breach

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The solution to the latest packet challenge from I Smell Packets.
    Solution to the Name That Exploit Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  2. Rich is tackling costs associated with a data breach. He is approaching it from a hard vs. soft costs perspective. Those familiar with FAIR will recognize these as primary and secondary loss factors.
    Securosis Blog | Creating a Standard for Data Breach Costs
    Tags: ( breach costs )
  3. It wouldn't be Blackhat/DefCon season without at least one cease and desist order. The first one this year stops a talk about hacking ATMs.
    ATM Vendor Halts Researcher's Talk on Vulnerability | Threat Level | Wired.com
    Tags: ( atm blackhat )
  4. Thus declareth @hevnsnt. Change your Twitter password on July 1st. Actually a good idea for several reasons which he shares in this blog post.
    July 1st is #twittersec Day | The Edge of I-Hacked
    Tags: ( twitter )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good stuff for you to read by Rsnake.
    RFC1918 Blues ha.ckers.org web application security lab
    Tags: ( networking security )
  2. Want some Sophos swag? All you have to do is successfully complete this crossword puzzle, then be picked out of a hat.
    Computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge puzzle )
  3. Over the last couple of days there has been a lot of news and blog traffic about an alleged 0wning of T-Mobile. I was reluctant to mention anything about it until it was more certain that it was true. Looks like it is.
    T-Mobile data on Full Disclosure is real | threatpost
    Tags: ( t-mobile breach )
  4. My dad was a doctor. This post reminds me of things he used to say. Read along as Rich re-interprets emergency medicine tenets as information security ones :)
    Securosis Blog | The Laws of Emergency Medicine--Security Style
    Tags: ( general )
  5. A nice post about using VMWare and NFS together. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual NFS customers using VMware
    Tags: ( nfs vmware )
  6. This is a very good article about using VMWare and iSCSI together. It was published in January of this year. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual iSCSI customers using VMware
    Tags: ( vmware iscsi )
  7. I have skimmed the first part of the paper referenced here. It looks very interesting.
    New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks
    Tags: ( paper privacy )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dave points out a really nifty tool that Voltage has released. Check it out.
    Voltage Releases Data Breach Map : Liquidmatrix Security Digest
    Tags: ( data-leakage map )
  2. Rich offers up his Mid 2009 State of Web Application and Data Security.
    Securosis Blog | The State of Web Application and Data Security--Mid 2009
    Tags: ( general )
  3. Time to patch Quicktime and, by extenstion, iTunes.
    Apple plugs 10 QuickTime code execution holes | threatpost
    Tags: ( applce quicktime itunes patches vulnerablity )
  4. @lithium's latest crypto challenge is waiting for you to puzzle over.
    Crypto Challenge - PandaLabs
    Tags: ( cryptography challege )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Amrit debunks 5 information security myths.
    The Top 5 Cyber Security Myths << Amrit Williams Blog
    Tags: ( general myths )
  2. WooHoo! Sourcefire celebrated 10 years last week.
    Sourcefire Network Security - Investor Relations - Press Release
    Tags: ( ids ips sourcefire )
  3. (via M. E. Kabay @ NetworkWorld) A list of information security maxims. Quite a hoot.
    Security Maxims [Vulnerability Assessment Team (VAT)] - Nuclear Engineering Division (Argonne)
    Tags: ( humor maxims )
  4. An exploitable DirectShow vulnerability has surface. There are some work-arounds though.
    Microsoft DirectShow is Vulnerable - F-Secure Weblog : News from the Lab
    Tags: ( directshow microsoft vulnerability )
  5. As usual, Jennifer makes a somewhat difficult topic easy to understand. This is particularly topical for me as I was just having this discussion with some folks last week.
    Understand the differences in network access control solutions
    Tags: ( nac )
  6. Richard is asking for some feedback on an Information Security Incident Rating scale he has developed. Take a peek and let him know what you think.
    TaoSecurity: Information Security Incident Rating
    Tags: ( breach data-leakage )
  7. Daniel shows us how to setup splunk as a remote syslog server.
    HOWTO: Use Splunk as Your Remote Syslog Server | dmiessler.com
    Tags: ( splunk syslog )
  8. Issue 21 is out.
    (IN)SECURE Magazine
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Mike Murray and Lee Kushner have a podcast series that each of us should be listening to.
    When Your Security Career Gets Hacked - Dark Dominion Blog - Dark Reading
    Tags: ( career )
  2. Both amusing and helpful.
    Job Interview: How To Nail An Interview (20 Tips)
    Tags: ( career interviewing )
  3. Go ahead write those passwords down. Just not all of it. I like this idea as long as we are careful in picking the "pin" part, i.e. don't use your birthday :)
    Put Your Passwords on a Post-it - F-Secure Weblog : News from the Lab
    Tags: ( passwords )
  4. The annual FBI cryptography challenge is up. Go crack em' up.
    FBI Annouces Annual Can-You-Crack-the-Code Challenge
    Tags: ( cryptography challenge )
  5. Christofer is talking about something he touched on at RSA and before, who manages the network in the virtually cloudy world, the server admins or the network admins or both?
    Rational Survivability >> Quick Bit: Virtual & Cloud Networking - Where It ISN'T Going...
    Tags: ( virtualization networking )
  6. Another PDF parsing vulnerability in BES. I believe a patch is now available.
    How to control a Blackberry Enterprise Server with just a PDF | Graham Cluley's blog
    Tags: ( pdf rim blackberry vulnerability )
  7. McAfee did a study to determine what the riskiest search terms are. This report is the result of that study. Note: Link goes to PDF (via: eWeek)
    The Web's Most Dangerous Search Terms
    Tags: ( malware search )
  8. This is a nice article on using ITIL to improve and strengthen your information security program.
    How ITIL Can Improve Information Security
    Tags: ( itil )
  9. An interesting exploration of a insider attack on California Water Service Company that occurred recently.
    Ascension Blog >> He did WHAT?!?!
    Tags: ( breach )
  10. L0phtcrack is back and raring to go.
    L0phtcrack 6 Site Is Live : Liquidmatrix Security Digest
    Tags: ( passwords tools l0phtcrack )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This might be an interesting report.
    Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy (pdf)
    Tags: ( general )
  2. Little patch work to do on our Windows systems.
    4 Patches Issued By Microsoft, 2 Critical - Security Watch
    Tags: ( vulnerability windows patches )
  3. Time to patch your Blackberry.
    RIM Issues BlackBerry Security Advisory -- BlackBerry -- InformationWeek
    Tags: ( vulnerability blackberry patch )
  4. Never forget that it is not just your organization that may be affected by a data breach. Heartland is a case in point.
    Heartland Breach Affects 135 Banks and Credit Unions (So Far) | Threat Level from Wired.com
    Tags: ( breach )
  5. Dry cleaners, Ebay, etc. Folks, we really need to get a handle of sanitizing our systems be fore we let them out of our control.
    Techworld.com - Sensitive data found on eBay hard drives
    Tags: ( data-leakage )
  6. Looks like some interesting stuff going on with snort.
    VRT: Important Snort rule changes and the new dcerpc preprocessor
    Tags: ( ids snort )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nice tutorial on starting to use scripting with nmap. Good stuff.
    /dev/random >> Blog Archive >> Introduction to Nmap Scripting
    Tags: ( nmap scripting )
  2. Need some ammunition to justify the cost of that DLP solution? Take a peak at this article. Seriously, some good usable information.
    Data Breaches More Costly Than Ever - Security Fix
    Tags: ( data breach cost )
  3. Some interesting tidbits in there. Nothing to deep since it is a quick slide show, but worth clicking through.
    10 Things You Need to Know NOW About ... Laptop Security
    Tags: ( general )
  4. Looks like there may be a standard for integrated hard drive encryption.
    Drive Makers Agree on TCG Encryption Standard - Network World
    Tags: ( encryption harddrive )
  5. I wonder if we are going to start seeing more of this type of thing. Banks and financial institutions are definitely the largest targets. One note, make sure you read the licensing agreements carefully. Don't give away your rights just for some free software.
    Barclays offers free mobile banking security : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( general banking )
  6. Yup. Google was saying that the entire internet was hosting malicious software last Saturday morning. Oops.
    Google mistakes entire web for malware * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I agree completely with George on this one. Arguing that PCI DSS is a failure because two organization that were compliant experienced breaches is like saying door locks are a failure because somebody broke into your house.
    The Death of PCI DSS? Don't Be Silly - Security Blog - InformationWeek
    Tags: ( pci breach )
  2. This is a good article to pass on to your family and friends. The tips are very good and will raise the awareness level of any who reads the article.
    12 tips for managing your information footprint
    Tags: ( privacy )
  3. The next in the series.
    The Business Justification For Data Security: Data Valuation | securosis.com
    Tags: ( risk-management )
  4. The third post in the series.
    The Business Justification for Data Security: Information Valuation Examples | securosis.com
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 1 comment }

I had a Monster.com account hanging out there for a few years. I wasn't looking for a new position so all the privacy controls were turned on. Along comes the second data breach in under two years. I decided I didn't need that account anymore. I know, closing the barn door after the horse is already gone.

Anyway, I went to log into my account to have it removed and couldn't remember my password. No problem. I clicked on the 'Forgot my password' link and received a nice email with url in it to reset my password. Slight problem. The URL didn't point to an SSL encrypted page.

I decided to give them the benefit of the doubt by assuming I would be redirected to a secure page to actually reset my password. Nope. The reset page was also unencrypted. To reset my password I had to let it flit across the hostile internet in cleartext. I went ahead and did it since I was deleting the account anyway.

That made me a little curious and I decided to poke around a little more to see if anything else obvious popped up. Didn't take long.

The sign up page wich asks for your full name, email address, password, location and current employment status is also not encrypted. Once again, I decided to give them the benefit of the doubt and took a peak at the page source to see if maybe they posted the information to a secure page. Nope. At least not that I can find.

What this says to me is that there is a serious lack of understanding of information security in Monster.com's organization. If as basic a tenet as encrypting passwords when in transit and at rest is not understood and enforced, what else are they missing.

</hops off soap box>

-Kevin

Reblog this post [with Zemanta]

{ 1 comment }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. Not only is malware watching what you type, now it is taking screen captures of what you are looking at.
    Bot software peers at victims' screens
    Tags: ( malware botnet )
  2. Once again, failure to effectively secure data on a mobile storage device bites someone in a tender place.
    New Zealand man buys MP3 player with U.S. troop data | Security - CNET News
    Tags: ( breach )
  3. A very nice article about storing passwords securely.
    How To Protect Your Users From Password Theft
    Tags: ( passwords )
  4. Jeremiah is collecting the top web hacking techniques for 2008. This year the winner gets a free pass to Blackhat.
    Jeremiah Grossman: Calling all Researchers! Send in the Top Web Hacking Techniques of 2008
    Tags: ( hacking )
  5. Qualys has release a free e-book titled "PCI Compliance for Dummies." Obviously, registration required, etc. Drazen thinks it's worth a read.
    Hat tip: http://beastorbuddha.com/2009/01/27/pci-compliance-for-dummies-from-qualys/
    e-Book: "PCI for Dummies"
    Tags: ( pci )
  6. Some good advice regarding tap vs span port decisions.
    TaoSecurity: Why Network Taps
    Tags: ( network ids taps )

That's it for today.

Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

-Kevin

Reblog this post [with Zemanta]

{ 0 comments }