citrix

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a quick list of things to try when pen testing a Citrix installation
    Narkolayev Shlomi: Hacking Citrix and Terminal Server Techniques
    Tags: ( citrix pentesting )
  2. Good article on the data cleanup portion of identity management.
    Data Cleanup Part 1: Primary UserIDs : The Security Catalyst
    Tags: ( identity-management )
  3. Neat website on SSL.
    SSL Labs
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. F-Secure has a great Q&A posted about Conficker. Short version: Like the good book [Hitchhiker's Guide to the Galaxy] says, "Don't Panic!"
    Questions and Answers: Conficker and April 1st - F-Secure Weblog : News from the Lab
    Tags: ( malware conficker )
  2. A very thoughtful and thought generating piece by Jeremiah. The comments are also worth reading. I am very interested to see where this goes and hope to be a part of it in some small way.
    Jeremiah Grossman: Website security needs a strategy
    Tags: ( webappsec )
  3. Some nice guidance for when you decide to develop that file upload utility.
    SecuriTeam Blogs >> File upload security recommendations
    Tags: ( secure-coding )
  4. Lorrie reviews Michael's book which I have also reviewed. I agree with everything she says.
    Why you must dive Into the Breach
    Tags: ( books reviews )
  5. Time to patch OpenSSL.
    OpenSSL patches three security holes | Zero Day | ZDNet.com
    Tags: ( vulnerability patches openssl )
  6. Daniel puts together a very good set of observations regarding information security as an enabler. Like Daniel, I am not a proponent of presenting information security as a enabler. Except for specific cases where information security related activities/products actually produce your revenue stream, it does not increase revenue, provide efficiencies, or other wise make it 'easier' to do business. It IS a vital part of doing all the above safely and responsibly however.
    The Problem With Selling Information Security as a "Business Enabler" | dmiessler.com
    Tags: ( opinion )
  7. More yummy goodness from Synjunkie on abusing Citrix servers.
    Syn: Abusing Citrix - Part 4
    Tags: ( hacking citrix )
  8. Andrew is tackling a topic that is near and dear to us all, being provided development opportunities by our employers.
    A Multipart Letter to Employers of Security Professionals : The Security Catalyst
    Tags: ( general )
  9. Go give your six words on security. I will be.
    6 words on Security: A Challenge : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You may have already heard, but Heartland and RBS are having some PCI issues.
    Visa yanks creds for payment card processing pair * The Register
    Tags: ( pci )
  2. Good tips and suggestions here.
    Gaining and Maintaining Professional Momentum During Difficult Times : The Security Catalyst
    Tags: ( career )
  3. Nifty information on digging into what information Firefox keeps as you peruse the internet.
    Firefox 3.X Forensics: Using F3e << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics firefox )
  4. A nice source for lots of HIPAA information. (Via @privacyprof)
    FAQ: What is the impact of HIPAA on IT operations?
    Tags: ( hipaa )
  5. Yup. Part 3 of Synjunkie's "Abusing Citrix" series is up. Again, good stuff.
    Syn: Abusing Citrix - Part 3
    Tags: ( hacking citrix )
  6. Jeff has a great post about first solutions and thoughts. Good stuff.
    How to Catch a Balloon : The Security Catalyst
    Tags: ( general )
  7. Chris has a real good primer/reminder on performing an effective and complete application security risk assessment. Good stuff. I hope he gets permission to share more details.
    Application Security Risk Assessments << Risktical Ramblings
    Tags: ( risk assessment application )
  8. Bill has a slide show up from his trip to Boston for SOURCEBoston.
    CSO Online - Security and Risk - Slideshow - SOURCE Boston Security Conference - Slide 1
    Tags: ( source conferences )
  9. Wow. Just wow. (via @brianhonan)
    Drunken BOFH wreaks $1.2m in Oz damage * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Via @alexhutton, this article is very interesting. Those who are interested in measuring and communicating risk should read it.
    2845 ways to spin the Risk | Understanding Uncertainty
    Tags: ( risk management )
  2. Rob (@mubix) posted a nifty how-to the other day and was taken to task for it. He responds publicly. His response and the comments are worthy of a read.
    The Ethics of Teaching Hacking | Room362.com
    Tags: ( ethics )
  3. Yup, time to make sure your patching is working on your Windows 7 Beta installs.
    Windows 7 beta gets its first security update - Ars Technica
    Tags: ( infsec microsoft patches windows-7 )
  4. This is quite cool. Requires authenticated scans, but does give the opportunity to see who is using USB drives on your systems.
    Tenable Network Security: USB Device History Auditing with Nessus
    Tags: ( nessus )
  5. Here's a script to help you lock down your IIS 6 installations. Careful though. It's brand new and has not been tested extensively.
    Script to lock down IIS paths - Nazim's IIS Security Blog : The Official Microsoft IIS Site
    Tags: ( iis scripts securing )
  6. Part 2 is up on not being nice to your Citrix installation 🙂
    Syn: Abusing Citrix - Part 2
    Tags: ( hacking citrix )
  7. In my opinion, yes, the BBC broke the law.
    Did BBC break the law by using a botnet to send spam? | Graham Cluley's blog
    Tags: ( botnet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Larry walks us through how he built his shmoocannon for 2009.
    Building of the 2009 Shmooball Cannon
    Tags: ( hacking shmoocon )
  2. Synjunkie as being mean to his Citrix server in this series.
    Syn: Abusing Citrix - Part 1
    Tags: ( citrix )
  3. An interesting article about where Richard thinks the majority of security jobs will be in the future.
    TaoSecurity: Thoughts on Technology Careers for the Next Generation
    Tags: ( career )
  4. There's a little more help available now for getting compliant with PCI requirements.
    Befuddled companies get checklist for complying with PCI security standard
    Tags: ( pci )
  5. There may be some new guidance coming for disclosure in California.
    California bill spells out what companies have to say about data breaches
    Tags: ( privacy disclosure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }