cheat sheets

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great list of state and country links to privacy information. Via @PrivacyProf
    Links to Privacy Laws
    Tags: ( privacy regulation )
  2. Rsnake has updated his XSS cheat sheet.
    XSS (Cross Site Scripting) Cheat Sheet
    Tags: ( cheatsheet xss )
  3. Per ISC, PacketLife is updating their cheat sheets. Must have stuff.
    Cheat Sheets -
    Tags: ( cheatsheet )
  4. Want to play around with CRSF? Here is a tool that lets you do so. Don't forget, only use it in your lab or on sites you have permission to test. >> Blog Archive >> MonkeyFist Fu: The Intro
    Tags: ( tools csrf )
  5. Here is the answer to the hard version of the recent I Smell Packets challenge.
    Solution to The Crypto Kitchen Packet Challenge (Hard Version) << I Smell Packets
    Tags: ( challenge answer )
  6. An interesting exploration of a possible way to detect encrypted sessions.
    Detecting encrypted traffic with frequency analysis << wirewatcher
    Tags: ( encryption detection )
  7. Bill Brenner had the opportunity to interview Robert Carr, the CEO of Heartland Payment Systems Inc., regarding the massive breach that occurred. Mr. Carr's responses have generated quite a bit of conversation. The I find most disturbing about Mr. Carr's responses is that someone is his position would take this approach to dealing with the situation. Seems like a lot of finger pointing and 'it wasn't me' language for an issue which is ultimately his responsibility.  Please read the next few links after you read the interview to see what others, who are much more eloquent than I, have to say.
    Heartland CEO on Data Breach: QSAs Let Us Down - CSO Online - Security and Risk
    Tags: ( heartland )
  8. Rich's response to the Heartland CEO's comments.
    Securosis Blog | An Open Letter to Robert Carr, CEO of Heartland Payment Systems
    Tags: ( heartland )
  9. Alan's take on the Heartland issue.
    StillSecure, After All These Years: Heartland CEO thought QSAs would make him compliant and secure
    Tags: ( hearland )
  10. Mike's take on the Heartland issue.
    One Man's View: Heartland CEO Must Accept Responsibility - CSO Online - Security and Risk
    Tags: ( heartland )
  11. Andy's take on the Heartland issue.
    Will the real leader please step forward >> Andy ITGuy
    Tags: ( heartland )
  12. Jeff tells it like it is! Actually, he does, but read the whole article to know what I mean.
    The Auditor's Prerogative : The Security Catalyst
    Tags: ( audit )
  13. David may call it an incomplete thought, but I don't.
    Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We're Doing It Wrong << The New School of Information Security
    Tags: ( grc )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.