adobe

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Like the title below says, a new version of the SANS Consensus Audit Guidelines has been published.
    New Version of SANS 20 Critical Security Controls is Available << Security is Golden
    Tags: ( sans )
  2. Chet offers up some tips on being a safer Twitter user in 2010.
    12 tips of Christmas - A safer Twitter for 2010 | Chester Wisniewski's Blog
    Tags: ( twitter safety )
  3. Surprise, surprise. Another adobe reader o-day vulnerability.
    New Adobe 0-day
    Tags: ( adobe vulnerability 0day )
  4. If you are concerned about your privacy as you surf the internet you should read this article. It provides some guidance on doing so in a more anonymous manner.
    How to surf anonymously without a trace
    Tags: ( privacy internet )
  5. Wow. Andrew is really cranking out the interviews. This time it is another good friend, Michael Santarcangelo.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Michael Santarcangelo
    Tags: ( interviews )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adobe offers some guidance on securely deploying cross-domain policy files (Hat tip to cgisecurity.com)
    Securely deploying cross-domain policy files - ASSET
    Tags: ( adobe crossdomain )
  2. I have to agree with this post. Free isn't always best.
    MSI :: State of Security >> Beware of 'Free' InfoSec
    Tags: ( pentesting webappsec )
  3. Is this really the best use of our legislature's time?
    Security Fix - Bill would ban P2P use on federal networks, PCs
    Tags: ( law p2p )
  4. Bob is at it again. Go see what he is up to.
    Syn: Bob The Backdoor Man - Part 1
    Tags: ( story pentesting )
  5. We will likely see more of this in the future. A DNA testing firm files bankruptcy.
    DNA Testing Firm Goes Bankrupt; Who Gets the Data? | Threat Level | Wired.com
    Tags: ( privacy dna )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. An update is available for Version 9 of Adobe Acrobat that take care of the recent 0-day. Versions 7 and 8 are still unpatched and will remain so until later this month.
    Acrobat and Reader 9.1 Update Available for Windows and Mac - Security Watch
    Tags: ( exploit vulnerability adobe patches )
  2. Wanna see what binaries are floating about on your network. This'll help you figure out just that thing.
    Pulling binaries from pcaps << SANS Computer Forensics, Investigation, and Response
    Tags: ( sniffer )
  3. This is pretty nifty. Side note: it is also another reason why it is very important to not allow port 53 outbound from your internal network except for your actual DNS servers. Think proxy bypass, data leakage, etc.
    OzymanDNS - Tunneling SSH over DNS | Room362.com
    Tags: ( dns tunneling )
  4. There is some important information you need to be aware of regarding Microsoft patch MS09-008. There are issues not addressed for exploited servers. Read on for details.
    Successful Exploit Renders Microsoft Patch Ineffective (VERT)
    Tags: ( microsoft patches )
  5. These are great resources from Lenny Zeltser. Cheatsheats available: Securty Incident Survey Cheat Sheet for Server Administrators, Initial Security Incident Questionnaire for Responders, Network DDOS Incident Response Cheat Sheet, Revers-Engineering Cheat Sheet, Information Security Assessment RFP Cheat Sheet, and How to Suck at Information Security 🙂
    Lenny Zeltser - IT Security Cheat Sheets
    Tags: ( cheatsheet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Beware of visiting sites that contain sensitive information on public networks. SSLStrip makes it even easier for the bad guys to get you.
    Hacker pokes new hole in secure sockets layer * The Register
    Tags: ( ssl mitm )
  2. Yup, another vulnerability in Adobe Reader. This one has active exploits and won't be patched until mid-March. Be careful out there.
    New in-the-wild attack targets fully-patched Adobe Reader * The Register
    Tags: ( exploit vulnerability adobe reader )
  3. Kees talks to us about some issues we need to be aware of when thinking about access to sensitive information.
    Handling sensitive information - Kees Leune Information Security Blog
    Tags: ( access control )
  4. Don tells us to ask why. Good stuff in here.
    Security Ripcord >> Blog Archive >> Incident Response Lessons Learned
    Tags: ( incident response )
  5. Some good questions to consider when you are selecting you next vendor for a pen test.
    How to choose a Pen Tester << Steven Branigan's Blog
    Tags: ( pentesting )
  6. It's coming up. If you are in the heartland, this is a good option, particularly if cost is an issue.
    Carnal0wnage Blog: ChicagoCon 2009s is coming up!
    Tags: ( conference chicagocon )
  7. An interesting paper about Banking Trojans.
    Bank details uncovered - PandaLabs
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hi there. Here are today's interesting bits.

From the Blogosphere.

F-secure has posted a notice about two Mac OSX trojans.

Adobe is in the news again with a patch for yet another critical PDF Reader flaw. Head-up provide by Zero Day.

Via TaoSecurity, a post by Pascal Meunier, Virtualization Is Successful Because Operating Systems are Weak, puts forth an interesting way to look at virtualization.

What it looks like is that we have sinking boats, so we’re putting them inside a bigger, more powerful boat, virtualization...

Chris Eng at Veracode has Part 1 of Minimizing the Attack Surface up. Good read.

Security4all points us at a way to get Nessus 3 installed on Backtrack 3. Very cool, but watch that new licensing.

From the Newsosphere.

Verisign has been picked by Microsoft as the OpenID provider for users of HealthVault.

The Marshall Islands, a small country in the South Pacific, was effectively denied access to email by a denial of service attack.

Yahoo! Mail was vulnerable to a XSS attack which allowed access to confidential information. It's fixed now.

Some HSBC websites are also susceptible to XSS attacks.

Surprise, Surprise, China networks host a large number of the websites pushing malware.

That's it for today folks.

Have a good one.

Kevin

Technorati Tags: , , , , , , ,

{ 0 comments }