Privacy

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty tool pointed too by Agusto that helps dig out those user/password pairs hanging around on shares.
    Very nice tool for pentests | Security Balance
    Tags: ( tools pentesting passwords )
  2. If you live in the UK, you want to read this short post about your health records.
    Light Blue Touchpaper >> Blog Archive >> Opting out of health data collection
    Tags: ( privacy health )
  3. OpenDNS is trying to make your DNS experience safer.
    OpenDNS Blog >> OpenDNS adopts DNSCurve
    Tags: ( dns dnssec dnscurve opendns )
  4. This looks interesting. See how well you are alerting/stopping data leakage in your org.
    Hydra: Data Leakage Vulnerability Test System | Fidelis Security Systems
    Tags: ( dlp data-leakage tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Like the title below says, a new version of the SANS Consensus Audit Guidelines has been published.
    New Version of SANS 20 Critical Security Controls is Available << Security is Golden
    Tags: ( sans )
  2. Chet offers up some tips on being a safer Twitter user in 2010.
    12 tips of Christmas - A safer Twitter for 2010 | Chester Wisniewski's Blog
    Tags: ( twitter safety )
  3. Surprise, surprise. Another adobe reader o-day vulnerability.
    New Adobe 0-day
    Tags: ( adobe vulnerability 0day )
  4. If you are concerned about your privacy as you surf the internet you should read this article. It provides some guidance on doing so in a more anonymous manner.
    How to surf anonymously without a trace
    Tags: ( privacy internet )
  5. Wow. Andrew is really cranking out the interviews. This time it is another good friend, Michael Santarcangelo.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Michael Santarcangelo
    Tags: ( interviews )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adobe offers some guidance on securely deploying cross-domain policy files (Hat tip to cgisecurity.com)
    Securely deploying cross-domain policy files - ASSET
    Tags: ( adobe crossdomain )
  2. I have to agree with this post. Free isn't always best.
    MSI :: State of Security >> Beware of 'Free' InfoSec
    Tags: ( pentesting webappsec )
  3. Is this really the best use of our legislature's time?
    Security Fix - Bill would ban P2P use on federal networks, PCs
    Tags: ( law p2p )
  4. Bob is at it again. Go see what he is up to.
    Syn: Bob The Backdoor Man - Part 1
    Tags: ( story pentesting )
  5. We will likely see more of this in the future. A DNA testing firm files bankruptcy.
    DNA Testing Firm Goes Bankrupt; Who Gets the Data? | Threat Level | Wired.com
    Tags: ( privacy dna )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
    /dev/null - ramblings of an infosec professional: Security Exemptions
    Tags: ( policy )
  2. Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
    The Writing Funnel (The Falcon's View)
    Tags: ( general writing )
  3. A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
    Network Forensics Puzzle Contest
    Tags: ( forensics contest answer )
  4. This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
    Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
    Tags: ( cloud privacy )
  5. Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
    Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
    Tags: ( virtualization )
  6. Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
    The policy bootstrapping problem.
    Tags: ( policy )
  7. Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
    Cyber Security Awareness Month
    Tags: ( awareness )
  8. Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
    Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

I was looking at my checking account on-line a few days ago and saw something that sparked this blog post.Fingerprint

My bank has a very handy service where they scan the checks we write (yes, checks are still used in some cases :)) and you can view them online for a limited time. Very cool. Nothing wrong with that, right?

I didn't think so until recently.

We wrote a check to an individual recently and they cashed it at their bank. Somewhere along the line a fingerprint was put on the check, a very well done, clean, and clear fingerprint. I'm assuming that the fingerprint belongs to the individual who the check was written to, but I have not verified that.

First, why is the bank taking a finger print? Seems a bit extreme to me.

Second, why are they sticking it on a check that they know is going to be out of their control at some point?

This seems like a recipe for disaster to me. What do you think?

-Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Didn't this type of legislation get passed and then thrown out in some other country here recently?
    New proposals to fight UK internet piracy are ridiculous | Graham Cluley's blog
    Tags: ( p2p )
  2. If you give or are required to give your fingerprints the the U.K. government, you may be giving them to a wider audience than you originally thought.
    UK To Share Fingerprints With Canada & Australia : Liquidmatrix Security Digest
    Tags: ( privacy )
  3. Turns out that the trail leads farther than originally thought.
    Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg - DarkReading
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great list of state and country links to privacy information. Via @PrivacyProf
    Links to Privacy Laws
    Tags: ( privacy regulation )
  2. Rsnake has updated his XSS cheat sheet.
    XSS (Cross Site Scripting) Cheat Sheet
    Tags: ( cheatsheet xss )
  3. Per ISC, PacketLife is updating their cheat sheets. Must have stuff.
    Cheat Sheets - PacketLife.net
    Tags: ( cheatsheet )
  4. Want to play around with CRSF? Here is a tool that lets you do so. Don't forget, only use it in your lab or on sites you have permission to test.
    Neohaxor.org >> Blog Archive >> MonkeyFist Fu: The Intro
    Tags: ( tools csrf )
  5. Here is the answer to the hard version of the recent I Smell Packets challenge.
    Solution to The Crypto Kitchen Packet Challenge (Hard Version) << I Smell Packets
    Tags: ( challenge answer )
  6. An interesting exploration of a possible way to detect encrypted sessions.
    Detecting encrypted traffic with frequency analysis << wirewatcher
    Tags: ( encryption detection )
  7. Bill Brenner had the opportunity to interview Robert Carr, the CEO of Heartland Payment Systems Inc., regarding the massive breach that occurred. Mr. Carr's responses have generated quite a bit of conversation. The I find most disturbing about Mr. Carr's responses is that someone is his position would take this approach to dealing with the situation. Seems like a lot of finger pointing and 'it wasn't me' language for an issue which is ultimately his responsibility.  Please read the next few links after you read the interview to see what others, who are much more eloquent than I, have to say.
    Heartland CEO on Data Breach: QSAs Let Us Down - CSO Online - Security and Risk
    Tags: ( heartland )
  8. Rich's response to the Heartland CEO's comments.
    Securosis Blog | An Open Letter to Robert Carr, CEO of Heartland Payment Systems
    Tags: ( heartland )
  9. Alan's take on the Heartland issue.
    StillSecure, After All These Years: Heartland CEO thought QSAs would make him compliant and secure
    Tags: ( hearland )
  10. Mike's take on the Heartland issue.
    One Man's View: Heartland CEO Must Accept Responsibility - CSO Online - Security and Risk
    Tags: ( heartland )
  11. Andy's take on the Heartland issue.
    Will the real leader please step forward >> Andy ITGuy
    Tags: ( heartland )
  12. Jeff tells it like it is! Actually, he does, but read the whole article to know what I mean.
    The Auditor's Prerogative : The Security Catalyst
    Tags: ( audit )
  13. David may call it an incomplete thought, but I don't.
    Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We're Doing It Wrong << The New School of Information Security
    Tags: ( grc )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good stuff for you to read by Rsnake.
    RFC1918 Blues ha.ckers.org web application security lab
    Tags: ( networking security )
  2. Want some Sophos swag? All you have to do is successfully complete this crossword puzzle, then be picked out of a hat.
    Computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge puzzle )
  3. Over the last couple of days there has been a lot of news and blog traffic about an alleged 0wning of T-Mobile. I was reluctant to mention anything about it until it was more certain that it was true. Looks like it is.
    T-Mobile data on Full Disclosure is real | threatpost
    Tags: ( t-mobile breach )
  4. My dad was a doctor. This post reminds me of things he used to say. Read along as Rich re-interprets emergency medicine tenets as information security ones :)
    Securosis Blog | The Laws of Emergency Medicine--Security Style
    Tags: ( general )
  5. A nice post about using VMWare and NFS together. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual NFS customers using VMware
    Tags: ( nfs vmware )
  6. This is a very good article about using VMWare and iSCSI together. It was published in January of this year. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual iSCSI customers using VMware
    Tags: ( vmware iscsi )
  7. I have skimmed the first part of the paper referenced here. It looks very interesting.
    New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks
    Tags: ( paper privacy )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NIST takes on defining the cloud.
    Are the feds the first to a common cloud definition? | The Wisdom of Clouds - CNET News
    Tags: ( cloud )
  2. Ed has penned a nice article on SCAP and vulnerability management.
    How SCAP Brought Sanity to Vulnerability Management
    Tags: ( vulnerability-management )
  3. Want to help shape cloud guidance documentation? Craig tells you how.
    The Cloud Security Alliance Needs You | Cloud Security
    Tags: ( cloud )
  4. This is a bit scary.
    Breaking Into a Home With an iPhone | GNUCITIZEN
    Tags: ( data-availability )
  5. Adrian has a link to a video you must watch. Then ask yourself how far is it from happening.
    Securosis Blog | Data Harvesting and Privacy
    Tags: ( privacy surveillance )
  6. A very good interview that you should read. I caught Lee and Mike Murray's career talk and the ensuing question period at Defcon 15. Good stuff.
    Art of Information Security >> AoIS Interviews Lee Kushner, Part 2
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This looks like it will be a nifty tool.
    Microsoft to release exploitability tool
    Tags: ( microsoft code-review fuzzing )
  2. The patches for Adobe Acrobat and Reader version 7 and 8 are now available.
    Security Updates Available for Adobe Reader and Acrobat Versions 7 and 8 - Security Watch
    Tags: ( pdf vulnerability adobe patches )
  3. Whoops. First miss-configure things, then let people see it, then tell the folks that find it that they don't know what they are talking about. Trust me, these guys definitely know what they are talking about. Also made it to the Register.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: FOX News Fail on Twitter
    Tags: ( vulnerability )
  4. Not that there was much doubt that it would happen, but all three browsers have fallen in the CanSecWest conference hacking contest.
    A grim day for browser security at hacker contest * The Register
    Tags: ( hacking contest cansecwest )
  5. A nice article about privacy settings for LinkedIn.
    LinkedIn Privacy Settings: What You Need to Know - Network World
    Tags: ( privacy linkedin )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }