Interesting Bits

Here are today's Interesting Information Security Bits from around the web.

• Software Pirate Cracks Cybercriminal Wares — Krebs on Security

  Brian has penned a fascinate article that peeks into some interesting activities in the malware/ransomware ecosystem.

  • general

• FortiChallenge 2k11 | Fortinet Security Blog

  Here's a reversing challenge for you.

  • challenge
  • reverse-engineering

• GFI LABS Blog: NoScript for mobile devices

  If you use a Mozilla-based web browser on your mobile device, you now have another option to try and protect yourself from the baddies out there.

  • noscript
  • mobile

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Howdy. Earlier this year, which feels like it was forever ago, I stopped doing the IISB posts. At the time, I was a bit burned out on them. I have recently become interested in firing them back up. No promises on frequency or if there will even be one after this one, but let's all keep our fingers crossed. 😉

• HTML5 Security Cheatsheet

  You need to bookmark this.

  • html5
  • checklist
• The sad state of DOM security (or how we all ruled Mario's challe...

  This article gets into the nitty gritty of DOM and some security functions that aren't quite as strong as they might appear to be.

  • javascript
  • dom
• If I was a CSO – By a “Hacker” - CSO Bloggers - CSO | The Resourc...
  Very good advice from a very smart cookie.

  • cso
  • ciso
• Branden R. Williams, Business Security Specialist » Living in a S...
  It's all about your perspective. Branden urges you to change yours.

  • threats
• Accessibility is More Important Than Security
  Heh. Love the PS3 network reference.

  • humor
  • truth
• MSI Announces The Ohio SCADA Security Symposium | | MSI :: State ...
  The Ohio SCADA Security Symposium, to be held on November 1, 2011 in Columbus, Ohio, is designed to serve as a level set for teams and organizations who are actively managing production SCADA and Industrial Control System (ICS) environments in Ohio.

  • scada
  • conference
• IdentityBlog - Digital Identity, Privacy, and the Internet's Miss...
  Here's a very interesting story about Facebook, privacy and one dude who is giving Facebook a serious bit of indigestion.

  • privacy
  • facebook

{ 2 comments }

• F-Secure - Searching for the first PC virus in Pakistan

  I pointed to the teaser for this film a couple weeks ago. It's out now.

  tags: infosec iisb virus video brain

• (IN)Secure Issue 29 (pdf)

  Issue 29 is available.

  tags: infosec iisb magazine

• PacketFence: Open Source NAC (Network Access Control)

  "PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system." Looks kinda cool. (via darknet.org)

  tags: infosec iisb nac open-source

{ 0 comments }

• The Ethical Hacker Network - Webcast: Deep Dive into Red Teaming with the Metasploit Framework

  Interested in some technical nitty-gritty on Metasploit. There's going to be a free webcast on March 22nd showing just that.

  tags: webcast metasploit

• SSDs, encryption and decommissioning | Naked Security

  A couple weeks ago I pointed out a research paper that indicated that secure erasure of SSDs was problematic at best. Turns out there are some encryption issues too. Check out this article for some things to consider.

  tags: ssd encryption

• Andrew Hay » Blog Archive » Information Security D-List Interview: Jayson E. Street

  Yay! The Andrew's D-List interviews are back. This time with my friend Jayson E. Street.

  tags: interview d-list

{ 0 comments }

• India Issues Draft Privacy Rules : Privacy & Information Security Law Blog

  India is looking to implement some rules around data privacy that will affect most, if not all, companies that do business in that country. Worth looking at.

  tags: infosec iisb tfeed privacy

• DEF CON® 19 Hacking Conference - Call for Papers

  Get on it.

  tags: infosec iisb tfeed conference defcon

• ...Application Security...: Launching OWASP Defenders Community

  OWASP is starting up a couple new communities. Check out this post for more details.

  tags: infosec iisb tfeed owasp

{ 0 comments }

• Cybersecurity: Law, Privacy, and Warfare in a Digital World | Harvard National Security Journal

  This could be interesting and it's free 🙂

  tags: infosec tfeed iisb general

• Security Musings » Blog Archive » Factoring Pentest/Scan Results into Formal Risk Analysis

  This is a nice post from Ben about risk and where pen tests fit into a formal risk framework.

  tags: infosec tfeed iisb risk

• Micro Digital Signatures Howto | The Guerilla CISO

  This is a nifty idea. Fun with crypto for small message spaces like Twitter.

  tags: infosec tfeed iisb cryptography

• Free Access To Subscriber Content « Digital Bond's SCADA Security Portal

  Digital Bond has removed the pay wall from their content. Go check it out.

  tags: infosec tfeed iisb tools

• Security Uncorked » 5 Classes of Wireless by Mission [Mgmt's Guide to Wireless]

  JJ is publishing another white paper that you will want to read. Here is a bit from it.

  tags: infosec tfeed iisb wireless

• How I set up Speaker Selection « Behavioral Security

  If you are thinking about running a conference or are responsible for speaker selection for one , you should read Jay's tips.

  tags: infosec tfeed iisb conferences

• See a Facebook scam in action | Naked Security

  This is a neat walk-through of a Facebook scam in action.

  tags: infosec tfeed iisb scam facebook

{ 0 comments }

• Hiring Managers: There's A Better Way

  Security Monkey has given us some great tips on interviewing and hiring a new person. Check them out.

  tags: infosec tfeed iisb career hiring

• Bittersweet cookies. Some security and privacy considerations — ENISA

  Another nice report from ENISA. This time on cookies and the security privacy considerations we should be thinking about.

  tags: infosec tfeed iisb cookies privacy

• Reliably Erasing Data From Flash-Based Solid State Drives (PDF)

  Intersting paper on the effectiveness of traditional methods of wiping hard drives when used on SSDs. Short and sweet, it doesn’t work. Need to use verified correct built-in functions.

  tags: infosec tfeed iisb ssd drive-wiping

{ 1 comment }

• Securosis Blog | How to Encrypt Block Storage in the Cloud with SecureCloud

  This is just one serious metric ton load of awesome. An excellent how-to on encrypting block storage in the cloud.

  tags: iisb infosec tfeed cloud encryption

• NAT444 (CGN/LSN) and What it Breaks :: don't panic

  This is an excellent discussion of NAT in general and how IPv4/IPv6 nat in particular. Good stuff.

  tags: iisb infosec tfeed nat

• How to start a spam trap « MyBlog™

  Want to do some research on spam? Mark shows us how to setup a spam trap so you can.

  tags: iisb infosec tfeed spam

• Analysis of MBR File System Infector - F-Secure Weblog : News from the Lab

  This is a really interesting analysis of a piece of malware that infects the boot sector.

  tags: iisb infosec tfeed malware

• Cleaning up an infected web site – Part I: WordPress and the Pharma hack | Sucuri

  A nice post on cleaning up a malware infection on a wordpress site. Also a checker to see if you are infected. We aren't 🙂

  tags: iisb infosec tfeed malware wordpress

• Skype Business Lock Downs, Group Policies and Controls | Commodore.ca | Windows

  A most excellent resource for managing Skype on a Corporate network. Thanks for Marcus Carey for the pointer to it.

  tags: iisb infosec tfeed skype

{ 1 comment }

• Don’t Forget Your Security Bingo Card For the RSA Conference Next Week!

  Security Bingo card for RSA 🙂

  tags: iisb infosec tfeed humor

• Defining Risk « Behavioral Security

  Good stuff from my friend Jay on defining Risk.

  tags: iisb infosec tfeed risk

• Hacking the Web: Hijacking search results | Naked Security

  tags: iisb infosec tfeed

• Spot the Vuln – Radical

  Can you spot the vulnerability? Answer on Friday.

  tags: iisb infosec tfeed code-review

• Dinis Cruz blog: Participate remotely on the OWASP Summit

  Looks like they will be streaming the OWASP Summit this year. Sign up to help them plan.

  tags: iisb infosec tfeed owasp

{ 0 comments }