making. As he says, "Once they [we] realize that there is a process, however informal, they [we] may begin to influence change." Cool stuff.
   Supporting the Decision Process << Behavioral Security
   Tags: ( thinking decisions general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin