Windows 7

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Be careful. It doesn't appear that it is very hard to turn you Windows 7 install into an wireless access point.
    Errata Security: Windows 7 includes soft-ap
    Tags: ( windows-7 wifi )
  2. Some good tips for making sure your WordPress install is as secure as possible.
    10 Ways To Secure Your WordPress Install
    Tags: ( wordpress )
  3. Offensive Security is setting up the next iteration of milw0rm.
    Leaders in Online Information Security Training >> Offensive Security Exploit Archive
    Tags: ( milw0rm offensive-security )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned.
    Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog
    Tags: ( virus windows-7 )
  2. Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently.
    Skeptikal.org: Cross-subdomain Cookie Attacks
    Tags: ( webappsec exploits )
  3. Thinking about virtualizing your databases? Make sure you are doing so for any of the mythical reasons that Adriane addresses in this article.
    Securosis Blog | Myths Surrounding Databases in Virtual Environments
    Tags: ( virtualization database )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The Security Baselines for Windows 7 and IE 8 are now available.
    Now Available: Security Baselines for Windows 7 and Internet Explorer 8 - Springboard Series Blog - The Windows Blog
    Tags: ( windows-7 ie8 )
  2. The call for submissions for Peer2Peer sessions at RSA 2010 has opened. Have a topic you want to explore with others in your industry/field/profession? Go ahead and suggest it.
    Peer2Peer Sessions
    Tags: ( rsa-2010 cfp )
  3. Xavier's first day recap of Hack.lu is up.
    /dev/random >> hack.lu Day #1
    Tags: ( conferences hacklu )
  4. Jeremiah offers some interesting thoughts on black box vs white box software testing.
    Jeremiah Grossman: Black Box vs White Box. You are doing it wrong.
    Tags: ( webappsec )
  5. Another good article on methods and tools to monitor/gather intelligence about your company that might be mentioned on-line. This one focuses on blogs, message boards, and metadata.
    Enterprise Open Source Intelligence Gathering - Part 2 Blogs, Message Boards and Metadata -- spylogic.net
    Tags: ( monitoring )
  6. This is scary.
    hype-free: Why network neutrality is a big deal
    Tags: ( general )
  7. Anton's notes from the day he spent at NIST's SCAP conference.
    Anton Chuvakin Blog - "Security Warrior": Notes from NIST SCAP 5th Security Automation Conference
    Tags: ( conference nist-scap )
  8. Alex has posted a nice exploration of impact vs asset valuation. This is a very FAIResque treatment of the issue if you ask me, which is a good thing in my opinion.
    Verizon Business Security Blog >> Blog Archive >> The curious case of asset Valuation.
    Tags: ( risk-analysis asses-valuation )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is some interesting data. I haven't run through it completely yet, but it takes the results of a bunch of scans and then does some mapping against PCI DSS. Fun with numbers :)
    Web Application Security Consortium (WASC) 2008 Statistics Published | Darknet - The Darkside
    Tags: ( metrics webappsec )
  2. This article discusses the decision to ship Windows 7 with a default UAC setting of medium-high.
    Windows 7's security 'time bomb' | The Last Watchdog
    Tags: ( windows-7 uac )
  3. An interesting post by Chris on risk/threat vs risk issue. When does a risk or threat become a risk issue for your organization?
    Risk / Threat vs. Risk Issue << Risktical Ramblings
    Tags: ( risk )
  4. Paul offers a couple thoughts on social networking and data leakage.
    Social networking in the antipodean spotlight | Paul Ducklin's blog
    Tags: ( social-engineering data-leakage )
  5. SynJunkie has another story based post up. This time about the dangers of dual-homing, specifically with a wired connection and a wireless one.
    Syn: Bobs Double Penetration Adventure - Part 1
    Tags: ( pentest )
  6. The Whitehouse has moved their website from an internally developed CMS to Drupal. Rsnake offers up some thoughts on why this might be both good and bad.
    Whitehouse Drupal and The Open Source Security Model ha.ckers.org web application security lab
    Tags: ( drupal cms whitehouse )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There were a couple of incidents with ATMs at the recent Defcon conference. See Chris's post about a warning from ENISA with some guidance on what to look for to keep safe.
    Dr. InfoSec: ENISA Warns of Alarming Increase in ATM Crime
    Tags: ( atm )
  2. This is very cool. An open source virtual switch. (Hat tip: @aneel)
    Open vSwitch
    Tags: ( virtualization switch )
  3. There is some good information about DirectAccess in this article.
    Understand the pros and cons of Microsoft Windows 7 DirectAccess
    Tags: ( directaccess windows-7 )
  4. Looks like there are still some issues with firewire and access to memory. Check out this post for more information.
    Windows 7 Firewire Attacks << Ramblings of the anal security guy
    Tags: ( firewire windows-7 )
  5. Chris has posted a nice list of podcasts that you should check out if you looking for some new information security listening pleasure.
    Filling your ipod... << Ramblings of the anal security guy
    Tags: ( podcasts )
  6. The packet captures from Defcon 17 are now available via bittorrent.
    Diutinus Defense Techonologies Corp. / Home
    Tags: ( defcon ctf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here's a new challenge for you. The winner will be announced in San Diego in September.
    philosecurity >> Blog Archive >> Network Forensics Puzzle Contest!
    Tags: ( challenge network-forensics )
  2. This is just a lot of fun. Link goes directly to PDF.
    WHEN ZOMBIES ATTACK!: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION (PDF)
    Tags: ( general )
  3. Here is a huge list of cheat sheets you will find useful.
    System Advancements at the Monastery >> Blog Archive >> What's in Your Folder: Security Cheat Sheets
    Tags: ( cheatsheet )
  4. Steve has written a post on things not to do when implementing VDI. He calls them anti-patterns. I like that term. Going to have to remember it. This is a good read if you are considering rolling out this type of infrastructure and especially if you already have.
    ViewYonder >> Feeding the IT Shriekometer: 5 VDI anti-patterns
    Tags: ( vdi )
  5. As I have mentioned before, the team I participated on for the Mystery Challenge at Defcon 17 tied for second place this year. Cutaway has written up a great recap that makes me even more bummed that I missed out this year and more motivated to be there for next years challenge.
    Security Ripcord >> Blog Archive >> MysteryChallenge - DefCon 17
    Tags: ( mystery-challenge )
  6. Some guidance on surviving a third-party on-site audit. Good stuff.
    Surviving a third party onsite audit
    Tags: ( audit )
  7. "Run, run away. We've been hacked......um, never mind, it was something else." The Security Shoggoth reminds us, that it isn't always about security. Which brings the following saying to mind, "When all you have is a hammer, every problem looks like a nail."
    The Security Shoggoth: Its Not Always A Security Issue
    Tags: ( general )
  8. There are an increasing number of conversations going on about whether Facebook and its ilk should be allowed on corporate networks. The Marines have taken the stance that social networking sites are not allowed. This post by Chris reinforces that decision. It's dangerous out there folks. Be careful.
    Two Facebook Threats In One Day... - SpywareGuide Greynets Blog
    Tags: ( facebook )
  9. One of the three legs of the CIA triad, which is the foundation of information security, is availability. This post is the first of a series that will be exploring this facet of information security.
    A Data Protection Reference Architecture - Part 1 - Backup & Beyond
    Tags: ( availability backup )
  10. Here is an interesting article about Windows 7, XP Mode, Vista and a few other tidbits.
    Roger's Security Blog : Why Windows 7 XP Mode makes sense from a security perspective
    Tags: ( microsoft windows-7 xp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very well put together post. Check out the difference between Defensive Avoidance and Vigilance to Detail.
    Defensive Avoidance vs Vigilance to Detail << wirewatcher
    Tags: ( general )
  2. Hak5 is 4 years old. If you are not aware of this web video series, you should check it out.
    Hak5 - Technolust since 2005 >> Happy 4th Birthday Hak5
    Tags: ( general )
  3. Want to help out a student? Check out this post and take the survey.
    Help a Grad Student: Cloud Security Survey (The Falcon's View)
    Tags: ( survey )
  4. Something you should be aware of. The person carrying that iPod touch or iPhone into your environment may not be listening to music or talking to their buddy.
    Weaponizing Apple's iPod Touch - DarkReading
    Tags: ( ipod-touch pentest )
  5. Some thoughts on DirectAccess.
    Guest blog: Windows 7 Security - Microsoft DirectAccess | Graham Cluley's blog
    Tags: ( windows-7 direct-access )
  6. Part 2 of Chris's interview with Richard Levick is up.
    Reputation Risk Q&A - Richard Levick (2 of 2) << Risktical Ramblings
    Tags: ( reputation )
  7. A nice article by Andy on the topic of choice.
    My Risk, My Choice >> Andy ITGuy
    Tags: ( risk )
  8. An interesting tool has entered beta state.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - A Beta Version of NPing has been released
    Tags: ( tools )
  9. This page on the World Health Organization's website provides information you can use to track H1N1. We will be moving into flu season in North America soon, so keeping an eye on this is warranted.
    WHO | Disease Outbreak News
    Tags: ( h1n1 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Whew! What a relief. Apparently I don't need to be concerned about security when using cloud services. It really isn't that big a deal. Well, at least according to this blog post.
    Clavister: Cloud security concerns are unfounded : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( cloud )
  2. An interesting issue still exists in Windows 7.
    Windows 7 Fail - F-Secure Weblog : News from the Lab
    Tags: ( windows-7 )
  3. Dave developed a checklist based on the CWE/SANS Top 25 programming errors. As he says, a checklist doesn't make you secure. However, it sure doesn't hurt either.
    trustedsignal -- blog: Application Security Checklist
    Tags: ( webappsec checklist development )
  4. Bill shares his second set of tips on a career in security. This time for those that are looking for a gig, instead of looking to keep the one they have.
    Career Advice for Security Geeks, Part 2 : The Security Catalyst
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty new tools that scans your Flash source code looking for flaws. Always remember that static code analysis is not a panacea.
    Free HP SWFScan tool detects Adobe Flash flaws
    Tags: ( flash )
  2. Some suggested settings to help make your surfing safer with IE. Installing IE 8 will go a long way towards achieving that goal too.
    10 IE Browser Settings for Safer Surfing - Network World
    Tags: ( ie )
  3. Latest AV-Comparatives update is out.
    AV-Comparatives February 2009 report: four winners - Ars Technica
    Tags: ( testing anti-virus )
  4. Very interesting. A botnet that attacks dsl modems and routers.
    Stealthy router-based botnet worm squirming | Zero Day | ZDNet.com
    Tags: ( malware botnet )
  5. Disabling autorun. A very good idea. Rasvan lets us know how.
    Windows 7 Security Tips #1 - Malware City Blogs
    Tags: ( security tips windows-7 )
  6. Ioana asks some really good questions that we should all think about in relationship to our own teams. Being able to eventually answer yes to each of those questions will mean that you have a top flight team working to provide excellent service to your customers.
    The Dichotomy of Customer Service : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Via @alexhutton, this article is very interesting. Those who are interested in measuring and communicating risk should read it.
    2845 ways to spin the Risk | Understanding Uncertainty
    Tags: ( risk management )
  2. Rob (@mubix) posted a nifty how-to the other day and was taken to task for it. He responds publicly. His response and the comments are worthy of a read.
    The Ethics of Teaching Hacking | Room362.com
    Tags: ( ethics )
  3. Yup, time to make sure your patching is working on your Windows 7 Beta installs.
    Windows 7 beta gets its first security update - Ars Technica
    Tags: ( infsec microsoft patches windows-7 )
  4. This is quite cool. Requires authenticated scans, but does give the opportunity to see who is using USB drives on your systems.
    Tenable Network Security: USB Device History Auditing with Nessus
    Tags: ( nessus )
  5. Here's a script to help you lock down your IIS 6 installations. Careful though. It's brand new and has not been tested extensively.
    Script to lock down IIS paths - Nazim's IIS Security Blog : The Official Microsoft IIS Site
    Tags: ( iis scripts securing )
  6. Part 2 is up on not being nice to your Citrix installation :)
    Syn: Abusing Citrix - Part 2
    Tags: ( hacking citrix )
  7. In my opinion, yes, the BBC broke the law.
    Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog
    Tags: ( botnet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }