database

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The latest edition of the CWE/SANS Top 25 is available now.
    CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
    Tags: ( webappsec )
  2. Who doesn't like stickers? Check out this survey.
    Answer Survey, Get Stickers - F-Secure Weblog : News from the Lab
    Tags: ( survey )
  3. This is pretty nifty. Importing Secunia Advisories into a SIEM/OSSEC.
    /dev/random >> Importing Secunia Advisories into a SIEM/OSSEC
    Tags: ( ossec logging )
  4. Rich and crew have released their latest whitepaper. Check it out.
    Securosis Blog | New Release: Understanding and Selecting a Database Assessment Solution
    Tags: ( database assessment )
  5. Congratulations to Kees for being designated as a SANS Thought Leader! Read his interview here.
    SANS: Security Thought Leaders - Kees Leune
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. For even more links, check out the blog's twitter feed: @InfoSecRamblins.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The Security Ninja is developing a checklist to help in performing secure code reviews. He is doing it out in public and incorporating reader feedback as he goes. This post is the first post, but there have been two more since then. Check it out and offer your thoughts.
    A checklist approach to security code reviews << Security Ninja
    Tags: ( appsec secure-coding code-review )
  2. Mike offers his viewpoints on the purchase of Archer by EMC. Can't argue with his conclusions.
    Securosis Blog | RSA Treks to Sherwood Forest and Buys the Archer
    Tags: ( general analysis )
  3. The 2009 Annual Report from Panda has been published. I have briefly skimmed it and it is an interesting report. Shows how much malware has ramped up in the last year.
    2009 Annual Report | PandaLabs Blog
    Tags: ( panda malware report )
  4. Data Security Discovery for Project Quant has been posted. Good stuff there and, as always, they are looking for community input.
    Securosis Blog | Project Quant: Database Security Discovery
    Tags: ( database )
  5. Cutaway has updated some of his tools and also is providing his scripts in a handy svn repository.
    Security Ripcord >> Blog Archive >> Syscombotln and Tools Update
    Tags: ( forensics scripts tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned.
    Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog
    Tags: ( virus windows-7 )
  2. Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently.
    Skeptikal.org: Cross-subdomain Cookie Attacks
    Tags: ( webappsec exploits )
  3. Thinking about virtualizing your databases? Make sure you are doing so for any of the mythical reasons that Adriane addresses in this article.
    Securosis Blog | Myths Surrounding Databases in Virtual Environments
    Tags: ( virtualization database )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adrian takes a look at a few database encryption myths.
    Securosis Blog | Database Encryption Misconceptions
    Tags: ( database encryption )
  2. The Infosec Cynic interviews Anton Chuvakin.
    Anton Chuvakin - Stuck In the Lift With The Cynic | The Infosec Cynic
    Tags: ( interview )
  3. A new free encryption tool is available. This one is provided by Sophos. That's pretty cool.
    Guest blog: Sophos Free Encryption | Graham Cluley's blog
    Tags: ( encryption tools sophos )
  4. Mark points out that Federal CIO Council's Information Security and Identity Management Committee released a document titled "Guidelines for Secure Use of Social Media by Federal Departments and Agencies." This is good stuff even if you aren't in the public sector.
    New Social Media "Guidelines" - Securing GovSpace
    Tags: ( social-networking guidelines )
  5. This is worth a read and a watch. It is the talk given by Matsano and Nate McFetters at last year's C4 conference. It is some guidance for independent Apple software developers. It also applies to non-apple developers too.
    Matasano Security LLC - Chargen - Indie Software Security: A ~12 Step Program
    Tags: ( sdl )
  6. Jack gives his perspective of the recent Massachusetts 201 CMR 17.00 public hearing. He was not impressed.
    Uncommon Sense Security: Making sausage, one hearing at a time
    Tags: ( law policy )
  7. The BruCon videos are up on the wiki and Xavier is also hosting a local copy.
    /dev/random >> BruCON Talks Video Mirror
    Tags: ( brucon videos )
  8. If you are having some issues with sqlninja and metasploit, take a look at this post.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Sqlninja & Metasploit
    Tags: ( sqlninja metasploit )
  9. Malware, like all software, tends to have common traits. This article talks about what some of them are.
    Categories of Common Malware Traits
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I find this a little alarming. Particularly with the number of recent Facebook worms that have cropped up.
    Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr | Danger Room | Wired.com
    Tags: ( social-media army )
  2. More on database encryption. Good stuff.
    Securosis Blog | Database Encryption, Part 2: Selection Process Overview
    Tags: ( database encryption )
  3. Good stuff, but remember making the boss look stupid is a career limiting move 😉
    A chat with the boss | The Infosec Cynic
    Tags: ( general )
  4. Here is an output of Project Quant. The first phase of the patch management cycle. Rich is looking for feedback.
    Details: Monitor for Advisories
    Tags: ( patch-management )
  5. Like a pet rock, a pet risk doesn't really help you much. Check out Ron's suggestions below.
    Pet Risks - A New View of Risk Management : The Security Catalyst
    Tags: ( risk-management )
  6. Chris was looking for some incident response templates and hit the motherlode of suggestions. He put them all together in a blog post. A very good reference page.
    Dr. InfoSec: Incident Response Templates, Cheat Sheets, and more
    Tags: ( incident-response )
  7. A couple days ago I pointed to the crossword puzzle challenge/contest being put on by Sophos. Well, it's all done and there is a winner. The link below contains the answer sheet if you are interested.
    Solution to computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good day all. Got a pretty good bunch o bits to take a look at today. So, without further ado, here we go!

From the Blogosphere.

The Sunbelt blog warns us about some CareerBuilder jobs being emailed out which are scams. Be careful out there. They will get you any way they can.

Finjin came across over half a gigabyte of stolen US Healthcare and airline data. Ouch.

Adam writes that Identity Theft is more than Fraud By Impersonation. He points out than in many cases, the real pain of identity theft is not monetary, but dealing with the tarnishing of you good name as you try to clean things up. He has a good suggestion for trying to help with this issue. Go read about it.

Security4all points us to a couple of white papers that are worth giving a gander. The Extended HTML Form Attack Revisited by Sandro and Enablesecurity and Defeating the Network Security Infrastructure by Philippe at Radarhack.com. They are both on my reading list now.

Irongeek has released a little tool called DecaffeinatID that

"DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of "reindeer games"

Looks pretty nifty.

Rich has another missive that deserves to be read more than once. He talks about Database connections and Trust. I am not going to attempt to summarize what he puts forth. Go read it.

You may have already heard about this, but a vulnerability exploit has been found in FF 3.0. It was reported to Tipping Point and passed on to Mozilla. They are working on a fix.

Amrit and Hoff both are talking about wheither virtualization security is a technical problem or an operational problem. Both are good reads. I won't spoil it for you by giving away their conclusions.

F-Secure has released version 3.0 of their Rescue CD. Could come in handy.

From the Newsosphere.

Via cjonline.com, some Kansas state equipment that was to be sold to the public contained confidential information. People, please make sure you have data retention, handling and destruction policies and procedures and that they are adhered to.

From Dark Reading, ICSA Labs Forum has advanced a security standard for IPv6.

Pointed to by Hack in the box and reported by Computer World UK, two laptops without encryption have been lost. This time by the HNS trust in the U.K.

Again via Hack in the box and reported by Wired, it looks like Citibank had an intrusion that allowed a couple of men to grab at least $750,000 from atm machines in New York City. Oops.

That's it for today. Have a good one.

Kevin

Technorati Tags: , , , , , , , ,

{ 0 comments }