Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very interesting blog post. The obvious is not always where you should be looking.
    Developing Security: The Curious Case of the Careless Civic
    Tags: ( incident-response )
  2. CIS has a free benchmark for the iPhone available. If you are familiar with their efforts in the world of Windows and others, you will know that they put out quality stuff.
    CIS issues free benchmark on iPhone security
    Tags: ( cis benchmark iphone )
  3. Russ points out that Applicure has a free tool, WebTuff, available that will test you systems for the IIS 5-6 WebDAV vulnerability. WebTuff checks for WebDAV vulnerability
    Tags: ( tools webdav )
  4. Defcon has a new area that archives tools talked about at the conference. Thanks to Rob Fuller for helping out.
    DEFCON(r) Hacking Conference - Archive of Hacking Tools Released at DEFCON
    Tags: ( defcon tools )
  5. Chris has posted some tips and guidance on things to consider when issuing an RFP for your QSA vendor. First read it for just that. Then replace QSA with penetration test, consulting gig, etc. These are great tips for all RFP processes.
    QSA Vendor Selection - Points of Consideration << Risktical Ramblings
    Tags: ( rfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.