cloud

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read this. Nao!
    Nao and Zen: Security Koans for Everybody
    Tags: ( general )
  2. Here is an interesting post from Hoff offering a suggestion for the problem of providing compliance information for things in the cloud, not to mention, security management.
    Rational Survivability >> Extending the Concept: A Security API for Cloud Stacks
    Tags: ( cloud )
  3. Here are a few tips from Mr. McGrew on preparing your mobile device for Blackhat/DefCon.
    Loading up your portable device for Vegas << McGrew Security Blog
    Tags: ( defcon )
  4. This could be a problem for a fair number of organizations.
    Society of Payment Security Professionals - Compliance Demystified >> Blog Archive >> 150 Transactions + 1 = QSA assessment: End of Level 4 Merchants
    Tags: ( pci )
  5. Looks like Mastercard will start fining folks who are non-compliant with PCI.
    Branden Williams' Security Convergence Blog: MasterCard to Fine Merchants for Non Compliance
    Tags: ( pci )
  6. A nice post that smashes a few myths that are often touted regarding cloud computing.
    Cloud Myths Dispelled | Eucalyptus Systems Inc
    Tags: ( cloud )
  7. A nice list of things to do to secure your SSH servers.
    Top 20 OpenSSH Server Best Security Practices
    Tags: ( ssh )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A Panda Labs challenge is up. This is the first of three this month.
    Panda Challenge - "All that glitters is not gold" - PandaLabs
    Tags: ( challenge )
  2. Someone asked Lee what he should be looking for when seeking a recruiter to help him find employment. Lee's response is golden. Check it out.
    Career Advice Tuesday - Selecting a Recruiter | Information Security Leaders
    Tags: ( career recruiter )
  3. Part 4 of Wesley's story about catching a hacker.
    GhostExodus, the ETA, and a Control System Incident at Carrell Clinic (Part 4) << McGrew Security Blog
    Tags: ( hacker )
  4. Hoff has some words on the cloud, security, and enterprises.
    Rational Survivability >> These Apocalyptic Assessments Of Cloud Security Readiness Are Irrelevant...
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up at I Smell Packets.
    Packet Challenge - Name that Exploit << I Smell Packets
    Tags: ( challenge packet-capture )
  2. This is an interesting post with some thoughts that can be extended well beyond virtualization.
    View Yonder >> Free the Gladiators!
    Tags: ( virtualization )
  3. This time a peak at php and sessions.
    AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
    Tags: ( session )
  4. Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
    On "PCI Letter"
    Tags: ( pci letter )
  5. Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
    Shutting Down XSS with Content Security Policy at Mozilla Security Blog
    Tags: ( csp mozilla )
  6. Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
    Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
    Tags: ( cloud )
  7. The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
    Apache HTTP DoS tool mitigation
    Tags: ( apache dos )
  8. RSnake take a look at detecting man-in-the-middle proxies.
    Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
    Tags: ( mitm )
  9. Lori offers some thoughts on IPv6 that you should also be thinking about.
    You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
    Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has had a threat modeling guide and some tooling for software development for a bit now. Today a guide was released for infrastructure. This could be very nice. I will be checking it out.
    HolisticInfoSec.org: IT Infrastructure Threat Modeling Guide now available
    Tags: ( threat-modeling )
  2. Andrew sat down and did something that each of us should be doing on a regular basis. He wrote a development plan. He didn't call it that, but that is what he did. Remember folks, your career is your responsibility, not your employers.
    Andrew Hay >> Blog Archive >> Training That I Would Like...
    Tags: ( career )
  3. Keep you eyes on this one. Could be some interesting stuff coming next month in regards to third-party twitter services.
    Coming in July: Month of Twitter Bugs | Zero Day | ZDNet.com
    Tags: ( twitter )
  4. Some interesting data collected on infosec professionals and why they move about. The full report is linked to in the post.
    Why do infosec consultants move jobs? | The Infosec Cynic
    Tags: ( career )
  5. OSSEC is a neat tool. If you want to get the low down, read Wim's post.
    OSSEC in a nutshell << The Security Kitchen
    Tags: ( hids ossec )
  6. You've probably seen plenty of warnings about url shorteners and how they present a security problem. Here is some solid proof that you should be careful with them. I'm not saying don't use them, I use them myself. Just be careful when clicking on the that url.
    Cligs short url service hacked, millions redirected | Graham Cluley's blog
    Tags: ( url-shorteners hacked )
  7. Craig has a great post up that I need to read a couple more times. Worth taking a look at. While you are at it, why not get engaged in the conversation.
    Stop the Madness! Cloud Onboarding Audits - An Open Question... | Cloud Security
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft is looking for some input from us on what we would like to see in the next iteration of the fine Sysinternals Tools. Help make these tools even better.
    SysInternals Survey
    Tags: ( tools sysinternals )
  2. Not specifically information security related, but very good information for those of us with hiring responsibilities.
    Uncommon Sense Security: How to not hire someone
    Tags: ( hiring )
  3. The latest Hak5 is out. Yummy things like packet injection, WPA attacks and virtualization are the topics.
    Hak5 - Technolust since 2005 >> Episode 517 - Packet Injection, WPA Attacks, Virtualization
    Tags: ( video )
  4. Oh boy. This looks very interesting. Time to play in the lab.
    Http over SMTP Proxy << SecTech
    Tags: ( tools pentest )
  5. You see me point at a lot of stuff that Christofer writes. Why? Because he often has things to say that should be heard/read. Therefore, when he says go look at something, I do. You should too! This presentation is awesome.
    Rational Survivability >> Mark Masterson's Brilliant Cloud Security Presentation
    Tags: ( cloud )
  6. Rob has written a nice walk-through on using the PassiveX feature of Metasploit. Obviously, only to be used for good, not evil.
    PassiveX fun with Metasploit | Room362.com
    Tags: ( metasploit pentest tutorial )
  7. Here is an interesting post, even if you are not super versed in Bayesian analysis.
    Voltage Superconductor : A Bayesian approach to understanding tokenization
    Tags: ( bayes )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Mike Murray and Lee Kushner have a podcast series that each of us should be listening to.
    When Your Security Career Gets Hacked - Dark Dominion Blog - Dark Reading
    Tags: ( career )
  2. Both amusing and helpful.
    Job Interview: How To Nail An Interview (20 Tips)
    Tags: ( career interviewing )
  3. Go ahead write those passwords down. Just not all of it. I like this idea as long as we are careful in picking the "pin" part, i.e. don't use your birthday 🙂
    Put Your Passwords on a Post-it - F-Secure Weblog : News from the Lab
    Tags: ( passwords )
  4. The annual FBI cryptography challenge is up. Go crack em' up.
    FBI Annouces Annual Can-You-Crack-the-Code Challenge
    Tags: ( cryptography challenge )
  5. Christofer is talking about something he touched on at RSA and before, who manages the network in the virtually cloudy world, the server admins or the network admins or both?
    Rational Survivability >> Quick Bit: Virtual & Cloud Networking - Where It ISN'T Going...
    Tags: ( virtualization networking )
  6. Another PDF parsing vulnerability in BES. I believe a patch is now available.
    How to control a Blackberry Enterprise Server with just a PDF | Graham Cluley's blog
    Tags: ( pdf rim blackberry vulnerability )
  7. McAfee did a study to determine what the riskiest search terms are. This report is the result of that study. Note: Link goes to PDF (via: eWeek)
    The Web's Most Dangerous Search Terms
    Tags: ( malware search )
  8. This is a nice article on using ITIL to improve and strengthen your information security program.
    How ITIL Can Improve Information Security
    Tags: ( itil )
  9. An interesting exploration of a insider attack on California Water Service Company that occurred recently.
    Ascension Blog >> He did WHAT?!?!
    Tags: ( breach )
  10. L0phtcrack is back and raring to go.
    L0phtcrack 6 Site Is Live : Liquidmatrix Security Digest
    Tags: ( passwords tools l0phtcrack )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NIST takes on defining the cloud.
    Are the feds the first to a common cloud definition? | The Wisdom of Clouds - CNET News
    Tags: ( cloud )
  2. Ed has penned a nice article on SCAP and vulnerability management.
    How SCAP Brought Sanity to Vulnerability Management
    Tags: ( vulnerability-management )
  3. Want to help shape cloud guidance documentation? Craig tells you how.
    The Cloud Security Alliance Needs You | Cloud Security
    Tags: ( cloud )
  4. This is a bit scary.
    Breaking Into a Home With an iPhone | GNUCITIZEN
    Tags: ( data-availability )
  5. Adrian has a link to a video you must watch. Then ask yourself how far is it from happening.
    Securosis Blog | Data Harvesting and Privacy
    Tags: ( privacy surveillance )
  6. A very good interview that you should read. I caught Lee and Mike Murray's career talk and the ensuing question period at Defcon 15. Good stuff.
    Art of Information Security >> AoIS Interviews Lee Kushner, Part 2
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. An interesting Q&A. Check it out.
    Q&A: FBI agent looks back on time posing as a cybercriminal | Security - CNET News
    Tags: ( general )
  2. Here are some interesting statistics.
    PDF Most Common File Type in Targeted Attacks - F-Secure Weblog : News from the Lab
    Tags: ( malware attacks )
  3. An interesting note from Don with a warning. Take heed.
    Security Ripcord >> Blog Archive >> Large Memory Acquisitions
    Tags: ( forensics memory )
  4. 34% is a pretty depressing statistic.
    34% of resold hard drives contain personal data, study reveals | Graham Cluley's blog
    Tags: ( data-leakage )
  5. Richard points out that amazon web services is now provided access to logs.
    TaoSecurity: Logs from the Cloud
    Tags: ( cloud amazon )
  6. You really need to check this out 🙂
    The InfoSec Prayer
    Tags: ( prayer )
  7. Shrldu has some very nice add-ons to the post by Alex that I pointed at yesterday.
    Let go, let Cloud.
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Whew! What a relief. Apparently I don't need to be concerned about security when using cloud services. It really isn't that big a deal. Well, at least according to this blog post.
    Clavister: Cloud security concerns are unfounded : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( cloud )
  2. An interesting issue still exists in Windows 7.
    Windows 7 Fail - F-Secure Weblog : News from the Lab
    Tags: ( windows-7 )
  3. Dave developed a checklist based on the CWE/SANS Top 25 programming errors. As he says, a checklist doesn't make you secure. However, it sure doesn't hurt either.
    trustedsignal -- blog: Application Security Checklist
    Tags: ( webappsec checklist development )
  4. Bill shares his second set of tips on a career in security. This time for those that are looking for a gig, instead of looking to keep the one they have.
    Career Advice for Security Geeks, Part 2 : The Security Catalyst
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lori has some good points regarding cloud "security."
    The Real Meaning of Cloud Security Revealed
    Tags: ( cloud security )
  2. Heh.
    Sunbelt Blog: Malware killed this chip
    Tags: ( general )
  3. Matt poses a question many of us ask and then goes on to posit an answer.
    What Motivates C-Level Executive Investments in Security? << Completosec Channel
    Tags: ( general )
  4. Some interesting stuff in this post.
    Rational Survivability >> VMware's Licensing - A "Slap In The Face For Cisco?" Hey Moe!
    Tags: ( cloud networking )
  5. If you've seen Hoffachino or Hoffacino mentioned on twitter or other blog posts and wondered exactly what it was, Christofer explains.
    Rational Survivability >> Just What the Hell Is a Hoffac[h]ino, Anyway?
    Tags: ( ot )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }