blackberry

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a nice summation of some recent research on data breaches.
    Reports: SQL injection attacks and malware led to most data breaches | Zero Day | ZDNet.com
    Tags: ( research )
  2. Good points on writing custom error pages.
    Digital Soapbox - Down the Security Rabbithole!: Accidental Anti-Automation in Web App Sec
    Tags: ( error-pages )
  3. This article points to a couple of Skype policies that might be helpful.
    Example Skype Security Policies: Low-Medium Security Levels
    Tags: ( skype )
  4. FreeBSD and its ilk are a bit of a different breed. Hal gives some tips on digging into them forensically.
    FreeBSD Computer Forensic Tips & Tricks
    Tags: ( freebsd forensics )
  5. While compliance does not equal security, it does have its place. Give what Dennis has to say a gander.
    Security From Scratch: Using Compliance For Good : The Security Catalyst
    Tags: ( compliance )
  6. If you have any of the following going on, you really need to look at your procedures and policies.
    Immutable Security >> Administrators by Proxy
    Tags: ( windows administrators )
  7. Let your voice be heard fellow security bloggers. Time to vote for the Social Security Blogger Awards.
    The Ashimmy Blog: Vote for the Social Security Blogger Awards
    Tags: ( security-bloggers awards )
  8. Looks like there is going to be a Security Bloggers Meet-up in April in London. Wish I could be there.
    Security Bloggers Meet Up, proposed 27th April near Earls Court London | Security Active Blog
    Tags: ( meet-up )
  9. Looking for some research you can't find anywhere else? Let Rich and company know.
    Securosis Blog | Choose Your Own Whitepaper Adventure (and Upcoming Papers)
    Tags: ( research )
  10. Vercode offers some clarity about the Blackberry application released at Shmoocon. Key: Not a hack.
    In Which We Dispel Misconceptions
    Tags: ( blackberry spyware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good information on performing forensics on Google's browser, Chrome.
    Google Chrome Forensics
    Tags: ( forensics chrome google )
  2. Recon is looking for talk submissions.
    The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS - REC0N 2010 MONTREAL CANADA JULY 9-11
    Tags: ( recon conferences cfp )
  3. Craig asks a really good question, "Is Cloud Computing Right for Your Business?"
    Is Cloud Computing Right for Your Business? : The Security Catalyst
    Tags: ( cloud )
  4. The guys over at SANS Computer Forensics are starting a new weekly feature where they point out interesting forensics tidbits from around the internet.
    Digital Forensic Case Leads: Introductions
    Tags: ( forensics )
  5. This is a neat analysis of an exploit that has multiple levels of obfuscation.
    An In-Depth Exploit Analysis on Multilayer Obfuscations - Security Labs Blog
    Tags: ( exploit analysis )
  6. The presentations from Blackhat DC 2010 are starting to become available.
    Black Hat (r) Technical Security Conference: DC 2010 // Archives
    Tags: ( blackhatdc presentations archives )
  7. Ever want to play with your own botnet? Here you go, a nice learning tool.
    KreiosC2 - DigiNinja
    Tags: ( botnet research testing )
  8. A new version of Dradis is available. This is a handy collaborative documentation sharing tool that is very helpful in incident response and forensic work. Works well for other situations too.
    dradis - Effective Information Sharing
    Tags: ( dradis tools )
  9. Whoops. Not so hard for somebody to spy on your blackberry.
    Is Your BlackBerry App Spying on You?
    Tags: ( blackberry malware )
  10. Nifty stuff. A few very helpful regexes to have in your back pocket for your data mining efforts.
    JL's stuff: Forensic Regexes
    Tags: ( forensics regex )
  11. Interesting discussion on rescinding local admin rights on our end points.
    Securosis Blog | FireStarter: Admin access, buh bye
    Tags: ( local-admin )
  12. Interesting counterpoint to the post above about admin rights. I tend to agree with Rich's thoughts here.
    Securosis Blog | Counterpoint: Admin Rights Don't Matter the Way You Think They Do
    Tags: ( local-admin rights )
  13. I love to see this happen. Sensepost will no longer have a registration wall before their publicly available research and tool offerings. Wish more companies would go this route.
    Removing registration requirements
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This might be an interesting report.
    Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy (pdf)
    Tags: ( general )
  2. Little patch work to do on our Windows systems.
    4 Patches Issued By Microsoft, 2 Critical - Security Watch
    Tags: ( vulnerability windows patches )
  3. Time to patch your Blackberry.
    RIM Issues BlackBerry Security Advisory -- BlackBerry -- InformationWeek
    Tags: ( vulnerability blackberry patch )
  4. Never forget that it is not just your organization that may be affected by a data breach. Heartland is a case in point.
    Heartland Breach Affects 135 Banks and Credit Unions (So Far) | Threat Level from Wired.com
    Tags: ( breach )
  5. Dry cleaners, Ebay, etc. Folks, we really need to get a handle of sanitizing our systems be fore we let them out of our control.
    Techworld.com - Sensitive data found on eBay hard drives
    Tags: ( data-leakage )
  6. Looks like some interesting stuff going on with snort.
    VRT: Important Snort rule changes and the new dcerpc preprocessor
    Tags: ( ids snort )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

In today's Bits post we take a look browser bugs, Blackberry Server bugs, fun with hardware hacking, defining effectiveness, the Source Boston schedule, Incident Response Management, and Downadup.

  1. Oh look, it's a browser bug. How novel. (yes, that was sarcasm and this appears to be pretty nasty)
    Browser bug could allow phishing without e-mail - Network World
    Tags: ( vulnerability browser javascript phishing )
  2. Time to patch your Blackberry Servers.
    RIM issues security patches for BlackBerry | Security - CNET News
    Tags: ( pdf vulnerability blackberry patches rim )
  3. Didier's been playing with some hardware. Nifty stuff.
    A Hardware Tip for Fuzzing Embedded Devices << Didier Stevens
    Tags: ( hardware hacking embedded devices phidgets )
  4. Read this post. Also read the comments. Some good device and a very workable definition of effectiveness and where efficiency and optimization come into play.
    Verizon Business Security Blog >> Blog Archive >> What is an "effective" Control?
    Tags: ( control effectiveness )
  5. The Source Boston 2009 sessions have all been solidified and the schedule is up and ready for you perusal. Have fun. I so wish I was going to be there.
    Source Boston - Sessions
    Tags: ( source conferences )
  6. A nice article about Incident Response Management from Kees.
    Incident Response Management - Kees Leune Information Security Blog
    Tags: ( management incident response )
  7. Wow. Take look at what F-Secure is doing and what they have found out. This botnet appears to be huge.
    How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
    Tags: ( )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

In today's bits post we see information on card readers, penentration testing tools, crypto challenges, NSAIG chapter meetings, reversing Blackberry apps, passwords, and a happy blog birthday. Read on for the details.

  1. Um, now you don't need to make you own card skimmer.
    Pocket Credit Card Reader Takes Transactions on the Go - Network World
    Tags: ( scanner creditcard )
  2. Set your reminders and mark it on you calendars. January 13th at 2:00 p.m. EST. Details inside.
    Best Of Webcast Series - Part I - Best Of Network Penetration Testing Tools
    Tags: ( tools pentest webcast pauldotcom )
  3. The answers and winners to the latest crypto challenge from the Ethical Hacker site are posted. Bonus - My first name is involved 😉
    The Ethical Hacker Network - Scooby Doo and the Crypto Caper - Answers and Winners
    Tags: ( challenge crypto answer )
  4. For those in Altanta or within a reasonable driving distance, the next meeting of NAISG is scheduled for the 14th of January. Check the post for details.
    Andy, ITGuy: Atlanta NAISG Meeting #2
    Tags: ( naisg atlanta meeting )
  5. Most of this is over my head :), but those of you into reversing might find it of interest.
    Don't Stuff Beans Up Your Nose! >> Disassembling Version 6 BlackBerry apps
    Tags: ( blackberry java reversing )
  6. Jeff has a nice post up which talks about a way to deal with brute-force dictionary passwords attacks.
    Coding Horror: Dictionary Attacks 101
    Tags: ( password twitter brute-force )
  7. Six years is a good run. Happy B-Day TaoSecurity. Keep it up.
    TaoSecurity: Happy 6th Birthday TaoSecurity Blog
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }