Boy, you can tell it's a Monday. We have a big batch of interesting bits to take a peak at today.
Here are today's Interesting Information Security Bits from around the web.
- This is a long post, but a great recap of the 2009 CSAW-CTF competition. Good stuff in there. You can even try some of the challenges yourself.
Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas
Tags: ( challenge )
- I don't usual point to recap posts, but Rich has a very good thought in the introduction to last week's Friday summary. Something I am dealing with myself.
Securosis Blog | Friday Summary: January 22, 2010
Tags: ( general )
- It isn't only credit card, SSNs and bank account details that are being traded by the fraudsters anymore.
Zscaler Research: Watch out Bill Gates...
Tags: ( social-media fraudsters )
- If you use any of these passwords anywhere, I strongly suggest you go change it right now.
Top 20 website passwords you shouldn't be using | Graham Cluley's blog
Tags: ( passwords )
- The latest pass at the old 'is certification worth a pickle?' question. Actually, a good article with some good advice. The comments are of value too.
Securosis Blog | The Certification Myth
Tags: ( certification )
- Dave peels back a couple layers of the security mind and peeks at what's inside.
ShackF00 >> A Glimpse Into the Security Mindset
Tags: ( security mindset )
- Ax0n digs into a new lock. Nifty stuff.
HiR Information Report: Review: Master 1500iD "Speed Dial" lock
Tags: ( locks )
- Hoff offers some sage advice on compliance and cloud computing.
Cloud: Security Doesn't Matter (Or, In Cloud, Nobody Can Hear You Scream) | Rational Survivability
Tags: ( cloud compliance )
- Brian has a neat little exploration of a browser exploit kit.
A Peek Inside the 'Eleonore' Browser Exploit Kit -- Krebs on Security
Tags: ( exploit browser )
- This time we learn a little more about Wim, a very good on-line friend of mine. We haven't met in person yet, but I know that will happen some day.
Andrew Hay >> Blog Archive >> Information Security D-List Interview: Wim Remes
Tags: ( interview d-list )
- Oops. Looks like Google forgot their 'Do no evil' motto again.
Sunbelt Blog: Google Toolbar tracks searches after it's disabled.
Tags: ( google-toolbar data-leakage )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
/dev/null - ramblings of an infosec professional: Security Exemptions
Tags: ( policy )
- Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
The Writing Funnel (The Falcon's View)
Tags: ( general writing )
- A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
Network Forensics Puzzle Contest
Tags: ( forensics contest answer )
- This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
Tags: ( cloud privacy )
- Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
Tags: ( virtualization )
- Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
The policy bootstrapping problem.
Tags: ( policy )
- Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
Cyber Security Awareness Month
Tags: ( awareness )
- Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
Tags: ( risk-management )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- Here's a new challenge for you. The winner will be announced in San Diego in September.
philosecurity >> Blog Archive >> Network Forensics Puzzle Contest!
Tags: ( challenge network-forensics )
- This is just a lot of fun. Link goes directly to PDF.
WHEN ZOMBIES ATTACK!: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION (PDF)
Tags: ( general )
- Here is a huge list of cheat sheets you will find useful.
System Advancements at the Monastery >> Blog Archive >> What's in Your Folder: Security Cheat Sheets
Tags: ( cheatsheet )
- Steve has written a post on things not to do when implementing VDI. He calls them anti-patterns. I like that term. Going to have to remember it. This is a good read if you are considering rolling out this type of infrastructure and especially if you already have.
ViewYonder >> Feeding the IT Shriekometer: 5 VDI anti-patterns
Tags: ( vdi )
- As I have mentioned before, the team I participated on for the Mystery Challenge at Defcon 17 tied for second place this year. Cutaway has written up a great recap that makes me even more bummed that I missed out this year and more motivated to be there for next years challenge.
Security Ripcord >> Blog Archive >> MysteryChallenge - DefCon 17
Tags: ( mystery-challenge )
- Some guidance on surviving a third-party on-site audit. Good stuff.
Surviving a third party onsite audit
Tags: ( audit )
- "Run, run away. We've been hacked......um, never mind, it was something else." The Security Shoggoth reminds us, that it isn't always about security. Which brings the following saying to mind, "When all you have is a hammer, every problem looks like a nail."
The Security Shoggoth: Its Not Always A Security Issue
Tags: ( general )
- There are an increasing number of conversations going on about whether Facebook and its ilk should be allowed on corporate networks. The Marines have taken the stance that social networking sites are not allowed. This post by Chris reinforces that decision. It's dangerous out there folks. Be careful.
Two Facebook Threats In One Day... - SpywareGuide Greynets Blog
Tags: ( facebook )
- One of the three legs of the CIA triad, which is the foundation of information security, is availability. This post is the first of a series that will be exploring this facet of information security.
A Data Protection Reference Architecture - Part 1 - Backup & Beyond
Tags: ( availability backup )
- Here is an interesting article about Windows 7, XP Mode, Vista and a few other tidbits.
Roger's Security Blog : Why Windows 7 XP Mode makes sense from a security perspective
Tags: ( microsoft windows-7 xp )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin