anti-virus

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned.
    Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog
    Tags: ( virus windows-7 )
  2. Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently.
    Skeptikal.org: Cross-subdomain Cookie Attacks
    Tags: ( webappsec exploits )
  3. Thinking about virtualizing your databases? Make sure you are doing so for any of the mythical reasons that Adriane addresses in this article.
    Securosis Blog | Myths Surrounding Databases in Virtual Environments
    Tags: ( virtualization database )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Wow, this has been a crazy busy week.

My apologies for not taking the time to get the daily bits posts out the door. However, don't despair. I have a bumper crop for you today because I have been keeping my eye on things.

Unfortunately you will have to do without my pithy (or so I'd like to believe) comments today. 🙂

Also, RSA Europe 2009, where I'll be speaking, is right around the corner along with some vacation time, so you will see fewer bits posts over the next couple weeks and they will probably be like this one.   I will be back in full gear after the conference. I will blog when I can on what I see at RSA though.

Anywho, here are today's (this weeks) Interesting Information Security Bits from around the web.

  1. Immutable Security >> Low and Slow SSH Brute Force Attacks
    Tags: ( ssh )
  2. Real World Stories: How Pen Tests Complement Vulnerability Scans << Core Security Technologies
    Tags: ( wepappsec pentest )
  3. Visa Announces New Data Encryption Practices
    Tags: ( pci )
  4. 'What's wrong with Smelly Widgets?' - Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  5. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - FRHACK01 copy of presentations
    Tags: ( conference presentations )
  6. Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft | Hackers Center Blogs
    Tags: ( passwords )
  7. AVG Stepping Up Consumer Anti-Virus Offerings | Darknet - The Darkside
    Tags: ( anti-virus avg )
  8. Man banished from PayPal for showing how to hack PayPal * The Register
    Tags: ( paypal )
  9. Book Review: The Rootkit Arsenal << McGrew Security Blog
    Tags: ( books reviews )
  10. Jeremiah Grossman: All about Website Password Policies
    Tags: ( infosce passwords )
  11. Digital Soapbox - Preaching Security to the Digital Masses: Things I Learned at SecTor 2009
    Tags: ( conference toorcon recap )
  12. TaoSecurity: Technical Visibility Levels
    Tags: ( avialability monitoring )
  13. SSL Still Mostly Misunderstood - DarkReading
    Tags: ( ssl )
  14. Anton Chuvakin Blog - "Security Warrior": Compliance != Security, Does Security = Compliance?
    Tags: ( compliance security )
  15. A Page from Singapore's Cybersecurity Playbook | Optimal Security: The Lumension Blog
    Tags: ( general )
  16. You Can't Always Be Proactive - Hacked Off - Dark Reading
    Tags: ( general )
  17. Security Uncorked >> Good, Bad and Ugly: On SecTor's Wall of Shame
    Tags: ( passwords wireless )
  18. CSS History Hack Used To Ban Torrent Users ha.ckers.org web application security lab
    Tags: ( css )
  19. Yahoo Best Jobs in America ranks infosec professional #8
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has released their free anti-virus/anti-malware tool.
    Microsoft's New Tool in the Fight Against Malware Free to Consumers - Technology News - redOrbit
    Tags: ( anti-virus anti-malware free microsoft )
  2. Eric has a couple of interesting tools that might be fun to play with. One is an HTTP based SSH client. It runs on the server with no client other than a browser. The other is called Sockets Over HTTP (SOHT)
    EricDaugherty.com - Eric Daugherty's Open Source Projects
    Tags: ( tools evasion )
  3. Mike Murray is a cool dude. He made a promise and followed through on it. Check out this post to see the full version of the talk he gave at Hacker Halted.
    Hacker Halted Redux
    Tags: ( social-engineering video )
  4. Need to get around Green Dam censorship for some reason. Check out Dam Burst.
    jon.oberheide.org - blog - disabling green dam with dam burst
    Tags: ( green-dam dam-burst )
  5. I have pointed out the other articles in Alec's investigations into using entropy to detect encrypted sessions in live network traffic. Here is a continuation of that study. This is extremely cool and has the geek in me all excited 🙂
    Detecting encrypted traffic with net-entropy, part two << wirewatcher
    Tags: ( encryption network-forensics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The title says it all. SAINT 7 has been released.
    SAINT 7 released
    Tags: ( saint scanner tools )
  2. Anue Systems interviews Jack Daniel.
    Security Pros on Twitter (SPoT): Jack Daniel/@Jack_Daniel - The Network View
    Tags: ( infoec interview )
  3. Lenney Zeltser, who teaches a popular malware analysis course for SANS, has made one of his slide decks available online. The cool part, the speaker notes are included. Note: You can also watch the recorded webcast.
    Introduction to Malware Analysis - Free Webcast by Lenny Zeltser
    Tags: ( malware analysis )
  4. The T2'09 challenge is up.
    T2'09 Challenge - F-Secure Weblog : News from the Lab
    Tags: ( challenge )
  5. This is the second half of a post pointed to recently. Interesting stuff.
    >> The Internet After Dark (Part 2) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  6. So, um, all those wonderful security cameras...basically worth bupkiss in stopping or solving crime. There goes that argument for why Big Brother is your friend.
    Schneier on Security: On London's Surveillance Cameras
    Tags: ( surveillance privacy cameras )
  7. An interesting exploration of free security products.
    Plausible Deniability >> Freegan-ism: how free product might upset the anti malware space
    Tags: ( anti-virus anti-malware opinion )
  8. If you are running an FTP server on top of IIS 5 or 6 on Windows 2000, you will want to check this out and put in some extra logging if you can't turn that puppy off.
    IIS5&6 FTP Stack Overflow Zeroday : Liquidmatrix Security Digest
    Tags: ( iis ftp win2k )
  9. The author has a very good point. Worth a read.
    stop the alert(); - The HP Security Laboratory Blog | HP Web Application Security -
    Tags: ( xss )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Today's Bits include anti-virus for Windows 7 Beta, hard drive failures, budget cutting, battling crsf and such, md5 collisions, and a pretty nifty joke by Microsoft developers. See below for details and have a great day.

  1. If, like me, you are running Windows 7 Beta and need an anti-virus solution, fear no more. You have three options.
    Windows 7 Beta Antivirus Packs Now Available -- InformationWeek
    Tags: ( microsoft anti-virus windows-7 )
  2. You may ask yourself why I am posting about hard drive failures. Never forget that one leg of the CIA triad is availability. If you have Seagate drives, you might want to check if you are effected.
    Seagate Barracuda Hard Drives Plagued By Failures -- Storage -- InformationWeek
    Tags: ( availability )
  3. "Mathias" has some option some of may want to consider as we are all faced with the impact the economy is having on our companies.
    Security Manager's Journal: Eyeing risks while cutting spending
    Tags: ( general budget )
  4. We have another tool to use against the evil hackers trying to hijack our browsers. This with NoScript should make your world quite a bit safer.
    RequestPolicy Firefox Extension ha.ckers.org web application security lab
    Tags: ( tools firefox crsf )
  5. Didier is at it again. Good thing he is on our side :0
    Playing With Authenticode and MD5 Collisions << Didier Stevens
    Tags: ( md5 malware )
  6. This is a hoot.
    Quickpost: Windows 7 Beta: ROT13 Replaced With Vigenere? Great Joke! << Didier Stevens
    Tags: ( general humor )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }