cryptography

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I missed Blackhat and Defcon this year and I was bummed about it. The SecurityBSides event that I also missed just made it worse. 🙁
    SecurityBSides: The Best-Kept Vegas Secret - Hacked Off - Dark Reading
    Tags: ( securitybsides )
  2. The Infosec Cynic gets stuck in the lift with Rebecca Herold.
    Rebecca Herold - Stuck in the lift with the cynic | The Infosec Cynic
    Tags: ( interview )
  3. Here is a Google talk from Nate Lawson on common cryptology flaws.
    Google Tech Talk on common crypto flaws << root labs rdist
    Tags: ( cryptography )
  4. A new tool is available from GNUCITIZEN. Unfortunately, it is only available for Mac right now. Windows and Linux releases to come in the future.
    Free Web Application Security Testing Tool | GNUCITIZEN
    Tags: ( webappsec tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Nick provides some good guidance in preparing for a third-party application assessment. (Via Branden Williams' Security Convergence Blog)
    Nick Coblentz: Preparing For a Third Party Application Assessment
    Tags: ( webappsec assessment )
  2. Stop what you are doing and go read this. Yes all of it. Then send it to your programmers.
    Matasano Chargen >> Blog Archive >> Typing The Letters A-E-S Into Your Code? You're Doing It Wrong!
    Tags: ( cryptography )
  3. An interesting article on Wired about Tobias Bluzmanis. Bonus: Video of Medico high security locks being picked and bumped. (Via Infosec.us)
    The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit
    Tags: ( lockpicking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dave points out a really nifty tool that Voltage has released. Check it out.
    Voltage Releases Data Breach Map : Liquidmatrix Security Digest
    Tags: ( data-leakage map )
  2. Rich offers up his Mid 2009 State of Web Application and Data Security.
    Securosis Blog | The State of Web Application and Data Security--Mid 2009
    Tags: ( general )
  3. Time to patch Quicktime and, by extenstion, iTunes.
    Apple plugs 10 QuickTime code execution holes | threatpost
    Tags: ( applce quicktime itunes patches vulnerablity )
  4. @lithium's latest crypto challenge is waiting for you to puzzle over.
    Crypto Challenge - PandaLabs
    Tags: ( cryptography challege )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Mike Murray and Lee Kushner have a podcast series that each of us should be listening to.
    When Your Security Career Gets Hacked - Dark Dominion Blog - Dark Reading
    Tags: ( career )
  2. Both amusing and helpful.
    Job Interview: How To Nail An Interview (20 Tips)
    Tags: ( career interviewing )
  3. Go ahead write those passwords down. Just not all of it. I like this idea as long as we are careful in picking the "pin" part, i.e. don't use your birthday 🙂
    Put Your Passwords on a Post-it - F-Secure Weblog : News from the Lab
    Tags: ( passwords )
  4. The annual FBI cryptography challenge is up. Go crack em' up.
    FBI Annouces Annual Can-You-Crack-the-Code Challenge
    Tags: ( cryptography challenge )
  5. Christofer is talking about something he touched on at RSA and before, who manages the network in the virtually cloudy world, the server admins or the network admins or both?
    Rational Survivability >> Quick Bit: Virtual & Cloud Networking - Where It ISN'T Going...
    Tags: ( virtualization networking )
  6. Another PDF parsing vulnerability in BES. I believe a patch is now available.
    How to control a Blackberry Enterprise Server with just a PDF | Graham Cluley's blog
    Tags: ( pdf rim blackberry vulnerability )
  7. McAfee did a study to determine what the riskiest search terms are. This report is the result of that study. Note: Link goes to PDF (via: eWeek)
    The Web's Most Dangerous Search Terms
    Tags: ( malware search )
  8. This is a nice article on using ITIL to improve and strengthen your information security program.
    How ITIL Can Improve Information Security
    Tags: ( itil )
  9. An interesting exploration of a insider attack on California Water Service Company that occurred recently.
    Ascension Blog >> He did WHAT?!?!
    Tags: ( breach )
  10. L0phtcrack is back and raring to go.
    L0phtcrack 6 Site Is Live : Liquidmatrix Security Digest
    Tags: ( passwords tools l0phtcrack )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's bits.

From the Blogosphere.

Marcin has posted a really interesting treatise at the ts/sci security blog about Web Application Firewalls. Some really good stuff to think about.

The Princess of Antiquity continues her series on Cryptography (Non-Technical) with a post titled Earlier Forms of Cyptography. Very well written and easy to understand with really good info.

Didier has given us another tool written in python, apc-pr-log, which uses the AirPcap adapter to log all probe requests with a SSID for easy viewing. Should be fun to play with.

From the Newsophere.

Whitehat Security has raised some VC cash. Congrats Jeremiah.

Sun has released version 8 of Identity Manager.

That's it for today. Have a good one.

Kevin

Technorati Tags: , , ,

{ 0 comments }

And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.

Kevin

Technorati Tags: , , , , , , , , , ,

{ 0 comments }