data

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. It's been said many times before, you have to know where your data is before you can protect it. Jack offers some thoughts on getting started.
    Uncommon Sense Security: A starting point
    Tags: ( data )
  2. Everybody should have a ZARP (Zombie Attack Response Plan). If you don't want to come up with your own, you can use the University of Florida's.
    University of Florida's Zombie Attack Response Plan : Liquidmatrix Security Digest
    Tags: ( humor dr )
  3. Google is adding protection for CRSF attacks. (Hat tip: Threatpost)
    Google (finally) adds protection for common Web 2.0 attack * The Register
    Tags: ( crsf google )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! Sorry for missing both Friday's and yesterdays bits posts. My Friday was spent working with Habitat for Humanity on a new home for a deserving family. It was a great experience and I heartily recommend it as time well spent. Yesterday was just too busy 🙂

Anyway, here are today's, and a few from this weekend, Interesting Information Security Bits from around the web.

  1. A new version of OffVis is available along with a training video.
    Security Research & Defense : OffVis updated, Office file format training video created
    Tags: ( tools microsoft office )
  2. Here is an interesting adaption of "The Joel Test."
    Matasano Security LLC - Chargen - The Joel Test: 12 Steps To Better IT Management
    Tags: ( general )
  3. A great article from Russel. This one contains some tips for building an Information Security Risk Scorecard.
    12 Tips for Designing an InfoSec Risk Scorecard (its harder than it looks) << The New School of Information Security
    Tags: ( scorecard risk )
  4. This is a very interesting article about backups and virtualization strategies. A very import part of your strategy needs to be, How are you going to deal with backups?
    The Side Effects of Backup on Server Virtualization - Backup & Beyond
    Tags: ( virtualization backup )
  5. The latest version of the SANS Top Cyber Security Risks report is out.
    SANS: The Top Cyber Security Risks
    Tags: ( risks )
  6. Here is a nice article with some questions to ask when considering the implementation of an identity management solutions. (Hat Tip: http://securityblog.typepad.com)
    12 questions to ask before implementing an identity management system -- Government Computer News
    Tags: ( identity-management )
  7. The Security Twits bus is off on another adventure as it gathers up a bunch to twits and heads to SecTor. Let Jack know if you want to be picked up 🙂
    Uncommon Sense Security: Security Twits Road Trip III, the SecTorBus
    Tags: ( conferences security-twits )
  8. Rsnake has a whole pile of HTTP headers for you to play with should you want to. I bet some interesting things can be found out.
    Half a Million HTTP Headers ha.ckers.org web application security lab
    Tags: ( data )
  9. An entirely virtual security conference is taking place on November 6th-8th. Very cool. What's even better is that all CFPs are being accepted.
    SecurityTubeCon - Democratizing Hacker Cons
    Tags: ( conference cfp securitytube )
  10. Want to setup some motion sensors to tweet activity? Ax0n shows us how.
    HiR Information Report: Gustav, the hackerspace twitter-bot
    Tags: ( hardware-hacking )
  11. SynJunkie took a short break from his CCNA studies (good posts in that series too) to give a post about using Fgdump, John the Ripper and Powershell together to do some nifty scripted password auditing.
    Syn: Password Auditing with Fgdump, John the Ripper & PowerShell
    Tags: ( passwords cracking )
  12. Russel has an interesting challenge for us. I know a few in academia that might enjoy this conversation.
    This Friday is "Take an Academic Friend to Work Day" << The New School of Information Security
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. I would say some of the guidance appears a bit more tactical that I would expect for a CSO, but still worth a gander.
    ASIS releases standards detailing CSO role @ The Latest for Security Executives SecurityInfoWatch.com
    Tags: ( cso )
  2. This is a good article to put in front of anybody that thinks that cross-site scripting vulnerabilities are minor and don't really need to be worried about.
    SecuriTeam Blogs >> Cross Site Scripting can cause your stock to tank
    Tags: ( xss )
  3. A very nice article about the recent patching of a flaw in the SimpleDB api.
    What's New in the Amazon Cloud?: Security Vulnerability in Amazon EC2 and SimpleDB Fixed (7.5 Months After Notification) | Cloud Security
    Tags: ( vulnerability patches amazon simpledb )
  4. Martin has a post asking us what we are doing to keep our skills current. Several, including me, have offered some input. There is some good stuff there. Go check it out and add your own ideas.
    Network Security Blog >> Investing in my career
    Tags: ( career education )
  5. Nifty tip on how to mount a filesystem using the alternate superblock when it won't mount normally. Of course, this is from a forensic perspective, but useful from a general perspective also.
    Mounting Images Using Alternate Superblocks << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics mount superblock )
  6. The bad guys are not in this for fun and games. There is value in the data they are taking from you.
    Hundreds of Stolen Data Dumps Found - Security Fix
    Tags: ( data breach )
  7. Looks like there might be some clarification coming regarding PCI and virtualization in 2009. Keep you eyes open.
    http://www.networkworld.com/news/2008/121808-crystal-ball-pci.html
    Tags: ( pci virtualization )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I mentioned this white paper when I did my RSA Europe recap back in October. It is worth a read. * the link goes directly to the PDF
    Web 2.0 Security and Privacy
    Tags: ( privacy enisa )
  2. Here are some things you can do to protect yourself against the 0-day exploit that works against IE7.
    Microsoft talks up countermeasures to fend off new IE attacks
    Tags: ( vulnerability microsoft ie7 )
  3. Adding to the growing pile of recent 0-day exploits for Microsoft products, there appears to be one for SQL Server.
    Security pros groan as zero-day hits Microsoft's SQL Server * The Register
    Tags: ( exploit vulnerability 0day sqlserver micrsoft )
  4. Some good general guidance for how to react in the event you have a data breach. I would offer that it is good advice for everybody involved and not just the CIO.
    How a CIO should deal with aftermath of a data breach
    Tags: ( data breach )
  5. looks like Cisco is in for a legal fight.
    Cisco sued by Free Software Foundation for copyright infringement - Network World
    Tags: ( general )
  6. Innismir weighs in on the recent meme of penetration testing being dead. He, like most of us involved in the discussion, doesn't think its dead either.
    innismir.net -- Pentration Testing - Not Quite Dead Yet
    Tags: ( pentest )
  7. Rich brings up some good points. Worth reading and thinking about.
    How The Cloud Destroys Everything I Love (About Web App Security) | securosis.com
    Tags: ( cloud webappsec )
  8. WhiteHat Security's quarterly report on website security statistics is available for download. This is the sixth one they have put out. Good stuff in there.
    Jeremiah Grossman: Sixth Quarterly Website Security Statistics Report
    Tags: ( general reports )
  9. Jeremiah offers some really good guidance for justifying your budget for web application security spending.
    Jeremiah Grossman: Budgeting for Web Application Security
    Tags: ( webappsec )
  10. Here's a framework for SAP pen testing.
    sapyto v0.98 Released - SAP Penetration Testing Framework Tool | Darknet - The Darkside
    Tags: ( pentest sap )
  11. You can't make this stuff up. Remember folks, you have to make sure that all data is removed form devices before you get rid of them.
    Liquidmatrix Security Digest >> McCain Campaign Sells Off... Data?
    Tags: ( data leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }