education

Chris Hoff took his three young girls to Source Boston with him last week.

First, VERY COOL and it sounds like they had a good time.

Second, it started some thoughts in his head, some conversations with others and the creation of something that will be most excellent.

HacKid Conferences

From the website:

The idea really revolves around providing an interactive, hands-on experience for kids and their parents which includes things like:

  • Low-impact martial arts/self-defense training
  • Online safety (kids and parents!)
  • How to deal with CyberBullies
  • Gaming competitions
  • Introduction to Programming
  • Basic to advanced network/application security
  • Hacking hardware and software for fun
  • Build a netbook
  • Make a podcast/vodcast
  • Lockpicking
  • Interactive robot building (Lego Mindstorms?)
  • Organic snacks and lunches
  • Website design/introduction to blogging
  • Meet law enforcement
  • Meet *real* security researchers ;)

I think this is an awesome effort.

If you have ideas or are interested in helping out, you can contact the group via @HacKidCon on twitter or via email at hackid@HacKid.org

-Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andy poses the question (paraphrased) "You get to build a security program from the ground up. How do you go about it?" Go over and offer your thoughts.
    Building a security program from the ground up >> Andy ITGuy
    Tags: ( infosec-program )
  2. Want to learn how to write exploits. You should really check out Dino's exploitation class. I'll be going through it at my earliest convenience. Oh, and by the way, it's free.
    Penetration Testing and Vulnerability Analysis - Exploitation
    Tags: ( class education explolits )
  3. From the site: A group of PenTesters/Researchers have gotten together with the purpose of posting their useful scripts. Feel free to submit your scripts, we will gladly review them, even post them crediting you. You can submit them at scripts@pentesterscripting.com
    start [PenTester Scripting]
    Tags: ( pentest scripts tools )
  4. Some interesting thoughts that Richard shares from a talk given by Michael Hayden.
    TaoSecurity: Notes from Talk by Michael Hayden
    Tags: ( general )
  5. I agree with the Infosec Cynic. Allowing non-Latin characters is going to open up a whole new way for evil to be propagated.
    International Websites | The Infosec Cynic
    Tags: ( dns )
  6. If you haven't heard yet, there is a worm running around that Rick Rolls iPhones that have been jailbroken. This post isn't really about the worm, but about the individual who wrote, released and then talked about doing it.
    Worm author tells media he initially infected 100 iPhones | Graham Cluley's blog
    Tags: ( general worm iphone )
  7. A nifty use of netcat to image a drive over the network.
    How-to: Cloning a (Laptop) Hard Drive using DD over the network | Roer.com - Kai Roer's Rants on Infosec
    Tags: ( backup imaging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good tips and resources for gathering intelligence.
    Enterprise Open Source Intelligence Gathering - Part 1 Social Networks -- spylogic.net
    Tags: ( gathering )
  2. I always enjoy pointing to posts that contain resources for education and career advancement. Here is another one.
    Room362.com - Blog - Getting your n00b fill of security
    Tags: ( career learning education )
  3. As always, tools can be used for good or for evil.
    Google Wave as a Tool for Hacking | Social Hacking
    Tags: ( )
  4. This is a fun video. Evolution of Security.
    A Video For You - F-Secure Weblog : News from the Lab
    Tags: ( general )
  5. Want to avoid complete failure from a logging perspective? Check out Anton's list of logging failures.
    Anton Chuvakin Blog - "Security Warrior": Top Log FAIL!
    Tags: ( logging )
  6. An incident response plan isn't any good if it isn't workable. Check out Martin's thoughts on the issue.
    Have a workable plan, or else... : The Security Catalyst
    Tags: ( incident-response )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great post with a fine collection of education resources for the security professional who wants to learn new stuff or just wants to sharpen the iron.
    System Advancements at the Monastery >> Blog Archive >> Learning By Doing: Challenges, Data Sets, and Practice Sites
    Tags: ( challenges education )
  2. Sometimes the only thing you can do is fire the cannon. Read more to understand what that means and how true it is.
    Uncommon Sense Security: Another Episode of Security Anecdote Theater
    Tags: ( general )
  3. An interesting look at internet traffic patterns for North America.
    >> The Internet After Dark (Part 1) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  4. Watch out folks. Looks like SubSeven is back.
    VRT: SubSeven is back after hiatus
    Tags: ( subseven malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. ISC has a nifty services file that also includes a bunch of ports on which different trojans and malware listen.
    http://isc.sans.org/services.html
    Tags: ( ports malware )
  2. Here's a little something to play with in your reversing lab, the Kindle machine readable source code.
    Amazon.com: Help > Digital Products Help > Amazon Kindle Wireless Reading Device > Amazon Kindle Terms, Warranties, & Notices > Source Code Notice
    Tags: ( kindle )
  3. Amusing.
    YouTube - 50 Ways to Inject Your SQL
    Tags: ( humor sql )
  4. The entire Penetration Testing and Vulnerability Analysis course at Polytechnic Institute of New York University is now available on the web for free. Very cool.
    Penetration Testing and Vulnerability Analysis - Home
    Tags: ( education )
  5. The start of what looks to be an interesting series on session attacks against ASP.NET.
    AppSec Street Fighter - SANS Institute >> Session Attacks and ASP.NET - Part 1
    Tags: ( asp.net session )
  6. Opera release version 10 of its browser yesterday and it contains something new called Unite. It should scare you if you are responsible for protecting your enterprises data assets. Any user can now quickly and, supposedly, easily setup a web server/service.
    Boaz Gelbord: Opera Invites You to Join the Cloud
    Tags: ( opera browser )
  7. A new version of Wireshark has been released. Wireshark is an awesome open source network sniffer that is very robust and full of functionality.
    Wireshark 1.2.0 released
    Tags: ( wireshark packet-capture sniffer tools )
  8. Interesting. Low bandwidth denial of service on a web server without affecting other services and easily started and stopped.
    Slowloris HTTP DoS ha.ckers.org web application security lab
    Tags: ( dos http apache )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good evening again. I just returned from Secure360 where I had a great deal of fun meeting and talking with people. I also gave my first conference talk today and that was also a lot of fun.

Here are today's Interesting Information Security Bits from around the web.

  1. Michael points out some more pre-configured targets for you to practice your pen testing skills on.
    lampsecurity hosting vulnerable vm images to attack (terminal23)
    Tags: ( education pentesting )
  2. I love this. Very simple, but very profound.
    Securosis Blog | The Data Breach Triangle
    Tags: ( data-leakage )
  3. Rich is looking for a little help in reviewing some survey questions related to Project Quant.
    Securosis Blog | Project Quant: Draft Survey Questions
    Tags: ( quantitative metrics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

It has been a very busy day that started out with a four hour drive to get to Secure360. Although it has been busy, it has also been good. I'm looking forward to day two of the conference!

Here are today's Interesting Information Security Bits from around the web.

  1. A nice post by Andy.
    It Just Doesn't Does Matter! >> Andy ITGuy
    Tags: ( general )
  2. This resource looks really cool and I am going to dig into it more later, but free education is good.
    100 courses on Computer Information Systems and Security - Malta Info Security
    Tags: ( education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks :)
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nice review of "The Art of Exploitation."
    The Ethical Hacker Network - Hacking: The Art of Exploitation 2nd Edition
    Tags: ( books reviews )
  2. Today must be the day for training resources. Jack points us to a collection of self-study classes provided by FEMA.
    Uncommon Sense Security: Free Information Security Training (and it is good!)
    Tags: ( online free training )
  3. A nice collection of deliberately insecure application for testing/teaching web application security skills.
    Deliberately Insecure Web Applications For Learning Web App Security (WebGoat, BadStore, Hacme, SecuriBench, WebMaven)
    Tags: ( webappsec career education )
  4. This is very cool. Good job Cutaway.
    Security Ripcord >> Blog Archive >> Discovering File Types Using Content Histograms
    Tags: ( tools tips )
  5. This is a really fun post. It makes a great deal of sense too.
    Andrew Hay >> Blog Archive >> What The A-Team Can Teach Us About Information Security
    Tags: ( general )
  6. This looks like site you should have in your arsenal for keeping up-to-date on what the bad guys are doing. (hat tip: @maltapa)
    Shadowserver Foundation - Main - HomePage
    Tags: ( site )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

@hevnsnt posted the following message to Twitter this morning.

hevnsnt watching Strand's hacker vids at http://vimeo.com/user595761/videos

There are some nice videos there. Here are the titles of a few with direct links:

Definitely worth spending some time on.

-Kevin

, , ,

{ 0 comments }