And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.


Technorati Tags: , , , , , , , , , ,


Hello peoples. I know I said I'd be posting again by Wednesday of this week. I lied. Sorry about that. Coming back from vacation hurts in so many ways. So a couple days late, but here we go.

@jth twitted a link to a list of useful built-in Windows commands and tools by Ed Skoudis.

John Heasman has an interesting post up which talks about NTLM Fun and Games. Worth looking at.

Micki Krause over at bloginfosec.com has an article up that refers to Joyce Brocaglia's chapter in "CISO Leadership: Essential Principles for Success."

The second part of a series about Communicating About Risk is up over at riskmanagementinsight.com. Part one is here. Read them. It will be time well spent.

Jennifer Jabbusch has yet another informative post up. This one helps us understand the difference between a NAC client and an 802.1X Supplicant. Jennifer does a great job of making both topics approachable.

That's it for today. Have great one.


Technorati Tags: , , , , ,