cloud

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew shows how to install log2timeline on a SANS Investigative Forensic (SIFT) workstation.
    Andrew Hay >> Blog Archive >> Installing log2timeline on SIFT - Updated Instructions for Ease of Use
    Tags: ( forensics )
  2. Before you fire up your new RDS instance with Amazon, you might want to take a gander at Adriane's post. This is not to say don't do it, just some things to think about before you do.
    Securosis Blog | Amazon RDS Announced
    Tags: ( mysql amazon rds )
  3. Some thoughts about cross-gadget security in Google Wave.
    Cross-Gadget Security in Google Wave
    Tags: ( wave )
  4. Richard pulls together a lot of the conversation about A6.
    TaoSecurity: Initial Thoughts on Cloud A6
    Tags: ( cloud a6 )
  5. As always, if an attacker has physical access, things get much easier.
    My not so evil maid - Truecrypt encryption attack | Security Active Blog
    Tags: ( truecrypt )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here is part 2 of my catch-up posts.

  1. Argument For Anonymity - Secure Computing: Sec-C
    Tags: ( anonymity )
  2. RaDaJo (RAul, DAvid and JOrge) Security Blog: Samurai Web Testing Framework (WTF) Firefox Add-ons Collection
    Tags: (  firefox add-ons )
  3. Medical Records: Stored in the Cloud, Sold on the Open Market | Threat Level | Wired.com
    Tags: ( data-leakage phi cloud )
  4. Moving from a Threat Centric to Trust Centric Endpoint Management Model | Optimal Security: The Lumension Blog
    Tags: ( whitelisting malware )
  5. SharePoint and Security | Retail Information Security
    Tags: ( sharepoint )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. How to Become a Computer Forensics Investigator | Forensics, How To | Enclave Forensics
    Tags: ( forensics career )
  2. How to Cyberstalk Jobs / Cyberstalking Potential Employers
    Tags: ( surveillance privacy screening )
  3. Transparency: I Do Not Think That Means What You Think That Means... | Rational Survivability
    Tags: ( cloud amazon )
  4. Uncommon Sense Security: Hot off the [virtual] presses
    Tags: ( nist )
  5. waiting for patches to release to wsus... (terminal23)
    Tags: ( wsus patching microsoft )
  6. Twitter starts to get serious about spammers | Social Business | ZDNet.com
    Tags: ( twitter spam )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Matasano has a challenge for you. Find the problem with this C++ code.
    Matasano Security LLC - Chargen - A C++ Challenge
    Tags: ( challenge exploit )
  2. Trying to setup a lab environment for pen testing and general security learning efforts. Check out this authors efforts so far.
    Virtual lab machines << Infosanity's Blog
    Tags: ( lab )
  3. Trying to figure out which NSM product is the right one for you? Richard has some thoughts on how to do just that. No brands or vendors mentioned, just characteristics and platforms.
    TaoSecurity: NSM in Products
    Tags: ( nsm )
  4. Here is an interesting list you can compare your scanner, or the scanner you are evaluating, against.
    IBM Rational Application Security Insider: Web Application Security Scanner Evaluation Criteria v1.0 released!
    Tags: ( scanners )
  5. Dark Reading has a new Tech Center devoted to vulnerability management news and analysis.
    Vulnerability Management Tech Center: News and Analysis
    Tags: ( vulnerability-management )
  6. Hoff says what I've been thinking. Everything isn't cloud and every failure isn't the cloud's fault.
    Cloud: The Other White Meat... | Rational Survivability
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
    /dev/null - ramblings of an infosec professional: Security Exemptions
    Tags: ( policy )
  2. Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
    The Writing Funnel (The Falcon's View)
    Tags: ( general writing )
  3. A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
    Network Forensics Puzzle Contest
    Tags: ( forensics contest answer )
  4. This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
    Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
    Tags: ( cloud privacy )
  5. Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
    Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
    Tags: ( virtualization )
  6. Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
    The policy bootstrapping problem.
    Tags: ( policy )
  7. Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
    Cyber Security Awareness Month
    Tags: ( awareness )
  8. Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
    Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Old attacks find a new home. Side-channel attacks against the "Cloud"
    Researchers Find a New Way to Attack The Cloud | threatpost
    Tags: ( cloud )
  2. This seems like a very poor decision.
    Oracle Delays Security Patches For OpenWorld : Liquidmatrix Security Digest
    Tags: ( oracle )
  3. Like Agent J says in "Men in Black II", "No, what you remember is that you used to drive that old busted junk. See, I drive... the new hotness." Brick and mortar bank robbery is the old busted, electronic bank robbery is the new hotness.
    Security Fix - More Business Banking Victims Speak Out
    Tags: ( theft )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Even something as simple as a route you use for your daily run can be a data leakage issue.
    Running into information << Techdulla
    Tags: ( data-leakage social-networking )
  2. If you have a wireless infrastructure based on Cisco APs, you will want to read this one.
    SkyJacking vulnerability discovered on Cisco APs - Security
    Tags: ( wireless cisco )
  3. Last year, for one of my Toastmasters speeches, I gave a quick 7 minute speech about data loss. For that talk, I used the on-line data loss db to grab a few numbers for a period of a week. During that time there were 8 or 9 incidents and several hundred thousand records lost. The majority of those incidents were caused not by malicious behavior, but by mistakes. That's what this article talks about too.
    IDC Report: Most Insider Leaks Happen By Accident - data leak prevention/Security - DarkReading
    Tags: ( data-leakage )
  4. Amazon has announced Virtual Private Clouds and the Hoff has some thoughts to share on the issue.
    Calling All Private Cloud Haters: Amazon Just Peed On Your Fire Hydrant... | Rational Survivability
    Tags: ( cloud private-cloud )
  5. Looks like a new open source project is going to be poking at GSM security.
    GSM to feel the heat from open source project - News - The H Security: News and features
    Tags: ( gsm mobile )
  6. Here are a couple of tips on implementing SharePoint with effective access control.
    Poor Microsoft SharePoint security permissions policies can derail deployments
    Tags: ( sharepoint )
  7. Rob Whiteley is looking for interesting stories about security shifts. Check out the article for what he is after.
    The Forrester Blog For Security & Risk Professionals
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NSS Labs has published their third quarter Browser Security Test.
    Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
    Tags: ( browser )
  2. The Call for Speakers for RSA USA 2010 has been extended a week. Deadline is now August 21st.
    Call for Speakers
    Tags: ( rsa cfp )
  3. Brian talks about hype in the information security market.
    Hyper Security - fudsec.com
    Tags: ( fud )
  4. It has been talked about quite a bit over the last year or more. Can a cloud based solution be PCI compliant? Looks like the answer to that question has been given and by one of the larger cloud providers.
    Network Security Blog >> Cannot achieve PCI compliance with Amazon EC2/S3
    Tags: ( pci cloud )
  5. This is interesting. A botnet being controlled via Twitter.
    >> Twitter-based Botnet Command Channel * Security to the Core | Arbor Networks Security
    Tags: ( twitter botnet )
  6. Is your cell phone telling tales on you? Looks like the Palm Pre might be.
    Is Your Palm Pre Watching You? : Liquidmatrix Security Digest
    Tags: ( surveillance )
  7. Dave offers up a tutorial on encrypting your data backups on the cheap.
    IT Security Expert: Secure Encrypted Data Backup on a Budget Tutorial
    Tags: ( backup encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. MasterCard has published their fine schedule.
    MasterCard Becomes The First Card Brand To Publish PCI Fines | SecTechno
    Tags: ( pci fines )
  2. Nick's rant/opining that is worth a read.
    Showing The Oblomovs The Door - fudsec.com
    Tags: ( general )
  3. Check out Jack's "rantbuttal." His word, not mine, but I really like it 🙂
    Uncommon Sense Security: Smart people saying dumb stuff, again.
    Tags: ( testing )
  4. An interesting discussion of multi-tenancy.
    Rational Survivability >> There's A Difference Between Application/OS Multitenancy and Data(base) Multitenancy
    Tags: ( cloud )
  5. I saw Trey give a version of "Making Money the Blackhat Way" at Secure360 this year. This blog post talks about some interesting issues related to that.
    Jeremiah Grossman: Security Religions and Risk Windows
    Tags: ( general )
  6. Mike's response to Nick's post on Fudsec.
    Chaordic Mind >> Personal Responsibility in Information Security
    Tags: ( general )
  7. Details for the August Atlanta NSAIG meeting are inside.
    NAISG - August Atlanta Meeting >> Andy ITGuy
    Tags: ( naisg atlanta )
  8. Here is a tutorial on lock picking for the beginner.
    Lock Picking 101 * View topic - Beginner's Lockpicking Exercise - by digital_blue
    Tags: ( lockpicking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is pretty nifty. Going to have to play with this one.
    Security Research & Defense : Announcing OffVis 1.0 Beta
    Tags: ( office microsoft )
  2. The inaugural episode of the Cloud Security Podcast is available. Christofer and Craig are looking for feedback. Take a listen and let them know what you think.
    Introducing the Cloud Security Podcast... | Cloud Security
    Tags: ( cloud podcast )
  3. It can't be said often enough. The Riv during Defcon is a dangerous place to be from an information security perspective.
    Malicious ATM Catches Hackers | Threat Level | Wired.com
    Tags: ( defcon )
  4. This is just cool.
    Uncommon Sense Security: Announcing the Warzone Project
    Tags: ( ctf labs )
  5. Twitter is now stopping tweets with malicious urls. Someone mentioned that url shortner services can cause this control to fail, I'm not positive that is the case. Would be interesting to find out though.
    Twitter Now Filtering Malicious URLs - F-Secure Weblog : News from the Lab
    Tags: ( twitter )
  6. A good post with some tips on make your internal router and switch fabric not quite so hack worthy.
    Switch hardening on your network
    Tags: ( network-security )
  7. A new packet challenge is up.
    The Crypto Kitchen - Packet Challenge << I Smell Packets
    Tags: ( challenge )
  8. This is a bit scary. Who needs TEMPEST or other remote methods of reading keyboard actions with this type of thing.
    Hacker demos persistent Mac keyboard attack | Zero Day | ZDNet.com
    Tags: ( malware )
  9. Part of being a successful professional, information security focused or not, is the ability to be an effective presenter. You should look at this.
    Make: Online : Tips on "unpresenting"
    Tags: ( presenting )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }