Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- See if you agree with Christofer. I do and did even before I read all of this post.
Rational Survivability: Virtual Routing - The Anti-Matter of Network SECURITY...
Tags: ( virtualization networking routing ) - Isn't it rather pointless to be logging if you aren't looking at the logs?
Auditor: IRS doesn't check cyberaudit logs
Tags: ( irs log-monitoring ) - And for a hat trick, Opera also releases a patch for severe vulnerabilities. IE, Firefox and Opera have all three put out patches this week. Sheesh. It's enough to make a guy go back to lynx.
Opera releases update for 'extremely severe' vulns * The Register
Tags: ( vulnerability opera patches ) - It's fixed now, but American Express had a significant XSS bug in their site.
American Express web bug exposes card holders * The Register
Tags: ( vulnerability xss ) - Microsoft has updated their Anti-XSS code analysis tool.
Microsoft updates code analysis tool, SQL injection XSS library
Tags: ( tools analysis sql xss ) - You probably already know, but Microsoft is releasing an out of cycle patch today for the IE 0-day.
Microsoft issues emergency patch warning for IE * The Register
Tags: ( microsoft ie patch ) - Time to update your Mozilla apps.
10 Bugs Fixed in New Mozilla Apps - Security Watch
Tags: ( vulnerability firefox patches ) - A nice list of programs that allow you to view and extract information from various file types like html, swf, registry files, etc.
Windows Viewers & Information Extractors for Various File Types << SANS Computer Forensics, Investigation, and Response
Tags: ( windows viewers ) - A couple of visualization tools have been released by Utah State University under the GPL license.
New IP visualization tools released as open source by Utah State University | SecViz
Tags: ( visualization ) - A nice article about including security development lifecycle practices into agile development.
Agile SDL: Streamline Security Practices For Agile Development
Tags: ( programming sdl ) - Get those banners with nmap and a little script-fu.
Banner Grabbing with Nmap: Reloaded
Tags: ( nmap scripting ) - The next webcast in the Blackhat series is coming up on the 18th of December.
Black Hat Webcast Series: Database Forensics with David Litchfield
Tags: ( webcasts blackhat ) - Josh has written a paper about Vista and some things you can do with wireless penetration testing. I haven't had a chance to read through it yet, but I skimmed it. Looks interesting.
Vista WIreless Power Tools for the Penetration Tester
Tags: ( pentest vista wifi ) - Part 6. As usual, there are links to the previous parts of the series. Just so you know, these posts are going to be wrapped up into a whitepaper. So get involved in the discussion.
Building a Web Application Security Program: Part 6, Secure Deployment | securosis.com
Tags: ( webappsec program ) - A nice review of the Offensive Security 101 course.
Offensive Security 101 Review | Infosec Events
Tags: ( training review ) - Hot off the press, it's version 3 of the OWASP Security Testing Guide. Go get some.
Writing Secure Software: OWASP Security Testing Guide Vs 3 Officially Released!
Tags: ( pentest webappsec owasp guides ) - Craig is offering to answer your questions about the IT Security Profession from a mentoring perspective. My suggestion, bury him 🙂 Seriously, this is a great opportunity for those who have questions about entering or advancing in our profession.
Announcing the Infosec 10 Minute Mentor | Security Wannabe
Tags: ( career ) - Some good guidance in here.
10 golden rules of using public WIFI | Roer.Com Information Security Blog
Tags: ( wireless tips )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
{ 0 comments… add one now }