Career

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Heh. This looks like a fun project.
    War-walking case << Infosanity's Blog
    Tags: ( wireless hacking )
  2. The Sophos mid-year threat report is out.
    Download Sophos Security Threat report: Jan-July 2009 | Graham Cluley's blog
    Tags: ( report threat )
  3. Trey Ford is next up in Raf's interview series. I feel lucky that so far I have met and gotten to talk with, live and in person, three of the four interviewed so far.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Trey Ford
    Tags: ( interview )
  4. Lee Kushner and Mike Murray did a survey asking questions about job satisfaction in information security. Here is a bit of what they found.
    Job Satisfaction in Security | Information Security Leaders
    Tags: ( career )
  5. Part 2 of Ax0n's evil how-to is up.
    HiR Information Report: Evil WiFi Part 2: Metasploit Framework Setup
    Tags: ( wireless hacking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dark Reading is hosting a free all-day virtual conference titled "Dealing with Insider Threats" next week.
    Dark Reading To Hold Virtual Conference On Insider Threats Next Week - security events/Security - DarkReading
    Tags: ( conference )
  2. You can download the cfp document and instructions for RSA USA 2010 already. The website will be live for submission soon. The deadline is August 15th since the conference is a month earlier next year.
    RSA Conference 365
    Tags: ( cfp rsa-usa-2010 )
  3. Mubix gave an impromptu talk about Metasploit last night and this happened. Just hilarious.
    YouTube - Anon's raid Mubix
    Tags: ( humor )
  4. Here's a place to read about information security FUD or offer your own stories about it.
    Welcome To fudsec.com - fudsec.com
    Tags: ( fud )
  5. Jeremiah offers some thoughts on why vulnerable code should still be fixed after a web application firewall has been installed. Good comments too.
    Jeremiah Grossman: Why vulnerable code should be fixed even after WAF mitigation
    Tags: ( waf )
  6. Looks like all the hoopla about OpenSSH yesterday was just that, hoopla.
    OpenSSH 0day FUD
    Tags: ( openssh )
  7. A nifty reference card for 802.11.
    Will Hack For SUSHI >> 802.11 Pocket Reference Guide
    Tags: ( 802.11 )
  8. Lee Kushner and Mike Murray will be on PaulDotCom tonight at 7:00PM EDT. Cool stuff. Post tells what they will be talking about.
    InfoSec Leaders on PaulDotCom Tonight | Information Security Leaders
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You have probably already seen that Google announced they will be releasing the Google OS next year. Here is the official announcement. Personally, it seems like just another flavor of Linux to me. Hopefully I am proven wrong.
    Official Google Blog: Introducing the Google Chrome OS
    Tags: ( google )
  2. In these difficult times, with layoffs and job searches going on all the time, it helps to be ready for those wonderful interview questions. Here are 50 common ones with some guidance on coming up with an answer. Having answers prepared before you enter the interview room is a great thing to do. It has always helped me.
    50 COMMON INTERVIEW Q&A << Bhuvana Sundaramoorthy's Blog
    Tags: ( career )
  3. /str0ke announced yesterday that he would no longer be moderating MilW0rm. There was all sorts of panic on the interwebs. Luckily he tweeted today that he has found others to take up the reins. Yeah!
    milw0rm Shutting The Doors : Liquidmatrix Security Digest
    Tags: ( exploits )
  4. Dave has some good thoughts and some slides answering the question he himself posed to a panel he sat on at the SANS Forensics Summit. The question was "What should incident handlers be doing to help improve information security operations overall?"
    trustedsignal -- blog: SANS Forensics Summit
    Tags: ( incident-response )
  5. The contest to find security vulnerabilities in Google Native Client is over. See who the winner is in this article.
    Google announces winner of the Native Client Security Contest - News - The H Security: News and features
    Tags: ( google )
  6. Here is a nice description of a how Distributed Denial of Service attacks work. It even has pretty pictures for people like me 🙂
    Roger's Security Blog : Distributed Denial of Service - and how it works
    Tags: ( ddos )
  7. Raf has a good point. You need to understand the app you are testing. He offers some thoughts on a method of doing that.
    Digital Soapbox - Preaching Security to the Digital Masses: The Importance of Understanding Flow
    Tags: ( appsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A Panda Labs challenge is up. This is the first of three this month.
    Panda Challenge - "All that glitters is not gold" - PandaLabs
    Tags: ( challenge )
  2. Someone asked Lee what he should be looking for when seeking a recruiter to help him find employment. Lee's response is golden. Check it out.
    Career Advice Tuesday - Selecting a Recruiter | Information Security Leaders
    Tags: ( career recruiter )
  3. Part 4 of Wesley's story about catching a hacker.
    GhostExodus, the ETA, and a Control System Incident at Carrell Clinic (Part 4) << McGrew Security Blog
    Tags: ( hacker )
  4. Hoff has some words on the cloud, security, and enterprises.
    Rational Survivability >> These Apocalyptic Assessments Of Cloud Security Readiness Are Irrelevant...
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has had a threat modeling guide and some tooling for software development for a bit now. Today a guide was released for infrastructure. This could be very nice. I will be checking it out.
    HolisticInfoSec.org: IT Infrastructure Threat Modeling Guide now available
    Tags: ( threat-modeling )
  2. Andrew sat down and did something that each of us should be doing on a regular basis. He wrote a development plan. He didn't call it that, but that is what he did. Remember folks, your career is your responsibility, not your employers.
    Andrew Hay >> Blog Archive >> Training That I Would Like...
    Tags: ( career )
  3. Keep you eyes on this one. Could be some interesting stuff coming next month in regards to third-party twitter services.
    Coming in July: Month of Twitter Bugs | Zero Day | ZDNet.com
    Tags: ( twitter )
  4. Some interesting data collected on infosec professionals and why they move about. The full report is linked to in the post.
    Why do infosec consultants move jobs? | The Infosec Cynic
    Tags: ( career )
  5. OSSEC is a neat tool. If you want to get the low down, read Wim's post.
    OSSEC in a nutshell << The Security Kitchen
    Tags: ( hids ossec )
  6. You've probably seen plenty of warnings about url shorteners and how they present a security problem. Here is some solid proof that you should be careful with them. I'm not saying don't use them, I use them myself. Just be careful when clicking on the that url.
    Cligs short url service hacked, millions redirected | Graham Cluley's blog
    Tags: ( url-shorteners hacked )
  7. Craig has a great post up that I need to read a couple more times. Worth taking a look at. While you are at it, why not get engaged in the conversation.
    Stop the Madness! Cloud Onboarding Audits - An Open Question... | Cloud Security
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Mike Murray and Lee Kushner have a podcast series that each of us should be listening to.
    When Your Security Career Gets Hacked - Dark Dominion Blog - Dark Reading
    Tags: ( career )
  2. Both amusing and helpful.
    Job Interview: How To Nail An Interview (20 Tips)
    Tags: ( career interviewing )
  3. Go ahead write those passwords down. Just not all of it. I like this idea as long as we are careful in picking the "pin" part, i.e. don't use your birthday 🙂
    Put Your Passwords on a Post-it - F-Secure Weblog : News from the Lab
    Tags: ( passwords )
  4. The annual FBI cryptography challenge is up. Go crack em' up.
    FBI Annouces Annual Can-You-Crack-the-Code Challenge
    Tags: ( cryptography challenge )
  5. Christofer is talking about something he touched on at RSA and before, who manages the network in the virtually cloudy world, the server admins or the network admins or both?
    Rational Survivability >> Quick Bit: Virtual & Cloud Networking - Where It ISN'T Going...
    Tags: ( virtualization networking )
  6. Another PDF parsing vulnerability in BES. I believe a patch is now available.
    How to control a Blackberry Enterprise Server with just a PDF | Graham Cluley's blog
    Tags: ( pdf rim blackberry vulnerability )
  7. McAfee did a study to determine what the riskiest search terms are. This report is the result of that study. Note: Link goes to PDF (via: eWeek)
    The Web's Most Dangerous Search Terms
    Tags: ( malware search )
  8. This is a nice article on using ITIL to improve and strengthen your information security program.
    How ITIL Can Improve Information Security
    Tags: ( itil )
  9. An interesting exploration of a insider attack on California Water Service Company that occurred recently.
    Ascension Blog >> He did WHAT?!?!
    Tags: ( breach )
  10. L0phtcrack is back and raring to go.
    L0phtcrack 6 Site Is Live : Liquidmatrix Security Digest
    Tags: ( passwords tools l0phtcrack )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

First of all, this is my 300th post to the blog. WooHoo! I am simply amazed by that number and by the fact that I still enjoy doing this so much.

Anyway, good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You can now control, to a certain extent, what and when some Google apps, including Chrome, will be updated via group policy objects.
    Google Changes Chrome Update Features - Security Watch
    Tags: ( google chrome updates )
  2. Got some extra equipment laying around? Johnny is looking for donations for the work they will be doing in Uganda.
    The equipment donation list | IHS
    Tags: ( general )
  3. Rich offers some thoughts on things to think about when securing medical records.
    Securosis Blog | Security Requirements for Electronic Medical Records
    Tags: ( medical )
  4. Matt has pulled together a bunch of links and posts with tips to getting into information security and what to do once you get there.
    A lot of Information Security Career Advice | MattJay Security
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NIST takes on defining the cloud.
    Are the feds the first to a common cloud definition? | The Wisdom of Clouds - CNET News
    Tags: ( cloud )
  2. Ed has penned a nice article on SCAP and vulnerability management.
    How SCAP Brought Sanity to Vulnerability Management
    Tags: ( vulnerability-management )
  3. Want to help shape cloud guidance documentation? Craig tells you how.
    The Cloud Security Alliance Needs You | Cloud Security
    Tags: ( cloud )
  4. This is a bit scary.
    Breaking Into a Home With an iPhone | GNUCITIZEN
    Tags: ( data-availability )
  5. Adrian has a link to a video you must watch. Then ask yourself how far is it from happening.
    Securosis Blog | Data Harvesting and Privacy
    Tags: ( privacy surveillance )
  6. A very good interview that you should read. I caught Lee and Mike Murray's career talk and the ensuing question period at Defcon 15. Good stuff.
    Art of Information Security >> AoIS Interviews Lee Kushner, Part 2
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Whew! What a relief. Apparently I don't need to be concerned about security when using cloud services. It really isn't that big a deal. Well, at least according to this blog post.
    Clavister: Cloud security concerns are unfounded : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( cloud )
  2. An interesting issue still exists in Windows 7.
    Windows 7 Fail - F-Secure Weblog : News from the Lab
    Tags: ( windows-7 )
  3. Dave developed a checklist based on the CWE/SANS Top 25 programming errors. As he says, a checklist doesn't make you secure. However, it sure doesn't hurt either.
    trustedsignal -- blog: Application Security Checklist
    Tags: ( webappsec checklist development )
  4. Bill shares his second set of tips on a career in security. This time for those that are looking for a gig, instead of looking to keep the one they have.
    Career Advice for Security Geeks, Part 2 : The Security Catalyst
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a great article that peeks into the realities of whether secure coding is less expensive than fixing vulnerabilities after they are detected in production.
    Jeremiah Grossman: Mythbusting, Secure code is less expensive to develop
    Tags: ( cost secure-coding )
  2. You should be aware that you may get IE8 whether you want it or not.
    Security Fix - Microsoft Pushing Out IE8 Through Auto Update
    Tags: ( microsoft patches ie8 )
  3. A nice how-to on using nmap and Nessus together to produce command line Nessus scans.
    Tenable Network Security: Using Nmap Results With Nessus Batch Scanning
    Tags: ( nmap nessus )
  4. Bill gives us some really good advice on how to avoid being the one that needs to look for that new job.
    Career Advice for Security Geeks, Part 1 : The Security Catalyst
    Tags: ( career )
  5. A very nice article regarding what happens when nothing happens.
    The Irony Of Preventing Security Failures - Hacked Off - Dark Reading
    Tags: ( spending )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }