Interesting Information Security Bits for 03/10/2009

by kriggins on March 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Larry walks us through how he built his shmoocannon for 2009.
    Building of the 2009 Shmooball Cannon
    Tags: ( hacking shmoocon )
  2. Synjunkie as being mean to his Citrix server in this series.
    Syn: Abusing Citrix - Part 1
    Tags: ( citrix )
  3. An interesting article about where Richard thinks the majority of security jobs will be in the future.
    TaoSecurity: Thoughts on Technology Careers for the Next Generation
    Tags: ( career )
  4. There's a little more help available now for getting compliant with PCI requirements.
    Befuddled companies get checklist for complying with PCI security standard
    Tags: ( pci )
  5. There may be some new guidance coming for disclosure in California.
    California bill spells out what companies have to say about data breaches
    Tags: ( privacy disclosure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/05/2009

by kriggins on March 5, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch Firefox again. Yup, again.
    Firefox 3.07 and Other Mozilla Apps Fix Several Vulnerabilities - Security Watch
    Tags: ( browser firefox patches )
  2. No click necessary to get owned.
    Quickpost: /JBIG2Decode Trigger Trio << Didier Stevens
    Tags: ( exploit pdf adobe infosce vulnerablility )
  3. My first reaction to this is, "Privacy just died." Then I stopped and thought about wire-taps that are allowed in the United States with appropriate warrants and wondered if I was overreacting. I've landed on being very concerned.
    Police will have power to secretly search homes [in the NSW jurisdiction of Australia]| The Daily Telegraph
    Tags: ( privacy surveillance )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/03/2009

by kriggins on March 3, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Looks like the Downadup worm may be setting up to cause some mischief.
    Downadup worm may hammer Southwest Airlines URL March 13 - Network World
    Tags: ( malware botnet )
  2. This is just down right scary.
    Survey: Most Oracle Shops Don't Mandate Security Patches - Network World
    Tags: ( patches oracle )
  3. This could definitely create some onerous logging and reporting requirements for those who choose to provide public internet access in their places of business.
    Bill takes aim at anonymous hot spots, like coffee shops - Network World
    Tags: ( privacy )
  4. A report by the Brown-Wilson Group is out ranking outsourcing locations on security. By security, they don't just mean information security either.
    The IT Security Guy: The Dangerous Back Alleys of Outsourcing
    Tags: ( risk outsourcing )
  5. Irongeek has updated his list of deliberately vulnerable applications on which you can practice your web application security testing skills.
    Deliberately Insecure Web Applications For Learning Web App Security (WebGoat, BadStore, Hacme, SecuriBench, WebMaven)
    Tags: ( webappsec hackme )
  6. A nifty tool that gives you the ability to view log files in some interesting and different ways.
    Highlighter
    Tags: ( tools logfile )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 02/26/2009

by kriggins on February 26, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. If you happen to be running a hacked version of Vista Ultimate, you might want to stop that. Microsoft renews Vista anticrack campaign Tags: ( piracy )
  2. Make sure you are providing value to your employer. According to this article, security is not safe from economic downturn. Survey: Economy Forces Many to Slash, Freeze Security Staff - Network World Tags: ( career employment )
  3. Michael has a few scripts for us that help us gather information from PDFs and such. Much goodness. Perl scripts for parsing PDFs, MACs, IPs, URLs, etc. << SANS Computer Forensics, Investigation, and Response Tags: ( tools forensics perl )
  4. Hoff points us to the World Privacy Forum's Cloud Privacy Report. Should be an interesting read. Rational Survivability: Interesting Read: The World Privacy Forum's Cloud Privacy Report Tags: ( cloud privacy )

That's it for today. Have fun! Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. Kevin

{ 0 comments }

Interesting Information Security Bits for 02/13/2009

by kriggins on February 13, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Be careful on your android based devices. Apparently there is a pretty nasty exploit going around.
    Android exploit so dangerous, users warned to avoid phone's web browser | The Toybox | ZDNet.com
    Tags: ( android mobile )
  2. All you need is a rubber band.
    Defeating the CODi Titanium Series 4-Digit Combination Cable Lock
    Tags: ( locks )
  3. Get you very own Lijit search widget for and from the Security Blogger's Network. I did. See it's over there on the right ----->
    StillSecure, After All These Years: The SBN goes Lijit officially!
    Tags: ( general )
  4. This is taking things to a whole new level in losing your right to privacy and keeping control of your biometric data.
    Mobile operators to fingerprint their customers | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( privacy )
  5. Here's a nice tip about a tool that should work on any system that uses yum for updates. Find out what changed without having to install the package with yum-changelog.
    Monkey - House: CentOS patching
    Tags: ( patching yum )
  6. All you iPhone and iPod Touch jailbreakers out there....you're criminals! At least that's what Apple is saying. EFF is fighting the good fight though.
    Apple Says iPhone Jailbreaking is Illegal | Electronic Frontier Foundation
    Tags: ( iphone ipodtouch dmca )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 01/28/2009

by kriggins on January 28, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I agree completely with George on this one. Arguing that PCI DSS is a failure because two organization that were compliant experienced breaches is like saying door locks are a failure because somebody broke into your house.
    The Death of PCI DSS? Don't Be Silly - Security Blog - InformationWeek
    Tags: ( pci breach )
  2. This is a good article to pass on to your family and friends. The tips are very good and will raise the awareness level of any who reads the article.
    12 tips for managing your information footprint
    Tags: ( privacy )
  3. The next in the series.
    The Business Justification For Data Security: Data Valuation | securosis.com
    Tags: ( risk-management )
  4. The third post in the series.
    The Business Justification for Data Security: Information Valuation Examples | securosis.com
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 1 comment }

Interesting Information Security Bits for 01/15/2009

by kriggins on January 15, 2009

in Interesting Bits

Today's Bits consists of more risk assessment talk, biometrics and passports, secure code by demand, compliance vs security, builders and breakers in software security, DEFCON CTF, how SSL works, PCI and security, a good way to quantify risk and an argument that one pass data wipe is enough. Details below.

  1. Part 3 is up of Chris's assessment.
    Risk Scenario - Hidden Field / Sensitive Information (Part 3 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  2. Get ready to get your fingers inked when you apply for a passport in the E.U. (Okay, there are inkless methods bow. Not near as much fun to write scanned though.)
    Biometric passports agreed to in EU - Network World
    Tags: ( privacy )
  3. Folks, it just isn't this easy. Unlike Picard, we can't just "make it so."
    New York drafts language demanding secure code
    Tags: ( general )
  4. Compliance does not equal security. Never has and never will. Good thought in here.
    Using The Compliance Stick Actually Weakens You | RiskAnalys.is
    Tags: ( risk compliance )
  5. An interesting argument, which I happen to agree with, by Jeremiah about the need to both builders and breakers when it comes to software security.
    Jeremiah Grossman: Builders, Breakers, and Malicious Hackers
    Tags: ( general opinion )
  6. Ever wanted to run a CTF? Defcon needs to talk to you. Be warned, we are talking about a granddaddy of a CTF.
    DEFCON 17 CTF Call for new Organizers! - Defcon Forums
    Tags: ( defcon ctf )
  7. A real nice basic introduction to how SSL works.
    Security Workshop: How HTTPS/SSL works Part 1 - Basics
    Tags: ( ssl )
  8. A nice post by Anton that I found via Alex over at riskanal.is. Repeat "Security First."
    Anton Chuvakin Blog - "Security Warrior": Tales From the "Compliance First!" World
    Tags: ( pci compliance )
  9. Adam has a great post up on the Security Catalyst blog. The KISS principle in action.
    The Breach-Stamp Metric : The Security Catalyst
    Tags: ( risk communication )
  10. A nice article with some hard data on the effective of data retrieval off of a drive which has been effectively wiped. Effectively here meaning with only one pass.
    Overwriting Hard Drive Data << SANS Computer Forensics, Investigation, and Response
    Tags: ( data disposal )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Interesting Information Security Bits for 01/14/2009

by kriggins on January 14, 2009

in Interesting Bits

In today's crop of Bits we have more FAIR analysis, a couple articles about surveillance in the US, a patch for Win 7 Beta and other Microsoft products, a great visualization of application security relationships, virtualization security info and some helpful data recovery advice.

  1. Part 2 is up. The more I read about and see FAIR (Factor Analysis of Information Risk) in action, the more I like it.
    Risk Scenario - Hidden Field / Sensitive Information (Part 2 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  2. A new project over at Electronic Freedom Foundation. Very interesting information.
    The SSD Project | EFF Surveillance Self-Defense Project
    Tags: ( privacy surveillance eff )
  3. This article contains links to some really interesting information. If you are concerned or curious about surveillance in the U.S., you should give it a gander.
    Report: U.S. Surveillance Society Running Rampant | Threat Level from Wired.com
    Tags: ( surveillance )
  4. The first patch is out of Windows 7 Beta. Be warned that it does not address the SMB issue which does exist for Windows 7 Beta. Read the article for the details.
    Microsoft issues first Windows 7 beta patch
    Tags: ( vulnerability microsoft patches )
  5. Some good information about Microsoft's January patches.
    Inside the MSRC: Microsoft describes Server Message Block update
    Tags: ( vulnerability microsoft patches )
  6. I'm going to print this out and hand it on my wall. Great visualization of application security and how the different pieces relate and interact.
    Jeremiah Grossman: The World of Web Security
    Tags: ( appsec webappsec taxonomy )
  7. Continuing a series on virtualization security, Ryan points out some of the risks inherent in server virtualization.
    Virtualization Security Part 2 - PandaLabs
    Tags: ( virtualization )
  8. A nice post with some really good advice on being prepared for hard drives which are having problems.
    Data Recovery from Dead Drives | Forensics, Security, Auditing | Enclave Forensics
    Tags: ( data recovery )
  9. Another tool that builds a focused word list for brute force password attacks.
    The Associative Word List Generator (AWLG) - Create Related Wordlists for Password Cracking | Darknet - The Darkside
    Tags: ( password wordlists )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Interesting Information Security Bits for 01/05/2009

by kriggins on January 5, 2009

in Interesting Bits

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks :)
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Interesting Information Security Bits for 12/18/2008

by kriggins on December 18, 2008

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries

Next Entries →