burp

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. William is building a taxonomy of cloud computer benefits. Go check it out and contribute.
    William Vambenepe -- Taxonomy of Cloud Computing Benefits
    Tags: ( cloud )
  2. Brian is interested in finding out what kind of internet users his readers think they are.
    What Kind of Internet User Are You? -- Krebs on Security
    Tags: ( general )
  3. Burp Suite v1.3 has been released.
    PortSwigger.net - web application security: Burp Suite v1.3 released
    Tags: ( webappsec tools burp )
  4. Port knocking is a pretty nifty technique for providing remote access to your system while it appears to be unreachable via the network. It involves sending a specific set of packets or a specifically crafted packet to nominally "closed" ports on your system. The firewall or add-on tooling listens for these packets and then opens the appropriate ports when it sees them. This page has a list of tools that you can use to setup port knocking.
    PORTKNOCKING - A system for stealthy authentication across closed ports. : IMPLEMENTATIONS : implementations
    Tags: ( remote-access port-knocking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a nice post talking about fuzzing with Burp.
    ClearNet Security : need to do a GET before POST, fuzzing with BURP and WebScarab
    Tags: ( webappsec fuzzing burp )
  2. I know it seems like I point out every FudSec.org post that happens and, actually, I do. It's because they are all great posts that have good thought generating material. Jayson attacks Cyberwar in this week's edition.
    Beware of Falling Turtles (Plus other things that shouldn't really frighten us) - fudsec.com
    Tags: ( fudsec cyberwar )
  3. This is a must read in my opinion. I have only read the executive summary and skimmed the assurance framework part so far, but they alone are worth the price of admission. I look forward to digging into the assessment portion soon.
    Cloud Computing Risk Assessment -- ENISA
    Tags: ( cloud risk-assessment )
  4. Craig has an interview with Giles Hogben up with some insight into the new Cloud Security Risk Assessment mentioned above.
    ENISA Cloud Security Risk Assessment: An Interview with Giles Hogben | Cloud Security
    Tags: ( cloud risk-assessment )
  5. Anton takes an interesting approach to why PCI is good.
    Anton Chuvakin Blog - "Security Warrior": Smart vs Stupid: But Not Why You Think So!
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some interesting stats, however, the title is a bit misleading, the percentages for 20's, 30's and 40's are 25%, 23% and 20% respectively. Not exactly what I would call significant regarding 20's.
    ID theft up, and 20somethings suffer most | Security - CNET News
    Tags: ( theft identity )
  2. A very nice diagram depicting risk. Hat tip: Gunnar Peterson
    Telic Thoughts: Threats, vulnerabilities and risk
    Tags: ( risk )
  3. Time to update your PHP installations.
    PHP plugs security holes | Zero Day | ZDNet.com
    Tags: ( vulnerability patches php )
  4. Christofer waxes poetic on cloud computing.
    Rational Survivability: Ron Popeil and Cloud Computing In Poetic Review...
    Tags: ( cloud )
  5. A nice post that shows you how to build a u3 USB keyfob that will gather information from a windows system using nothing but built in tools.
    Syn: USB Enumerator vs USB Hacksaw
    Tags: ( tools usb u3 information-gathering )
  6. A nifty little how-to on using self-signed certs with Burp.
    un-excogitate.org >> Blog Archiv >> Self-signed Certificates in Burp
    Tags: ( pentest burp )
  7. Woot! L0phtCrack is alive again. I'm jealous of those who will get to see the launch live at Source Boston.
    L0phtCrack 6
    Tags: ( cracking password windows )
  8. Irongeek has written a set of PHP scripts that demonstrate all 10 of the vulnerabilities described by the OWASP Top 10. Very cool stuff.
    Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10
    Tags: ( tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }