challenge

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The latest Packet Challenge is up.
    "Name That Tune" - Packet Challenge << I Smell Packets
    Tags: ( challenge forensics )
  2. The speaker list has been finalized for CarolinaCon. Check it out.
    CarolinaCon: The NC Regional Technology Conference - March 19th, 20th, and 21st 2010
    Tags: ( conferences carolinacon )
  3. More OSSEC fun. This time using Logwatch.
    Combining Logwatch and OSSEC >> chrisbrenton.org
    Tags: ( ossec logging )
  4. Here is a nifty reverse engineering example.
    Traversing a 'DLL': Financial Crimeware (Banker) << TraverseCode.com
    Tags: ( reverse-engineering malware )
  5. The Symantec State of Enterprise Security Report for 2010 is out. I haven't read it yet, but it is on the pile.
    Symantec State of Enterprise Security Report (application/pdf Object)
    Tags: ( report )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Beware of hasty decisions, early indicators and selection bias.
    (Mis)reading the runes << wirewatcher
    Tags: ( incident-response )
  2. The call for papers for Defcon 18 is open. Get to work.
    DEF CON(r) 18 Hacking Conference - Call for Papers Announcement
    Tags: ( cfg defcon-18 )
  3. As if managing VoIP wasn't difficult enough already, let's through in steganography.
    A new VoIP threat - steganography - RiskPundit
    Tags: ( voip steganography )
  4. This might be a good post to keep handy in the event you need to backout a patch and can't boot.
    Using Linux to back out a Windows XP patch - Computerworld Blogs
    Tags: ( patching recovery )
  5. Challenge number 2 is ready for your attention. Give it a go.
    Forensic Challenge 2010/2 - "browsers under attack" is now online | The Honeynet Project
    Tags: ( forensics challenge )
  6. A lovely article about flash cookies and what they can tell a forensic investigator.
    Local Shared Objects, aka Flash Cookies
    Tags: ( flash cookies privacy )
  7. An interesting topic, tokenization, is covered quite well in this post on InfoCynic.
    A New Approach to Enterprise Data Security | Infosec Cynic
    Tags: ( encryption tokenization )
  8. A few things you should be aware of regarding the HITECH act.
    7 Things You Need to Know About HITECH | Optimal Security: The Lumension Blog
    Tags: ( hitech )
  9. Alex opines on the cloud, metrics and faith. A good read.
    On Cloud Security Metrics >> Dub Cloud
    Tags: ( cloud metrics )
  10. I have attended a couple virtual conferences and enjoyed them. A good line-up here.
    Infosecurity (UK) - 2010 Virtual Conference on Endpoint Security - Beyond the Perimeter - Full conference programme revealed
    Tags: ( conference virtual )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Boy, you can tell it's a Monday. We have a big batch of interesting bits to take a peak at today.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a long post, but a great recap of the 2009 CSAW-CTF competition. Good stuff in there. You can even try some of the challenges yourself.
    Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas
    Tags: ( challenge )
  2. I don't usual point to recap posts, but Rich has a very good thought in the introduction to last week's Friday summary. Something I am dealing with myself.
    Securosis Blog | Friday Summary: January 22, 2010
    Tags: ( general )
  3. It isn't only credit card, SSNs and bank account details that are being traded by the fraudsters anymore.
    Zscaler Research: Watch out Bill Gates...
    Tags: ( social-media fraudsters )
  4. If you use any of these passwords anywhere, I strongly suggest you go change it right now.
    Top 20 website passwords you shouldn't be using | Graham Cluley's blog
    Tags: ( passwords )
  5. The latest pass at the old 'is certification worth a pickle?' question. Actually, a good article with some good advice. The comments are of value too.
    Securosis Blog | The Certification Myth
    Tags: ( certification )
  6. Dave peels back a couple layers of the security mind and peeks at what's inside.
    ShackF00 >> A Glimpse Into the Security Mindset
    Tags: ( security mindset )
  7. Ax0n digs into a new lock. Nifty stuff.
    HiR Information Report: Review: Master 1500iD "Speed Dial" lock
    Tags: ( locks )
  8. Hoff offers some sage advice on compliance and cloud computing.
    Cloud: Security Doesn't Matter (Or, In Cloud, Nobody Can Hear You Scream) | Rational Survivability
    Tags: ( cloud compliance )
  9. Brian has a neat little exploration of a browser exploit kit.
    A Peek Inside the 'Eleonore' Browser Exploit Kit -- Krebs on Security
    Tags: ( exploit browser )
  10. This time we learn a little more about Wim, a very good on-line friend of mine. We haven't met in person yet, but I know that will happen some day.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Wim Remes
    Tags: ( interview d-list )
  11. Oops. Looks like Google forgot their 'Do no evil' motto again.
    Sunbelt Blog: Google Toolbar tracks searches after it's disabled.
    Tags: ( google-toolbar data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I can't remember if I pointed to part one of this, but I think I did. Anyway, here are the answers. There is a link to part 1 if you haven't seen it yet.
    Can you find the vulnerabilites? Part Two << Security Ninja
    Tags: ( challenge answers )
  2. The Atlanta NAISG chapter is celebrating their one year anniversary. You should go check it out next week if you are in the area.
    Atlanta NAISG November Meeting >> Andy ITGuy
    Tags: ( meetings naisg atlanta )
  3. A couple of federal bills about breaches are getting closer to possibly becoming laws. See inside for a bit more detail.
    National Data Breach Laws Move Through Senate | Threat Level | Wired.com
    Tags: ( data-leakage breach law )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hi there folks. I know it's been awhile since we've had a bits post, but never fear. I did not just click 'mark all read' and am making my way through the back log. For the next few days you should see a bits post for that day and a catch-up post. This is the first catch-up post. I apologize, but the catch-up posts will probably be commentless like this one.

  1. The Ethical Hacker Network - SSHliders
    Tags: ( challenge )
  2. Nikto 2.10 released << Ramblings of the anal security guy
    Tags: ( nikto tools webappsec )
  3. Twitter Risks | The Infosec Cynic
    Tags: ( twitter humor )
  4. Syn: Abusing VLANs With BackTrack
    Tags: ( vlans backtrack )
  5. Carnal0wnage Blog: Oracle Hacker's Handbook Book Review
    Tags: ( book review oracle )
  6. Securosis Blog | IDM: Reality Sets In
    Tags: ( idm )
  7. Do the Evolution... - fudsec.com
    Tags: ( profession )
  8. Are Security "Best Practices" Unethical? << The New School of Information Security
    Tags: ( best-practices risk-management )
  9. Information Escapology << wirewatcher
    Tags: ( passwords logging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Matasano has a challenge for you. Find the problem with this C++ code.
    Matasano Security LLC - Chargen - A C++ Challenge
    Tags: ( challenge exploit )
  2. Trying to setup a lab environment for pen testing and general security learning efforts. Check out this authors efforts so far.
    Virtual lab machines << Infosanity's Blog
    Tags: ( lab )
  3. Trying to figure out which NSM product is the right one for you? Richard has some thoughts on how to do just that. No brands or vendors mentioned, just characteristics and platforms.
    TaoSecurity: NSM in Products
    Tags: ( nsm )
  4. Here is an interesting list you can compare your scanner, or the scanner you are evaluating, against.
    IBM Rational Application Security Insider: Web Application Security Scanner Evaluation Criteria v1.0 released!
    Tags: ( scanners )
  5. Dark Reading has a new Tech Center devoted to vulnerability management news and analysis.
    Vulnerability Management Tech Center: News and Analysis
    Tags: ( vulnerability-management )
  6. Hoff says what I've been thinking. Everything isn't cloud and every failure isn't the cloud's fault.
    Cloud: The Other White Meat... | Rational Survivability
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Wow, this has been a crazy busy week.

My apologies for not taking the time to get the daily bits posts out the door. However, don't despair. I have a bumper crop for you today because I have been keeping my eye on things.

Unfortunately you will have to do without my pithy (or so I'd like to believe) comments today. 🙂

Also, RSA Europe 2009, where I'll be speaking, is right around the corner along with some vacation time, so you will see fewer bits posts over the next couple weeks and they will probably be like this one.   I will be back in full gear after the conference. I will blog when I can on what I see at RSA though.

Anywho, here are today's (this weeks) Interesting Information Security Bits from around the web.

  1. Immutable Security >> Low and Slow SSH Brute Force Attacks
    Tags: ( ssh )
  2. Real World Stories: How Pen Tests Complement Vulnerability Scans << Core Security Technologies
    Tags: ( wepappsec pentest )
  3. Visa Announces New Data Encryption Practices
    Tags: ( pci )
  4. 'What's wrong with Smelly Widgets?' - Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  5. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - FRHACK01 copy of presentations
    Tags: ( conference presentations )
  6. Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft | Hackers Center Blogs
    Tags: ( passwords )
  7. AVG Stepping Up Consumer Anti-Virus Offerings | Darknet - The Darkside
    Tags: ( anti-virus avg )
  8. Man banished from PayPal for showing how to hack PayPal * The Register
    Tags: ( paypal )
  9. Book Review: The Rootkit Arsenal << McGrew Security Blog
    Tags: ( books reviews )
  10. Jeremiah Grossman: All about Website Password Policies
    Tags: ( infosce passwords )
  11. Digital Soapbox - Preaching Security to the Digital Masses: Things I Learned at SecTor 2009
    Tags: ( conference toorcon recap )
  12. TaoSecurity: Technical Visibility Levels
    Tags: ( avialability monitoring )
  13. SSL Still Mostly Misunderstood - DarkReading
    Tags: ( ssl )
  14. Anton Chuvakin Blog - "Security Warrior": Compliance != Security, Does Security = Compliance?
    Tags: ( compliance security )
  15. A Page from Singapore's Cybersecurity Playbook | Optimal Security: The Lumension Blog
    Tags: ( general )
  16. You Can't Always Be Proactive - Hacked Off - Dark Reading
    Tags: ( general )
  17. Security Uncorked >> Good, Bad and Ugly: On SecTor's Wall of Shame
    Tags: ( passwords wireless )
  18. CSS History Hack Used To Ban Torrent Users ha.ckers.org web application security lab
    Tags: ( css )
  19. Yahoo Best Jobs in America ranks infosec professional #8
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
    /dev/null - ramblings of an infosec professional: Security Exemptions
    Tags: ( policy )
  2. Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
    The Writing Funnel (The Falcon's View)
    Tags: ( general writing )
  3. A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
    Network Forensics Puzzle Contest
    Tags: ( forensics contest answer )
  4. This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
    Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
    Tags: ( cloud privacy )
  5. Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
    Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
    Tags: ( virtualization )
  6. Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
    The policy bootstrapping problem.
    Tags: ( policy )
  7. Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
    Cyber Security Awareness Month
    Tags: ( awareness )
  8. Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
    Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The title says it all. SAINT 7 has been released.
    SAINT 7 released
    Tags: ( saint scanner tools )
  2. Anue Systems interviews Jack Daniel.
    Security Pros on Twitter (SPoT): Jack Daniel/@Jack_Daniel - The Network View
    Tags: ( infoec interview )
  3. Lenney Zeltser, who teaches a popular malware analysis course for SANS, has made one of his slide decks available online. The cool part, the speaker notes are included. Note: You can also watch the recorded webcast.
    Introduction to Malware Analysis - Free Webcast by Lenny Zeltser
    Tags: ( malware analysis )
  4. The T2'09 challenge is up.
    T2'09 Challenge - F-Secure Weblog : News from the Lab
    Tags: ( challenge )
  5. This is the second half of a post pointed to recently. Interesting stuff.
    >> The Internet After Dark (Part 2) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  6. So, um, all those wonderful security cameras...basically worth bupkiss in stopping or solving crime. There goes that argument for why Big Brother is your friend.
    Schneier on Security: On London's Surveillance Cameras
    Tags: ( surveillance privacy cameras )
  7. An interesting exploration of free security products.
    Plausible Deniability >> Freegan-ism: how free product might upset the anti malware space
    Tags: ( anti-virus anti-malware opinion )
  8. If you are running an FTP server on top of IIS 5 or 6 on Windows 2000, you will want to check this out and put in some extra logging if you can't turn that puppy off.
    IIS5&6 FTP Stack Overflow Zeroday : Liquidmatrix Security Digest
    Tags: ( iis ftp win2k )
  9. The author has a very good point. Worth a read.
    stop the alert(); - The HP Security Laboratory Blog | HP Web Application Security -
    Tags: ( xss )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here's a new challenge for you. The winner will be announced in San Diego in September.
    philosecurity >> Blog Archive >> Network Forensics Puzzle Contest!
    Tags: ( challenge network-forensics )
  2. This is just a lot of fun. Link goes directly to PDF.
    WHEN ZOMBIES ATTACK!: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION (PDF)
    Tags: ( general )
  3. Here is a huge list of cheat sheets you will find useful.
    System Advancements at the Monastery >> Blog Archive >> What's in Your Folder: Security Cheat Sheets
    Tags: ( cheatsheet )
  4. Steve has written a post on things not to do when implementing VDI. He calls them anti-patterns. I like that term. Going to have to remember it. This is a good read if you are considering rolling out this type of infrastructure and especially if you already have.
    ViewYonder >> Feeding the IT Shriekometer: 5 VDI anti-patterns
    Tags: ( vdi )
  5. As I have mentioned before, the team I participated on for the Mystery Challenge at Defcon 17 tied for second place this year. Cutaway has written up a great recap that makes me even more bummed that I missed out this year and more motivated to be there for next years challenge.
    Security Ripcord >> Blog Archive >> MysteryChallenge - DefCon 17
    Tags: ( mystery-challenge )
  6. Some guidance on surviving a third-party on-site audit. Good stuff.
    Surviving a third party onsite audit
    Tags: ( audit )
  7. "Run, run away. We've been hacked......um, never mind, it was something else." The Security Shoggoth reminds us, that it isn't always about security. Which brings the following saying to mind, "When all you have is a hammer, every problem looks like a nail."
    The Security Shoggoth: Its Not Always A Security Issue
    Tags: ( general )
  8. There are an increasing number of conversations going on about whether Facebook and its ilk should be allowed on corporate networks. The Marines have taken the stance that social networking sites are not allowed. This post by Chris reinforces that decision. It's dangerous out there folks. Be careful.
    Two Facebook Threats In One Day... - SpywareGuide Greynets Blog
    Tags: ( facebook )
  9. One of the three legs of the CIA triad, which is the foundation of information security, is availability. This post is the first of a series that will be exploring this facet of information security.
    A Data Protection Reference Architecture - Part 1 - Backup & Beyond
    Tags: ( availability backup )
  10. Here is an interesting article about Windows 7, XP Mode, Vista and a few other tidbits.
    Roger's Security Blog : Why Windows 7 XP Mode makes sense from a security perspective
    Tags: ( microsoft windows-7 xp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }