browser

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NSS Labs has published their third quarter Browser Security Test.
    Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
    Tags: ( browser )
  2. The Call for Speakers for RSA USA 2010 has been extended a week. Deadline is now August 21st.
    Call for Speakers
    Tags: ( rsa cfp )
  3. Brian talks about hype in the information security market.
    Hyper Security - fudsec.com
    Tags: ( fud )
  4. It has been talked about quite a bit over the last year or more. Can a cloud based solution be PCI compliant? Looks like the answer to that question has been given and by one of the larger cloud providers.
    Network Security Blog >> Cannot achieve PCI compliance with Amazon EC2/S3
    Tags: ( pci cloud )
  5. This is interesting. A botnet being controlled via Twitter.
    >> Twitter-based Botnet Command Channel * Security to the Core | Arbor Networks Security
    Tags: ( twitter botnet )
  6. Is your cell phone telling tales on you? Looks like the Palm Pre might be.
    Is Your Palm Pre Watching You? : Liquidmatrix Security Digest
    Tags: ( surveillance )
  7. Dave offers up a tutorial on encrypting your data backups on the cheap.
    IT Security Expert: Secure Encrypted Data Backup on a Budget Tutorial
    Tags: ( backup encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This really is not good from an enterprise security perspective.
    Opera Unite: A Great idea or horrible security risk? - Security
    Tags: ( browser opera )
  2. As Martin says, Level 2 merchants are now faced with a little bit higher bar to get over.
    Network Security Blog >> Level 2 merchants are going to have to get serious about PCI
    Tags: ( pci )
  3. Andrew has started a series on SIEM. Check it out for some good advice.
    Andrew Hay >> Blog Archive >> A SIEM Solution is Like a Garden
    Tags: ( siem )
  4. Rafal talks about a nifty looking tool that I'll be checking out.
    Digital Soapbox - Preaching Security to the Digital Masses: Watcher - Web Vulnerabilities Served Up Passively
    Tags: ( tools webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Looks like it is going to be a busy week this week. Microsoft is issuing a pretty good sized batch of patches.
    Microsoft Patch Tuesday for April 2009: eight bulletins - Ars Technica
    Tags: ( microsoft patches vulnerability )
  2. This looks interesting. A virtual browser.
    Techworld.com - Startup puts web browsers 'in the cloud'
    Tags: ( browser )
  3. A nifty tip on how to get at the data your fat client is passing back and forth to the app server.
    PortSwigger.net - web application security: Intercepting thick client communications
    Tags: ( webappsec appsec )
  4. Kees brings us some interesting information that could be very helpful in developing and maintaining our awareness efforts.
    Why we sometimes think cheating is OK - Kees Leune Information Security Blog
    Tags: ( general )
  5. Damon has a nice description of one of the worms that hit Twitter this weekend.
    DCortesi . blog >> Twitter StalkDaily Worm Postmortem
    Tags: ( twitter worm )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. If any of these apply to your organization you have some work to do.
    http://www.networkworld.com/news/2008/121008-the-seven-deadly-sins-of.html
    Tags: ( program )
  2. Looks like there is another 0-day out.
    Microsoft looking into WordPad zero-day flaw | Security - CNET News
    Tags: ( vulnerability microsoft wordpad )
  3. Shrdlu offers some good suggestions on preparing for next year.
    Layer 8: Out with the old, in with the new.
    Tags: ( general )
  4. Nifty. Five security related distributions in one.
    Ask and you shall receive - SumoLinux - Room362.com
    Tags: ( tools linux distro )
  5. Rich puts to paper (work with me) the same thoughts I had when I read about the direction China is thinking of taking in regards to technical information of products entering China.
    A Good (Potential) Risk Management IQ Test For Management | securosis.com
    Tags: ( general )
  6. Google gives a nifty resource.
    Google's Browser Security Handbook | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( security browser google books )
  7. Part 5 of this great series is now available. If you haven't read the previous parts, they are linked in the first paragraph.
    Building a Web Application Security Program, Part 5: Secure Development | securosis.com
    Tags: ( webappsec program )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hiya all. I know I have been less than vigilant in my posting here. I am not going to promise I will get better since that hasn't worked so far, but things might get a little more regular around here in the near future. Anywho, on with the show.

From the Blogosphere

Nathan McFeters has penned a nice post about responding to the DNS vulnerability and attacks. He also points to a post on The Frequency X Blog which also talks about the same topic.

Tom points to 0x0e's post that puts forward a list of skills that a good pentesting team should have. It is a good list and worth keeping in mind when both building a team and when contracting for a team to do work.

Rich has written an interesting post about spies and infosec and self-interest. He also asks, Security Operations: Do you CAER? (Collection, Analysis, Escalations and Resolution.) A very intersting read.

Dave Lewis points out that NIST has revised several security guidelines.

Billy explores what can happen when your browser is registered to handle several protocols.

I didn't get a chance to look at the Newsosphere, so this is it for the 29th.

Have a great day.

Kevin

Technorati Tags: , , , , ,

{ 0 comments }