data leakage

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier decided to fuzz his car. Good thing he didn't do it when he was driving down the road.
    /dev/random >> Fuzzing a Car Multimedia System?
    Tags: ( fuzzing )
  2. Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Links/tutorials on writing windows (stack based) exploits
    Tags: ( exploit-writing )
  3. An interesting exploration of the three-way TCP handshake process. Particularly, since it can be a four-way handshake. Very cool. It will be interesting to see what comes out of the research about to happen.
    TCP Portals: The Handshake's a Lie! -- BreakingPoint
    Tags: ( networking tcp-handshake )
  4. There is a new vulnerability in Flash and Mike does a great job of explaining it.
    Skeptikal.org: Flash Origin Attack FAQ
    Tags: ( adobe flash vulnerability )
  5. Thierry ZOLLER has put together a very nice document that describes and demonstrates the recent SSL/TLS vunerability. (Direct link to pdf)
    TLS and SSLv3 vulnerabilitys explained (PDF)
    Tags: ( ssl )
  6. Jack makes some good points about customer data, where it came from and where it is going.
    Uncommon Sense Security: Whose customers are they?
    Tags: ( data-leakage )
  7. Here is another resource to do some free monitoring of your websites.
    HolisticInfoSec.org: Sucuri NBIM: website integrity monitoring for free
    Tags: ( monitoring )
  8. (IN)Secure Magazine issue 23 is out. (Link goes directly to pdf)
    INSECURE-Mag-23.pdf (application/pdf Object)
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here is part 2 of my catch-up posts.

  1. Argument For Anonymity - Secure Computing: Sec-C
    Tags: ( anonymity )
  2. RaDaJo (RAul, DAvid and JOrge) Security Blog: Samurai Web Testing Framework (WTF) Firefox Add-ons Collection
    Tags: (  firefox add-ons )
  3. Medical Records: Stored in the Cloud, Sold on the Open Market | Threat Level | Wired.com
    Tags: ( data-leakage phi cloud )
  4. Moving from a Threat Centric to Trust Centric Endpoint Management Model | Optimal Security: The Lumension Blog
    Tags: ( whitelisting malware )
  5. SharePoint and Security | Retail Information Security
    Tags: ( sharepoint )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is some interesting data. I haven't run through it completely yet, but it takes the results of a bunch of scans and then does some mapping against PCI DSS. Fun with numbers 🙂
    Web Application Security Consortium (WASC) 2008 Statistics Published | Darknet - The Darkside
    Tags: ( metrics webappsec )
  2. This article discusses the decision to ship Windows 7 with a default UAC setting of medium-high.
    Windows 7's security 'time bomb' | The Last Watchdog
    Tags: ( windows-7 uac )
  3. An interesting post by Chris on risk/threat vs risk issue. When does a risk or threat become a risk issue for your organization?
    Risk / Threat vs. Risk Issue << Risktical Ramblings
    Tags: ( risk )
  4. Paul offers a couple thoughts on social networking and data leakage.
    Social networking in the antipodean spotlight | Paul Ducklin's blog
    Tags: ( social-engineering data-leakage )
  5. SynJunkie has another story based post up. This time about the dangers of dual-homing, specifically with a wired connection and a wireless one.
    Syn: Bobs Double Penetration Adventure - Part 1
    Tags: ( pentest )
  6. The Whitehouse has moved their website from an internally developed CMS to Drupal. Rsnake offers up some thoughts on why this might be both good and bad.
    Whitehouse Drupal and The Open Source Security Model ha.ckers.org web application security lab
    Tags: ( drupal cms whitehouse )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Even something as simple as a route you use for your daily run can be a data leakage issue.
    Running into information << Techdulla
    Tags: ( data-leakage social-networking )
  2. If you have a wireless infrastructure based on Cisco APs, you will want to read this one.
    SkyJacking vulnerability discovered on Cisco APs - Security
    Tags: ( wireless cisco )
  3. Last year, for one of my Toastmasters speeches, I gave a quick 7 minute speech about data loss. For that talk, I used the on-line data loss db to grab a few numbers for a period of a week. During that time there were 8 or 9 incidents and several hundred thousand records lost. The majority of those incidents were caused not by malicious behavior, but by mistakes. That's what this article talks about too.
    IDC Report: Most Insider Leaks Happen By Accident - data leak prevention/Security - DarkReading
    Tags: ( data-leakage )
  4. Amazon has announced Virtual Private Clouds and the Hoff has some thoughts to share on the issue.
    Calling All Private Cloud Haters: Amazon Just Peed On Your Fire Hydrant... | Rational Survivability
    Tags: ( cloud private-cloud )
  5. Looks like a new open source project is going to be poking at GSM security.
    GSM to feel the heat from open source project - News - The H Security: News and features
    Tags: ( gsm mobile )
  6. Here are a couple of tips on implementing SharePoint with effective access control.
    Poor Microsoft SharePoint security permissions policies can derail deployments
    Tags: ( sharepoint )
  7. Rob Whiteley is looking for interesting stories about security shifts. Check out the article for what he is after.
    The Forrester Blog For Security & Risk Professionals
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Raf interviews Andre Gironda.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
    Tags: ( interview )
  2. Here is the solution and winners of the third PandaLabs challenge.
    3rd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  3. Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
    Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
    Tags: ( webappsec )
  4. Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
    Project Quant Version 1.0 Report and Survey Results
    Tags: ( patching )
  5. Part 3 of Ax0n's recipe for evilness.
    HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
    Tags: ( wireless hacking )
  6. Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
    Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
    Tags: ( registry malware )
  7. Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
    Looking beyond the surface ... << The Security Kitchen
    Tags: ( data-leakage )
  8. Martin points out some basic truths you should be aware of.
    Incident Response Leadership: Basic Truths : The Security Catalyst
    Tags: ( incident-response )
  9. You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
    Uncommon Sense Security: A good primer on Social Networking and Security Risks
    Tags: ( social-networks )
  10. Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
    Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Oops. Didn't mean for that super secret list of civilian nuclear sites to be posted.
    Government Accidently Posts Sensitive Nuclear Documents Online -- Government IT Security
    Tags: ( data-leakage )
  2. If you are using Rails 2.3 and performing digest authentication, you need to read this and implement the fix provided.
    Nate's Tumble Log, Security hole found in Rails 2.3's http_authentication.rb
    Tags: ( rails ruby )
  3. Xavier has a nice tutorial on integrating Didier Stevens handy PDFiD tool with Nautilus on a Linux system.
    /dev/random >> Blog Archive >> PDFiD Integration with Nautilus
    Tags: ( pdf pdfid )
  4. If you see visits to these sites in your proxy logs, you have some work to do. Also, if you don't have a proxy or don't look at the logs, you have even more work to do 🙂
    Google Online Security Blog: Top 10 Malware Sites
    Tags: ( malware )
  5. Rich and Adrian are looking for some help with Project Quant. They have a survey up about patch management they would really like for you to participate in.
    TAKE PART IN PROJECT QUANT (please)! << The New School of Information Security
    Tags: ( patching )
  6. If you are in the Atlanta area, the June meeting of NAISG is happening on the 10th. Stop on by.
    June Atlanta NAISG Meeting >> Andy ITGuy
    Tags: ( naisg )
  7. A new release of BASE is available.
    New version (v 1.4.3.1) of BASE available
    Tags: ( ids base snort )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dave points out a really nifty tool that Voltage has released. Check it out.
    Voltage Releases Data Breach Map : Liquidmatrix Security Digest
    Tags: ( data-leakage map )
  2. Rich offers up his Mid 2009 State of Web Application and Data Security.
    Securosis Blog | The State of Web Application and Data Security--Mid 2009
    Tags: ( general )
  3. Time to patch Quicktime and, by extenstion, iTunes.
    Apple plugs 10 QuickTime code execution holes | threatpost
    Tags: ( applce quicktime itunes patches vulnerablity )
  4. @lithium's latest crypto challenge is waiting for you to puzzle over.
    Crypto Challenge - PandaLabs
    Tags: ( cryptography challege )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good evening again. I just returned from Secure360 where I had a great deal of fun meeting and talking with people. I also gave my first conference talk today and that was also a lot of fun.

Here are today's Interesting Information Security Bits from around the web.

  1. Michael points out some more pre-configured targets for you to practice your pen testing skills on.
    lampsecurity hosting vulnerable vm images to attack (terminal23)
    Tags: ( education pentesting )
  2. I love this. Very simple, but very profound.
    Securosis Blog | The Data Breach Triangle
    Tags: ( data-leakage )
  3. Rich is looking for a little help in reviewing some survey questions related to Project Quant.
    Securosis Blog | Project Quant: Draft Survey Questions
    Tags: ( quantitative metrics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. An interesting Q&A. Check it out.
    Q&A: FBI agent looks back on time posing as a cybercriminal | Security - CNET News
    Tags: ( general )
  2. Here are some interesting statistics.
    PDF Most Common File Type in Targeted Attacks - F-Secure Weblog : News from the Lab
    Tags: ( malware attacks )
  3. An interesting note from Don with a warning. Take heed.
    Security Ripcord >> Blog Archive >> Large Memory Acquisitions
    Tags: ( forensics memory )
  4. 34% is a pretty depressing statistic.
    34% of resold hard drives contain personal data, study reveals | Graham Cluley's blog
    Tags: ( data-leakage )
  5. Richard points out that amazon web services is now provided access to logs.
    TaoSecurity: Logs from the Cloud
    Tags: ( cloud amazon )
  6. You really need to check this out 🙂
    The InfoSec Prayer
    Tags: ( prayer )
  7. Shrldu has some very nice add-ons to the post by Alex that I pointed at yesterday.
    Let go, let Cloud.
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some will remember Tempest which was able to read what was on someones screen via radio frequency emissions. Well, now you can do something similar with keyboard strokes. It's a whole different kind of keystroke logger.
    Researchers sniff PC keyboard strokes from thin air
    Tags: ( surveillance data-leakage )
  2. A nice interview of Michael Santarcangelo, author of "Into the Breach." Michael is a great guy with some really good ideas and a passion for sharing and teaching. You should read the interview, then the book and then make sure to are watching http://securitycatalyst.com.
    5 Steps to Communicate Security's Value to Non-security People - CSO Online - Security and Risk
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }