Interesting Information Security Bits for 02/16/2010

by kriggins on February 16, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The latest edition of the CWE/SANS Top 25 is available now.
    CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
    Tags: ( webappsec )
  2. Who doesn't like stickers? Check out this survey.
    Answer Survey, Get Stickers - F-Secure Weblog : News from the Lab
    Tags: ( survey )
  3. This is pretty nifty. Importing Secunia Advisories into a SIEM/OSSEC.
    /dev/random >> Importing Secunia Advisories into a SIEM/OSSEC
    Tags: ( ossec logging )
  4. Rich and crew have released their latest whitepaper. Check it out.
    Securosis Blog | New Release: Understanding and Selecting a Database Assessment Solution
    Tags: ( database assessment )
  5. Congratulations to Kees for being designated as a SANS Thought Leader! Read his interview here.
    SANS: Security Thought Leaders - Kees Leune
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. For even more links, check out the blog's twitter feed: @InfoSecRamblins.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

Interesting Information Security Bits for 02/15/2010

by kriggins on February 15, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. OT, but very cool. Make your own QR code temporary tatoos.
    QR Code Temporary Tattoos Howto | The Guerilla CISO
    Tags: ( general )
  2. I think I pointed to something about this a bit ago, but here is more on chip and pin having issues.
    Light Blue Touchpaper >> Blog Archive >> Chip and PIN is broken
    Tags: ( chip-and-pin )
  3. Fun stuff here. Using WCF to scan inside the perimeter.
    Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
    Tags: ( scanning )
  4. Dave opines about 5 reasons your security program may be struggling.
    ShackF00 >> 5 Reasons Your Security Program is a Failure
    Tags: ( general security-program )
  5. Just in case you were not aware of it, OWASP has a broken web application project. It's a VM with vulnerable apps.
    owaspbwa - Project Hosting on Google Code
    Tags: ( webappsec education )
  6. Join the rant against the term "best practice." Drives me nuts, just like it does Adam.
    Best Practices for Defeating the term "Best Practices" << The New School of Information Security
    Tags: ( general )
  7. Josh has some good point about social networking and its use are work.
    Josh More - Starmind Blog >> Should we allow our employees to engage in social networking?
    Tags: ( social-networking )
  8. Check it out if you are in Europe or have a really big travel budget.
    Pimping the Security Non-Cons: Troopers 2010 | Rational Survivability
    Tags: ( conferences )
  9. Some cool and interesting stuff going on in the A6 world. Check out Chris's post about A6 and CloudAudit.
    The Automated Audit, Assertion, Assessment, and Assurance API (A6) Becomes: CloudAudit | Rational Survivability
    Tags: ( cloud a6 cloudaudit )
  10. Fun with social engineering and Metasploit.
    Social-Engineering Toolkit (SET)
    Tags: ( social-engineering metasploit )
  11. .:[ Layered Security ]:.: 802.11n card that works with BackTrack 4 - woohoo!
    Tags: ( backtrack tools wireless )
  12. Security-Shell: NoMore AND 1=1 - Web Application Testing Tool released
    Tags: ( webappsec sql-injection )
  13. 7 Things Every Information Security Professional Should Know -- My Information Security Job
    Tags: ( careers )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

Sorry for the Blog Downtime

by kriggins on February 11, 2010

I apologize for the downtime today. It was entirely my fault.

Things should be okay now.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

Interesting Information Security Bits for 02/10/2010

by kriggins on February 10, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a nice summation of some recent research on data breaches.
    Reports: SQL injection attacks and malware led to most data breaches | Zero Day | ZDNet.com
    Tags: ( research )
  2. Good points on writing custom error pages.
    Digital Soapbox - Down the Security Rabbithole!: Accidental Anti-Automation in Web App Sec
    Tags: ( error-pages )
  3. This article points to a couple of Skype policies that might be helpful.
    Example Skype Security Policies: Low-Medium Security Levels
    Tags: ( skype )
  4. FreeBSD and its ilk are a bit of a different breed. Hal gives some tips on digging into them forensically.
    FreeBSD Computer Forensic Tips & Tricks
    Tags: ( freebsd forensics )
  5. While compliance does not equal security, it does have its place. Give what Dennis has to say a gander.
    Security From Scratch: Using Compliance For Good : The Security Catalyst
    Tags: ( compliance )
  6. If you have any of the following going on, you really need to look at your procedures and policies.
    Immutable Security >> Administrators by Proxy
    Tags: ( windows administrators )
  7. Let your voice be heard fellow security bloggers. Time to vote for the Social Security Blogger Awards.
    The Ashimmy Blog: Vote for the Social Security Blogger Awards
    Tags: ( security-bloggers awards )
  8. Looks like there is going to be a Security Bloggers Meet-up in April in London. Wish I could be there.
    Security Bloggers Meet Up, proposed 27th April near Earls Court London | Security Active Blog
    Tags: ( meet-up )
  9. Looking for some research you can't find anywhere else? Let Rich and company know.
    Securosis Blog | Choose Your Own Whitepaper Adventure (and Upcoming Papers)
    Tags: ( research )
  10. Vercode offers some clarity about the Blackberry application released at Shmoocon. Key: Not a hack.
    In Which We Dispel Misconceptions
    Tags: ( blackberry spyware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

Interesting Information Security Bits for 02/08/2010

by kriggins on February 8, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good information on performing forensics on Google's browser, Chrome.
    Google Chrome Forensics
    Tags: ( forensics chrome google )
  2. Recon is looking for talk submissions.
    The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS - REC0N 2010 MONTREAL CANADA JULY 9-11
    Tags: ( recon conferences cfp )
  3. Craig asks a really good question, "Is Cloud Computing Right for Your Business?"
    Is Cloud Computing Right for Your Business? : The Security Catalyst
    Tags: ( cloud )
  4. The guys over at SANS Computer Forensics are starting a new weekly feature where they point out interesting forensics tidbits from around the internet.
    Digital Forensic Case Leads: Introductions
    Tags: ( forensics )
  5. This is a neat analysis of an exploit that has multiple levels of obfuscation.
    An In-Depth Exploit Analysis on Multilayer Obfuscations - Security Labs Blog
    Tags: ( exploit analysis )
  6. The presentations from Blackhat DC 2010 are starting to become available.
    Black Hat (r) Technical Security Conference: DC 2010 // Archives
    Tags: ( blackhatdc presentations archives )
  7. Ever want to play with your own botnet? Here you go, a nice learning tool.
    KreiosC2 - DigiNinja
    Tags: ( botnet research testing )
  8. A new version of Dradis is available. This is a handy collaborative documentation sharing tool that is very helpful in incident response and forensic work. Works well for other situations too.
    dradis - Effective Information Sharing
    Tags: ( dradis tools )
  9. Whoops. Not so hard for somebody to spy on your blackberry.
    Is Your BlackBerry App Spying on You?
    Tags: ( blackberry malware )
  10. Nifty stuff. A few very helpful regexes to have in your back pocket for your data mining efforts.
    JL's stuff: Forensic Regexes
    Tags: ( forensics regex )
  11. Interesting discussion on rescinding local admin rights on our end points.
    Securosis Blog | FireStarter: Admin access, buh bye
    Tags: ( local-admin )
  12. Interesting counterpoint to the post above about admin rights. I tend to agree with Rich's thoughts here.
    Securosis Blog | Counterpoint: Admin Rights Don't Matter the Way You Think They Do
    Tags: ( local-admin rights )
  13. I love to see this happen. Sensepost will no longer have a registration wall before their publicly available research and tool offerings. Wish more companies would go this route.
    Removing registration requirements
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

SchmooCon 2010 Streaming Live for Free

by kriggins on February 5, 2010

Post image for SchmooCon 2010 Streaming Live for Free

I meant to mention this again earlier this week, but forgot to. ShmooCon will be live streaming the entire event this year. The conference starts today at 3:00 EDT.

If you are not familiar with ShmooCon, here is a tidbit from the conference website:

Different • ShmooCon is an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind. The next two days, there are three tracks: Break It!, Build It!, and Bring It On!.

Affordable • ShmooCon is about high-quality without the high price. Space is limited! ShmooCon has sold out every year, so unless taking a chance on an eBay auction to get your ticket sounds like fun, register early!

Accessible • ShmooCon is in Washington, D.C., at the Marriott Wardman Park Hotel, just a few steps from the D.C. Metro. Fly into DCA, IAD, or BWI, or take a train to Union Station, and you are just a quick cab ride away from the con

Entertaining • Brain melting from all the cool tech you are learning? Check out some of the contests running at ShmooCon, including the Hacker Arcade and Hack-Or-Halo. In years past, we have also thrown massive parties at a local area hot-spot, so expect that to happen again too!

Here are the links to the different streams. The source page is here.

Friday Feb 5th, 2010

One Track Mind

Saturday Feb 6th, 2010

Build It
Break It
Bring It On

Sunday Feb 7th, 2010

Build It
Break It
Bring It On

I'll be watching as much as I can. You should too!

-Kevin

Reblog this post [with Zemanta]
Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 2 comments }

Interesting Information Security Bits for 02/04/2010

by kriggins on February 4, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Robert has a nice exploration of Intel's new processor named Nehalem.
    Errata Security: Nehalem vs. IDS
    Tags: ( hardware intel cpu )
  2. Andy speaks some truth about the user's responsibility in the security equation.
    Are we being irresponsible? >> Andy ITGuy
    Tags: ( awareness )
  3. The start of what looks to be a neat series. lsof is an awesome tool.
    Black Fist Security: *nix command of the day
    Tags: ( tools unix )
  4. Here is an interesting story about a different cyber-crime target. Still very lucrative.
    Hackers Steal Millions in Carbon Credits | Threat Level | Wired.com
    Tags: ( crime )
  5. This is a really good read.
    Jeremiah Grossman: The Web won't be safe, let alone secure, unless we break it
    Tags: ( wepabbsec )
  6. Securosis is looking for participants for some closed surveys. Check this out if you want to help.
    Securosis Blog | Need Brains. User Brains
    Tags: ( surveys )
  7. Want to setup and virtual network security testing lab? Check this out.
    In Lieu of... << Laz3rNet
    Tags: ( lab how-to )
  8. Windows 2008/7 offers new functionality that may help ease the pain of service accounts. (Hat tip: @grey_area)
    Service Accounts Step-by-Step Guide
    Tags: ( windows )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

Interesting Information Security Bits for 02/03/2010

by kriggins on February 3, 2010

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew has a talk up for consideration for BSidesSF.
    Andrew Hay >> Blog Archive >> Vote For My #BSidesSF Talk "My Life on the Infosec D-List"
    Tags: ( bsidessf )
  2. Apache hit end-of-life today. The last update has been released.
    Apache HTTP Server 1.3's final update released - The H Security: News and Features
    Tags: ( apache )
  3. Ouch. That's a lot of infected machines.
    48% of 22,000,000 Scanned Systems Malware Laden
    Tags: ( malware )
  4. Ben has tossed his hat into the BSidesSF ring too.
    BSides or Be Square: San Francisco and Austin (The Falcon's View)
    Tags: ( conferences bsidessf )
  5. Andrew's next interview is with Rob Fuller. I met Rob last year at RSA. Good guy.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Rob Fuller
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

{ 0 comments }

(IN)Security Issue 24 is Now Available

by kriggins on February 2, 2010

DOWNLOAD ISSUE 24 HERE (February 2010)

  • Writing a secure SOAP client with PHP: Field report from a real-world project
  • How virtualized browsing shields against web-based attacks
  • Review: 1Password 3
  • Preparing a strategy for application vulnerability detection
  • Threats 2.0: A glimpse into the near future
  • Preventing malicious documents from compromising Windows machines
  • Balancing productivity and security in a mixed environment
  • AES and 3DES comparison analysis
  • OSSEC: An introduction to open source log and event management
  • Secure and differentiated access in enterprise wireless networks
  • AND MORE!
    Share and Enjoy:
    • Digg
    • Sphinn
    • del.icio.us
    • Facebook
    • Mixx
    • Google Bookmarks

    { 2 comments }

    Pardon the Dust

    by kriggins on February 1, 2010

    I am installing a new theme over the next few days so I expect some hicups and snags around here. I apologize for any issues you may have, but things should be back to normal in a couple days.

    -Kevin

    Share and Enjoy:
    • Digg
    • Sphinn
    • del.icio.us
    • Facebook
    • Mixx
    • Google Bookmarks

    { 0 comments }

    ← Previous Entries

    Next Entries →