Awareness

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Robert has a nice exploration of Intel's new processor named Nehalem.
    Errata Security: Nehalem vs. IDS
    Tags: ( hardware intel cpu )
  2. Andy speaks some truth about the user's responsibility in the security equation.
    Are we being irresponsible? >> Andy ITGuy
    Tags: ( awareness )
  3. The start of what looks to be a neat series. lsof is an awesome tool.
    Black Fist Security: *nix command of the day
    Tags: ( tools unix )
  4. Here is an interesting story about a different cyber-crime target. Still very lucrative.
    Hackers Steal Millions in Carbon Credits | Threat Level | Wired.com
    Tags: ( crime )
  5. This is a really good read.
    Jeremiah Grossman: The Web won't be safe, let alone secure, unless we break it
    Tags: ( wepabbsec )
  6. Securosis is looking for participants for some closed surveys. Check this out if you want to help.
    Securosis Blog | Need Brains. User Brains
    Tags: ( surveys )
  7. Want to setup and virtual network security testing lab? Check this out.
    In Lieu of... << Laz3rNet
    Tags: ( lab how-to )
  8. Windows 2008/7 offers new functionality that may help ease the pain of service accounts. (Hat tip: @grey_area)
    Service Accounts Step-by-Step Guide
    Tags: ( windows )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
    /dev/null - ramblings of an infosec professional: Security Exemptions
    Tags: ( policy )
  2. Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
    The Writing Funnel (The Falcon's View)
    Tags: ( general writing )
  3. A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
    Network Forensics Puzzle Contest
    Tags: ( forensics contest answer )
  4. This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
    Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
    Tags: ( cloud privacy )
  5. Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
    Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
    Tags: ( virtualization )
  6. Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
    The policy bootstrapping problem.
    Tags: ( policy )
  7. Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
    Cyber Security Awareness Month
    Tags: ( awareness )
  8. Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
    Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. We will be seeing more and more drives that support this.
    Full disk encryption comes to SSDs for mobile devices, laptops
    Tags: ( encryption ssd )
  2. Interesting perspective regarding awareness vs. enforcement/controls.
    The Difference Between Awareness and Enforcement
    Tags: ( awareness enforcement )
  3. A good article by Jeff about language and how we use it.
    Use Your Words : The Security Catalyst
    Tags: ( communication )
  4. Completely agree with everything Graham says about this situation.
    Firm hires Twitter worm author Mikeyy Mooney | Graham Cluley's blog
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a description of day two of the pwn2own contest.
    TippingPoint | DVLabs | Pwn2Own Day 2
    Tags: ( pwn2own )
  2. An interesting look at an exploit generating toolkit.
    Finjan MCRC Blog 2009 - A strike for lucky - LuckySploit Toolkit Exposed
    Tags: ( exploits )
  3. Microsoft released IE8 yesterday. This article talks about some of the security features present.
    Internet Explorer 8 includes a bevy of security features
    Tags: ( ie8 )
  4. Lots of fun peaking at the inside of the Linksys router.
    Dissecting the WRT54G version 8
    Tags: ( hardware hacking )
  5. A nice rebuttal by Chris.
    Stuart King - Information Security Annoyances - Response 1 << Risktical Ramblings
    Tags: ( awareness )
  6. Ryan has a great interview of Charlie Miller, one of the winners of the pwn2own contest at CanSecWest.
    Questions for Pwn2Own hacker Charlie Miller | Zero Day | ZDNet.com
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Today's Bits has malware infections, data breach at a card processor, the need for requirements, deperimeterization and endpoint control, awareness campaign metrics, an update to an F-Secure malware removal tool, and a list of InfoSec bloggers in Australia. More details below. Have a great day.

  1. First they allowed computers used in surgery to be rebooted automatically upon being patched by Windows Update. Then they disabled Windows update, but didn't put any further controls in place to protect these systems. Remember, if you disable one control, you need to introduce a compensating control where elevated risk exists.
    Conficker seizes city's hospital network * The Register
    Tags: ( malware )
  2. This has the potential to be huge.
    Payment processor warns of network breach
    Tags: ( breach creditcard )
  3. "Tell me what you got and I'll pick what I think I need" never ends well. The need for requirements extends well beyond security controls. If you can't effectively articulate your needs, you are never going to be able to fulfill them.
    Requirements are required >> Andy ITGuy
    Tags: ( general )
  4. Yup, if you done control the endpoint, you have some really big problems.
    Deperimeterization without endpoint control? | Security Balance
    Tags: ( endpoint control infrosec deperimeterization )
  5. Julie has a good post up on Security Catalyst with some suggestions on how to measure the effectiveness of you security awareness program.
    Three Ways to Make Awareness Measurable : The Security Catalyst
    Tags: ( awareness metrics )
  6. F-Secure has an update available for their F-Downadup Removal Tool. With the number of machines being reported that are infected with this malware, we should probably all have this in our toolbox.
    ISTP and F-Downadup Removal Tool - F-Secure Weblog : News from the Lab
    Tags: ( malware tools removal )
  7. Drazen has started a list of Australian InfoSec bloggers. Check it out and make sure you are on it if you are a InfoSec blogger in Australia.
    Beast Or Buddha >> Australian IT Security Blog Directory
    Tags: ( general blogs )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Today's Bits brings us posts that talk about rule breakers, DHS profiles of international travelers, playing like you're a printer with netcat, some possible policies that may need attention and things to think about when using Skype in the enterprise. Read on for the details.

  1. I have seen everyone of the these happen more times than I can count.
    The 4 Security Rules Employees Love to Break - Network World
    Tags: ( general awareness )
  2. This is an interesting read about what information the Department of Homeland Security has on international travelers. If you are curious about what they have on you, you can find out.
    A rare peek at Homeland Security's files on travelers - This Just In - Budget Travel
    Tags: ( travel dhs profile )
  3. Wesley has a nice how-to that show you a method for catching print jobs with netcat. Very handy for the issue he was trying to solve. However, as a commenter points out, what a great way to grab data in a pen test 🙂
    McGrew Security Blog >> Blog Archive >> Pretending to be a Printer with Netcat
    Tags: ( mitm printer netcat )
  4. Rebecca makes a really good point in this post. If your policies and procedures don't address twitter and its ilk, you should probably get on that.
    Business Info Fact Of The Day: Employees In Most Organizations Are Twittering - Realtime IT Compliance
    Tags: ( twitter procedure policies )
  5. A couple things to think about regarding Skype in the enterprise.
    Lawrence Orans on Containing the Risk of Using Skype
    Tags: ( general skype )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }