blackhat

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good information on performing forensics on Google's browser, Chrome.
    Google Chrome Forensics
    Tags: ( forensics chrome google )
  2. Recon is looking for talk submissions.
    The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS - REC0N 2010 MONTREAL CANADA JULY 9-11
    Tags: ( recon conferences cfp )
  3. Craig asks a really good question, "Is Cloud Computing Right for Your Business?"
    Is Cloud Computing Right for Your Business? : The Security Catalyst
    Tags: ( cloud )
  4. The guys over at SANS Computer Forensics are starting a new weekly feature where they point out interesting forensics tidbits from around the internet.
    Digital Forensic Case Leads: Introductions
    Tags: ( forensics )
  5. This is a neat analysis of an exploit that has multiple levels of obfuscation.
    An In-Depth Exploit Analysis on Multilayer Obfuscations - Security Labs Blog
    Tags: ( exploit analysis )
  6. The presentations from Blackhat DC 2010 are starting to become available.
    Black Hat (r) Technical Security Conference: DC 2010 // Archives
    Tags: ( blackhatdc presentations archives )
  7. Ever want to play with your own botnet? Here you go, a nice learning tool.
    KreiosC2 - DigiNinja
    Tags: ( botnet research testing )
  8. A new version of Dradis is available. This is a handy collaborative documentation sharing tool that is very helpful in incident response and forensic work. Works well for other situations too.
    dradis - Effective Information Sharing
    Tags: ( dradis tools )
  9. Whoops. Not so hard for somebody to spy on your blackberry.
    Is Your BlackBerry App Spying on You?
    Tags: ( blackberry malware )
  10. Nifty stuff. A few very helpful regexes to have in your back pocket for your data mining efforts.
    JL's stuff: Forensic Regexes
    Tags: ( forensics regex )
  11. Interesting discussion on rescinding local admin rights on our end points.
    Securosis Blog | FireStarter: Admin access, buh bye
    Tags: ( local-admin )
  12. Interesting counterpoint to the post above about admin rights. I tend to agree with Rich's thoughts here.
    Securosis Blog | Counterpoint: Admin Rights Don't Matter the Way You Think They Do
    Tags: ( local-admin rights )
  13. I love to see this happen. Sensepost will no longer have a registration wall before their publicly available research and tool offerings. Wish more companies would go this route.
    Removing registration requirements
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A selection of videos from Blackhat 2009 has been made available. Black provides some links to them, but you can also find them on the Blackhat site.
    Selected video presentation at Black Hat 2009. -- PenTestIT
    Tags: ( blackhat conferences videos )
  2. Here are a couple scripts that allow you to view and search windows event logs on a linux system.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Looking for the right event
    Tags: ( event-logs perl linux )
  3. Lori calculates the bandwidth of sneakernetting hard drives to the cloud 🙂 Yes, I just made a verb out of sneakernet. 🙂
    The Bandwidth of Sneakernet to the Cloud
    Tags: ( general )
  4. Jack has posted the audio from the B-Sides conference in Las Vegas that occurred at the same time as Blackhat and Defcon.
    Uncommon Sense Security: Security B-Sides Las Vegas 2009 Audio
    Tags: ( bsides conferences )
  5. Alan has started a series of posts that will explore the SAS70 Type II report. Good info in the first post.
    StillSecure, After All These Years: SAS 70 Type II Should you care?
    Tags: ( sas70 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The solution to the latest packet challenge from I Smell Packets.
    Solution to the Name That Exploit Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  2. Rich is tackling costs associated with a data breach. He is approaching it from a hard vs. soft costs perspective. Those familiar with FAIR will recognize these as primary and secondary loss factors.
    Securosis Blog | Creating a Standard for Data Breach Costs
    Tags: ( breach costs )
  3. It wouldn't be Blackhat/DefCon season without at least one cease and desist order. The first one this year stops a talk about hacking ATMs.
    ATM Vendor Halts Researcher's Talk on Vulnerability | Threat Level | Wired.com
    Tags: ( atm blackhat )
  4. Thus declareth @hevnsnt. Change your Twitter password on July 1st. Actually a good idea for several reasons which he shares in this blog post.
    July 1st is #twittersec Day | The Edge of I-Hacked
    Tags: ( twitter )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. It will be worth keeping an eye on what happens in the future as the council goes forward.
    Hacker named to Homeland Security Advisory Council | Security - CNET News
    Tags: ( government )
  2. Looks like the spammers are up to a new trick that appears to be working at the moment.
    RTF File Spam Makes Its Way Through Filters - Security Watch
    Tags: ( spam )
  3. Nifty. Another tool to freely scan files for malware.
    Paretologic Released a New Free Online Malware Scan
    Tags: ( malware scanning )
  4. Here is an interesting way to keep some or all robots from crawling your website.
    Security - The Global Perspective: How to block robots.. before they hit robots.txt - ala: mod_security
    Tags: ( robots )
  5. Do you want to know more about DEP (Data Execution Prevention)? Check this out.
    Security Research & Defense : Understanding DEP as a mitigation technology part 1
    Tags: ( dep )
  6. A new packet challenge is up on Caesar's site.
    Caesar's Challenge << I Smell Packets
    Tags: ( challenge networking. )
  7. The Black Hat 2009 schedule is available now.
    Black Hat USA 2009 Schedule
    Tags: ( blackhat 2009 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch Firefox.
    Firefox 3.0.6 targets security issues | Security - CNET News
    Tags: ( vulnerability firefox patch )
  2. You might want to be careful what sites you go to when you are logged into the twitter web interface. Also remember, that if you clicked on 'remember me', you are logged in even if you don't have it open in tab.
    Twitter Clickjacking Hack Released - DarkReading
    Tags: ( vulnerability clickjacking twitter )
  3. An interesting article with good points regarding the ability to disable UAC in Windows 7 and the fact that somebody has made a user-space program that does it automatically. Worth a gander.
    Both Sides on the Win7 UAC Problem
    Tags: ( windows-7 uac )
  4. If you're looking for a infosec job, the U.K. may be a good place to check. No idea on immigration and such, but couldn't hurt to take a peak.
    Many computer security jobs are still available in UK >> Computer internet security
    Tags: ( jobs )
  5. The CFP of Black Hat is open. Get your pencils ready and your ideas flowing.
    Black Hat : Black Hat USA 2009 Call For Papers
    Tags: ( blackhat conferences cfp )
  6. Black Fisk warns us to be careful of the number we see in reports on the cost of breached data. He doesn't say dismiss them out of hand, but we are better off if we can come up with some figures specific to our own organizations.
    Black Fist Security: Risk analysis: Cost of breaches and rolling your own numbers
    Tags: ( risk management )
  7. A nice post by Kees. Don't forget that you need to plan on more than one level and to do so you need to keep informed.
    On Situational Awareness - Kees Leune Information Security Blog
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }