Interesting Information Security Bits for 08/13/2009

by kriggins on August 13, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great list of state and country links to privacy information. Via @PrivacyProf
    Links to Privacy Laws
    Tags: ( privacy regulation )
  2. Rsnake has updated his XSS cheat sheet.
    XSS (Cross Site Scripting) Cheat Sheet
    Tags: ( cheatsheet xss )
  3. Per ISC, PacketLife is updating their cheat sheets. Must have stuff.
    Cheat Sheets - PacketLife.net
    Tags: ( cheatsheet )
  4. Want to play around with CRSF? Here is a tool that lets you do so. Don't forget, only use it in your lab or on sites you have permission to test.
    Neohaxor.org >> Blog Archive >> MonkeyFist Fu: The Intro
    Tags: ( tools csrf )
  5. Here is the answer to the hard version of the recent I Smell Packets challenge.
    Solution to The Crypto Kitchen Packet Challenge (Hard Version) << I Smell Packets
    Tags: ( challenge answer )
  6. An interesting exploration of a possible way to detect encrypted sessions.
    Detecting encrypted traffic with frequency analysis << wirewatcher
    Tags: ( encryption detection )
  7. Bill Brenner had the opportunity to interview Robert Carr, the CEO of Heartland Payment Systems Inc., regarding the massive breach that occurred. Mr. Carr's responses have generated quite a bit of conversation. The I find most disturbing about Mr. Carr's responses is that someone is his position would take this approach to dealing with the situation. Seems like a lot of finger pointing and 'it wasn't me' language for an issue which is ultimately his responsibility.  Please read the next few links after you read the interview to see what others, who are much more eloquent than I, have to say.
    Heartland CEO on Data Breach: QSAs Let Us Down - CSO Online - Security and Risk
    Tags: ( heartland )
  8. Rich's response to the Heartland CEO's comments.
    Securosis Blog | An Open Letter to Robert Carr, CEO of Heartland Payment Systems
    Tags: ( heartland )
  9. Alan's take on the Heartland issue.
    StillSecure, After All These Years: Heartland CEO thought QSAs would make him compliant and secure
    Tags: ( hearland )
  10. Mike's take on the Heartland issue.
    One Man's View: Heartland CEO Must Accept Responsibility - CSO Online - Security and Risk
    Tags: ( heartland )
  11. Andy's take on the Heartland issue.
    Will the real leader please step forward >> Andy ITGuy
    Tags: ( heartland )
  12. Jeff tells it like it is! Actually, he does, but read the whole article to know what I mean.
    The Auditor's Prerogative : The Security Catalyst
    Tags: ( audit )
  13. David may call it an incomplete thought, but I don't.
    Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We're Doing It Wrong << The New School of Information Security
    Tags: ( grc )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 08/06/2009

by kriggins on August 6, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very well put together post. Check out the difference between Defensive Avoidance and Vigilance to Detail.
    Defensive Avoidance vs Vigilance to Detail << wirewatcher
    Tags: ( general )
  2. Hak5 is 4 years old. If you are not aware of this web video series, you should check it out.
    Hak5 - Technolust since 2005 >> Happy 4th Birthday Hak5
    Tags: ( general )
  3. Want to help out a student? Check out this post and take the survey.
    Help a Grad Student: Cloud Security Survey (The Falcon's View)
    Tags: ( survey )
  4. Something you should be aware of. The person carrying that iPod touch or iPhone into your environment may not be listening to music or talking to their buddy.
    Weaponizing Apple's iPod Touch - DarkReading
    Tags: ( ipod-touch pentest )
  5. Some thoughts on DirectAccess.
    Guest blog: Windows 7 Security - Microsoft DirectAccess | Graham Cluley's blog
    Tags: ( windows-7 direct-access )
  6. Part 2 of Chris's interview with Richard Levick is up.
    Reputation Risk Q&A - Richard Levick (2 of 2) << Risktical Ramblings
    Tags: ( reputation )
  7. A nice article by Andy on the topic of choice.
    My Risk, My Choice >> Andy ITGuy
    Tags: ( risk )
  8. An interesting tool has entered beta state.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - A Beta Version of NPing has been released
    Tags: ( tools )
  9. This page on the World Health Organization's website provides information you can use to track H1N1. We will be moving into flu season in North America soon, so keeping an eye on this is warranted.
    WHO | Disease Outbreak News
    Tags: ( h1n1 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 07/14/2009

by kriggins on July 14, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The videos from Source Boston 2009 are available. Good stuff.
    Source Boston 2009 Videos
    Tags: ( source )
  2. A very nice example of data leakage.
    Firefox 3.5 DNS LEAKS like a waterfall | The Edge of I-Hacked
    Tags: ( firefox dns )
  3. Panda's second challenge is up.
    Panda Challenge: Medium Level - PandaLabs
    Tags: ( challenge )
  4. Keydet89 answers the questions "What is the worst thing an incident response team internally will do?"
    Windows Incident Response: SANS Summit Question
    Tags: ( incident-response )
  5. Not security related, but it's bugged me for a while. I love Firefox, but the molasses slow start time is a real joy killer. Finally an explanation why. Hopefully a fix will come out soon.
    Slow Firefox 3.5 start up time - News - The H Security: News and features
    Tags: ( firefox )
  6. I strongly suggest you read this post before you test out the OpenOwn.c code that is running about. In other words, you will hurt yourself if you don't.
    Secdev - Thierry Zoller: 0pen0wn.c - Shellcode "dissasembled"
    Tags: ( hacker dont-do-that )
  7. As @id084895 says, "wow, just discovered Robtex.com !!! Your src for whois, bgp, AS, RBL checks and lost more: simple & fast => i like ;-) "
    robtex
    Tags: ( tools on-line )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Interesting Information Security Bits for 06/18/2009

by kriggins on June 18, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This really is not good from an enterprise security perspective.
    Opera Unite: A Great idea or horrible security risk? - Security
    Tags: ( browser opera )
  2. As Martin says, Level 2 merchants are now faced with a little bit higher bar to get over.
    Network Security Blog >> Level 2 merchants are going to have to get serious about PCI
    Tags: ( pci )
  3. Andrew has started a series on SIEM. Check it out for some good advice.
    Andrew Hay >> Blog Archive >> A SIEM Solution is Like a Garden
    Tags: ( siem )
  4. Rafal talks about a nifty looking tool that I'll be checking out.
    Digital Soapbox - Preaching Security to the Digital Masses: Watcher - Web Vulnerabilities Served Up Passively
    Tags: ( tools webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/15/2009

by kriggins on June 15, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read it. Seriously. But make sure you aren't drinking anything when you do. :)
    If Twitter were all we had for security ...
    Tags: ( humor )
  2. Looks like something very nifty is coming soon to a phishing station near you.
    Coming soon to a pentest near you... | carnal0wnage.attackresearch.com
    Tags: ( tools )
  3. You might want to go ahead and changed your default passwords. It could get pretty expensive if you don't.
    Security Fix - Default Passwords Led to $55 Million in Bogus Phone Charges
    Tags: ( passwords )
  4. A great collection of sources for reverse engineering and malware analysis information from Rob.
    Getting your fill of Reverse Engineering and Malware Analysis | Room362.com
    Tags: ( reverse-engineering malware-analysis )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/10/2009

by kriggins on June 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft is looking for some input from us on what we would like to see in the next iteration of the fine Sysinternals Tools. Help make these tools even better.
    SysInternals Survey
    Tags: ( tools sysinternals )
  2. Not specifically information security related, but very good information for those of us with hiring responsibilities.
    Uncommon Sense Security: How to not hire someone
    Tags: ( hiring )
  3. The latest Hak5 is out. Yummy things like packet injection, WPA attacks and virtualization are the topics.
    Hak5 - Technolust since 2005 >> Episode 517 - Packet Injection, WPA Attacks, Virtualization
    Tags: ( video )
  4. Oh boy. This looks very interesting. Time to play in the lab.
    Http over SMTP Proxy << SecTech
    Tags: ( tools pentest )
  5. You see me point at a lot of stuff that Christofer writes. Why? Because he often has things to say that should be heard/read. Therefore, when he says go look at something, I do. You should too! This presentation is awesome.
    Rational Survivability >> Mark Masterson's Brilliant Cloud Security Presentation
    Tags: ( cloud )
  6. Rob has written a nice walk-through on using the PassiveX feature of Metasploit. Obviously, only to be used for good, not evil.
    PassiveX fun with Metasploit | Room362.com
    Tags: ( metasploit pentest tutorial )
  7. Here is an interesting post, even if you are not super versed in Bayesian analysis.
    Voltage Superconductor : A Bayesian approach to understanding tokenization
    Tags: ( bayes )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Interesting Information Security Bits for 05/28/2009

by kriggins on May 28, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very interesting blog post. The obvious is not always where you should be looking.
    Developing Security: The Curious Case of the Careless Civic
    Tags: ( incident-response )
  2. CIS has a free benchmark for the iPhone available. If you are familiar with their efforts in the world of Windows and others, you will know that they put out quality stuff.
    CIS issues free benchmark on iPhone security
    Tags: ( cis benchmark iphone )
  3. Russ points out that Applicure has a free tool, WebTuff, available that will test you systems for the IIS 5-6 WebDAV vulnerability.
    HolisticInfoSec.org: WebTuff checks for WebDAV vulnerability
    Tags: ( tools webdav )
  4. Defcon has a new area that archives tools talked about at the conference. Thanks to Rob Fuller for helping out.
    DEFCON(r) Hacking Conference - Archive of Hacking Tools Released at DEFCON
    Tags: ( defcon tools )
  5. Chris has posted some tips and guidance on things to consider when issuing an RFP for your QSA vendor. First read it for just that. Then replace QSA with penetration test, consulting gig, etc. These are great tips for all RFP processes.
    QSA Vendor Selection - Points of Consideration << Risktical Ramblings
    Tags: ( rfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 05/05/2009

by kriggins on May 5, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. For those interested in the C|EH certification or others provided by the EC-Council, they have developed a scholarship program.
    EC-Council Secure Aid
    Tags: ( training )
  2. Wanna see what you can get with a botnet? Check this article out.
    Botnet probe turns up 70GB of personal, financial data
    Tags: ( botnet )
  3. Ryan has a nice walk-through showing how to get SSL Strip up and running on Mac OS X.
    Toasty: SSL Strip on Mac OS X
    Tags: ( tools ssl ssltrip )
  4. A nice post with some links to some resources you might find interesting if you are exploring Metasploit.
    Metasploit Resources - Rory.Blog
    Tags: ( metasploit )
  5. I participated in the Mystery Challenge last year at Defcon 16. It was a great deal of fun. The challenge has a new home. See below.
    TEN-FIVE-SEVEN.ORG
    Tags: ( defcon mystery-challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/25/2009

by kriggins on March 25, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch your OpenView installations.
    HP patches critical OpenView flaws
    Tags: ( vulnerability patches hp openview )
  2. A nice list of some free tools. I was not aware of a couple.
    8 Great Free Security Tools - Network World
    Tags: ( tools )
  3. A good walk-through on setting up a lab for testing VoIP stuff.
    How to set up a VoIP lab (on a shoe string) << EnableSecurity
    Tags: ( voip testing lab )
  4. You must look at this. Absolutely hilarious.
    Bringing You Only the Best in Security Network Diagrams | The Guerilla CISO
    Tags: ( humor general )
  5. Some good thoughts on setting up a penetration testing security lab.
    DIY Pentesting Lab - Evil Bytes Blog - Dark Reading
    Tags: ( security testing lab )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 03/23/2009

by kriggins on March 23, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good tips in this article about dealing with unkowns when performing a risk assessment.
    Assuming the breach: Mapping the Unknown Unknowns
    Tags: ( risk-management )
  2. Matt has a good article up that takes a quick look at what the power companies are doing.
    SMRT Grid : Liquidmatrix Security Digest
    Tags: ( power scada )
  3. Xavier talks about a nifty too called SEAT (Search Engine Assessment Tool.) Definitely worth taking a look at.
    /dev/random >> Blog Archive >> Introduction to SEAT
    Tags: ( tools seat )
  4. Chris posts part two of his rebuttal to Stuart King. Good stuff in there.
    Stuart King - Information Security Annoyances - Response 2 << Risktical Ramblings
    Tags: ( risk-modeling )
  5. Dave offers some suggestions on things we should be doing during these difficult times where layoff are becoming more and more prevalent.
    ShackF00 >> Security's Role in Downsizing
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

← Previous Entries

Next Entries →