defcon

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There were a couple of incidents with ATMs at the recent Defcon conference. See Chris's post about a warning from ENISA with some guidance on what to look for to keep safe.
    Dr. InfoSec: ENISA Warns of Alarming Increase in ATM Crime
    Tags: ( atm )
  2. This is very cool. An open source virtual switch. (Hat tip: @aneel)
    Open vSwitch
    Tags: ( virtualization switch )
  3. There is some good information about DirectAccess in this article.
    Understand the pros and cons of Microsoft Windows 7 DirectAccess
    Tags: ( directaccess windows-7 )
  4. Looks like there are still some issues with firewire and access to memory. Check out this post for more information.
    Windows 7 Firewire Attacks << Ramblings of the anal security guy
    Tags: ( firewire windows-7 )
  5. Chris has posted a nice list of podcasts that you should check out if you looking for some new information security listening pleasure.
    Filling your ipod... << Ramblings of the anal security guy
    Tags: ( podcasts )
  6. The packet captures from Defcon 17 are now available via bittorrent.
    Diutinus Defense Techonologies Corp. / Home
    Tags: ( defcon ctf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here's a new challenge for you. The winner will be announced in San Diego in September.
    philosecurity >> Blog Archive >> Network Forensics Puzzle Contest!
    Tags: ( challenge network-forensics )
  2. This is just a lot of fun. Link goes directly to PDF.
    WHEN ZOMBIES ATTACK!: MATHEMATICAL MODELLING OF AN OUTBREAK OF ZOMBIE INFECTION (PDF)
    Tags: ( general )
  3. Here is a huge list of cheat sheets you will find useful.
    System Advancements at the Monastery >> Blog Archive >> What's in Your Folder: Security Cheat Sheets
    Tags: ( cheatsheet )
  4. Steve has written a post on things not to do when implementing VDI. He calls them anti-patterns. I like that term. Going to have to remember it. This is a good read if you are considering rolling out this type of infrastructure and especially if you already have.
    ViewYonder >> Feeding the IT Shriekometer: 5 VDI anti-patterns
    Tags: ( vdi )
  5. As I have mentioned before, the team I participated on for the Mystery Challenge at Defcon 17 tied for second place this year. Cutaway has written up a great recap that makes me even more bummed that I missed out this year and more motivated to be there for next years challenge.
    Security Ripcord >> Blog Archive >> MysteryChallenge - DefCon 17
    Tags: ( mystery-challenge )
  6. Some guidance on surviving a third-party on-site audit. Good stuff.
    Surviving a third party onsite audit
    Tags: ( audit )
  7. "Run, run away. We've been hacked......um, never mind, it was something else." The Security Shoggoth reminds us, that it isn't always about security. Which brings the following saying to mind, "When all you have is a hammer, every problem looks like a nail."
    The Security Shoggoth: Its Not Always A Security Issue
    Tags: ( general )
  8. There are an increasing number of conversations going on about whether Facebook and its ilk should be allowed on corporate networks. The Marines have taken the stance that social networking sites are not allowed. This post by Chris reinforces that decision. It's dangerous out there folks. Be careful.
    Two Facebook Threats In One Day... - SpywareGuide Greynets Blog
    Tags: ( facebook )
  9. One of the three legs of the CIA triad, which is the foundation of information security, is availability. This post is the first of a series that will be exploring this facet of information security.
    A Data Protection Reference Architecture - Part 1 - Backup & Beyond
    Tags: ( availability backup )
  10. Here is an interesting article about Windows 7, XP Mode, Vista and a few other tidbits.
    Roger's Security Blog : Why Windows 7 XP Mode makes sense from a security perspective
    Tags: ( microsoft windows-7 xp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is pretty nifty. Going to have to play with this one.
    Security Research & Defense : Announcing OffVis 1.0 Beta
    Tags: ( office microsoft )
  2. The inaugural episode of the Cloud Security Podcast is available. Christofer and Craig are looking for feedback. Take a listen and let them know what you think.
    Introducing the Cloud Security Podcast... | Cloud Security
    Tags: ( cloud podcast )
  3. It can't be said often enough. The Riv during Defcon is a dangerous place to be from an information security perspective.
    Malicious ATM Catches Hackers | Threat Level | Wired.com
    Tags: ( defcon )
  4. This is just cool.
    Uncommon Sense Security: Announcing the Warzone Project
    Tags: ( ctf labs )
  5. Twitter is now stopping tweets with malicious urls. Someone mentioned that url shortner services can cause this control to fail, I'm not positive that is the case. Would be interesting to find out though.
    Twitter Now Filtering Malicious URLs - F-Secure Weblog : News from the Lab
    Tags: ( twitter )
  6. A good post with some tips on make your internal router and switch fabric not quite so hack worthy.
    Switch hardening on your network
    Tags: ( network-security )
  7. A new packet challenge is up.
    The Crypto Kitchen - Packet Challenge << I Smell Packets
    Tags: ( challenge )
  8. This is a bit scary. Who needs TEMPEST or other remote methods of reading keyboard actions with this type of thing.
    Hacker demos persistent Mac keyboard attack | Zero Day | ZDNet.com
    Tags: ( malware )
  9. Part of being a successful professional, information security focused or not, is the ability to be an effective presenter. You should look at this.
    Make: Online : Tips on "unpresenting"
    Tags: ( presenting )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A new site is being launched that looks very nice. Check it out for social media specific security information.
    Launching: SocialMediaSecurity.com -- spylogic.net
    Tags: ( social-media )
  2. The Infosec Cynic interviews Kai Roer, the most positive individual in information security 🙂
    Kai Roer stuck in the lift with the Cynic | The Infosec Cynic
    Tags: ( interview )
  3. Wanna save some cash getting into Defcon? Give this a try 🙂
    Just because it's defcon17 | The Edge of I-Hacked
    Tags: ( defcon17 )
  4. This isn't good. Hope they figure out how to do this more securely.
    Researchers find insecure BIOS 'rootkit' pre-loaded in laptops | Zero Day | ZDNet.com
    Tags: ( bios rootkit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read this. Nao!
    Nao and Zen: Security Koans for Everybody
    Tags: ( general )
  2. Here is an interesting post from Hoff offering a suggestion for the problem of providing compliance information for things in the cloud, not to mention, security management.
    Rational Survivability >> Extending the Concept: A Security API for Cloud Stacks
    Tags: ( cloud )
  3. Here are a few tips from Mr. McGrew on preparing your mobile device for Blackhat/DefCon.
    Loading up your portable device for Vegas << McGrew Security Blog
    Tags: ( defcon )
  4. This could be a problem for a fair number of organizations.
    Society of Payment Security Professionals - Compliance Demystified >> Blog Archive >> 150 Transactions + 1 = QSA assessment: End of Level 4 Merchants
    Tags: ( pci )
  5. Looks like Mastercard will start fining folks who are non-compliant with PCI.
    Branden Williams' Security Convergence Blog: MasterCard to Fine Merchants for Non Compliance
    Tags: ( pci )
  6. A nice post that smashes a few myths that are often touted regarding cloud computing.
    Cloud Myths Dispelled | Eucalyptus Systems Inc
    Tags: ( cloud )
  7. A nice list of things to do to secure your SSH servers.
    Top 20 OpenSSH Server Best Security Practices
    Tags: ( ssh )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Sorry for the missing Bits posts on Friday and yesterday. I took Friday off and just didn't get it done yesterday. Therefore, we have quite a crop today.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is an interesting article on how Mozilla finds bugs that crash their products.
    How Mozilla finds crash bugs at Mozilla Security Blog
    Tags: ( mozilla )
  2. Here is a handy list of on-line malware scanners.
    List of Online Malware Scanners | PenTestIT
    Tags: ( tools malware scanners )
  3. The last of the three Panda challenges is up. I understand some answers have already been submitted, but you never know, they could be wrong.
    Panda Challenge: Hard Level - PandaLabs
    Tags: ( challenge )
  4. Wow. Just wow.
    I Can Has UR .htaccess File
    Tags: ( twitter )
  5. Raf's next interview. This time he talks to Mike "mckt" Bailey.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: "mckt"
    Tags: ( interviews )
  6. RSnake finds some interesting things you can do with/to wget.
    wget DNS-rebinding and Weak Intranet Port Scanning ha.ckers.org web application security lab
    Tags: ( wget )
  7. Here some information for you if you are interested in hacking your Defcon 17 badge.
    DC17 Badge Pre-Release Information - Defcon Forums
    Tags: ( defcon17 )
  8. Answers to the 2nd Panda Challenge.
    2nd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  9. Raf interviewed Mubix for the first of a series of interviews of security folk.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Mubix
    Tags: ( interview )
  10. An interesting article which brings up some good points. I would add password age to this type of consideration also, provided compensating controls are in place like lockouts as presented in the paper.
    Do Strong Web Passwords Accomplish Anything? (PDF)
    Tags: ( passwords )
  11. Inferno put together a couple things and came up with a fairly scaring attack on CRSF tokens.
    Hacking CSRF Tokens using CSS History Hack | SecureThoughts.com
    Tags: ( hacking crsf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Infocon to yellow for 24 hours.
    * Infocon raised to yellow for Excel Web Components ActiveX vulnerability
    Tags: ( infocon )
  2. I knew it was not going to end well when I first heard that ATMs were going to be armed with pepper spray.
    Pepper Spray-Armed ATM Misfires, Shoots Workers | Threat Level | Wired.com
    Tags: ( general )
  3. Didier gives us a nifty little tip on hiding the fact that our laptop is encrypted.
    Quickpost: TrueCrypt's Boot Loader Screen Options << Didier Stevens
    Tags: ( encryption truecrypt )
  4. The solution and winners for the first Panda Labs challenge are up.
    1st Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge answer )
  5. This is cool. One of the teams that participated in the Defcon 17 CTF qualifiers made a comic of how they answered one of the challenges. (Hat tip: @mubix)
    http://hackerschool.org/DefconCTF/17/B300.html
    Tags: ( ctf defcon )
  6. Rafal talks about a comment spam toolkit. The comments are very interesting too.
    Digital Soapbox - Preaching Security to the Digital Masses: Devastated by a Link-Spam Tool?
    Tags: ( spam )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very interesting blog post. The obvious is not always where you should be looking.
    Developing Security: The Curious Case of the Careless Civic
    Tags: ( incident-response )
  2. CIS has a free benchmark for the iPhone available. If you are familiar with their efforts in the world of Windows and others, you will know that they put out quality stuff.
    CIS issues free benchmark on iPhone security
    Tags: ( cis benchmark iphone )
  3. Russ points out that Applicure has a free tool, WebTuff, available that will test you systems for the IIS 5-6 WebDAV vulnerability.
    HolisticInfoSec.org: WebTuff checks for WebDAV vulnerability
    Tags: ( tools webdav )
  4. Defcon has a new area that archives tools talked about at the conference. Thanks to Rob Fuller for helping out.
    DEFCON(r) Hacking Conference - Archive of Hacking Tools Released at DEFCON
    Tags: ( defcon tools )
  5. Chris has posted some tips and guidance on things to consider when issuing an RFP for your QSA vendor. First read it for just that. Then replace QSA with penetration test, consulting gig, etc. These are great tips for all RFP processes.
    QSA Vendor Selection - Points of Consideration << Risktical Ramblings
    Tags: ( rfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. For those interested in the C|EH certification or others provided by the EC-Council, they have developed a scholarship program.
    EC-Council Secure Aid
    Tags: ( training )
  2. Wanna see what you can get with a botnet? Check this article out.
    Botnet probe turns up 70GB of personal, financial data
    Tags: ( botnet )
  3. Ryan has a nice walk-through showing how to get SSL Strip up and running on Mac OS X.
    Toasty: SSL Strip on Mac OS X
    Tags: ( tools ssl ssltrip )
  4. A nice post with some links to some resources you might find interesting if you are exploring Metasploit.
    Metasploit Resources - Rory.Blog
    Tags: ( metasploit )
  5. I participated in the Mystery Challenge last year at Defcon 16. It was a great deal of fun. The challenge has a new home. See below.
    TEN-FIVE-SEVEN.ORG
    Tags: ( defcon mystery-challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }