Hi folks. Lots of stuff today so let's just get to it.

From the Blogosphere.

Alan over at Security Thoughts answers Dre's post about the CISSP is on it way out. I tend to agree with Alan more that Dre, but understand Dre's point also. How's that for being wishy washy. Go read both.

Jeremiah asks 5 questions about webappsec in order to generate some conversation. Good reading in there.

By way of Zero Day, Sourcefire has released a free tool, OfficeCat, that attempts to scan Microsoft Office files for detection of possible exploits. Very nifty.

Rebecca has an article up that gives us Sixs Ways Organizations Can Lessen Mobile Computing Risks. Good collection of things to think about.

Matasano has some comments available about several vulnerabilities in Ruby. Everybody using Ruby has some patching to do.

Anton is happy about the release of their CEE (Common Event Expression) white paper.

Jeremiah is really on a roll with the asking of interesting questions that spark some great interaction. The question this time, "Day 1: Starting at the beginning". Your a new hire in charge of security, what are your first steps. BTW - Congratulate him on achieving his purple belt in Brazillian Jiu Jitsu while you are there.

From the Newsophere.

Via Dark Reading, a researcher is going to be demonstrating a remote permanent denial-of-service (PDOS) attack at EUSecWest this week. Should be interesting.

Also from Dark Reading, Fortinet has been awarded four new patents for network virtualization and security related inventions.

Information Week
has a Reuters article up that informs us that the bill shielding U.S. telephone companies from lawsuits has passed the House.

Well that's it. Have a great day.

KevinTechnorati Tags: , , , , , , , , ,


And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.


Technorati Tags: , , , , , , , , , ,