dlp

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty tool pointed too by Agusto that helps dig out those user/password pairs hanging around on shares.
    Very nice tool for pentests | Security Balance
    Tags: ( tools pentesting passwords )
  2. If you live in the UK, you want to read this short post about your health records.
    Light Blue Touchpaper >> Blog Archive >> Opting out of health data collection
    Tags: ( privacy health )
  3. OpenDNS is trying to make your DNS experience safer.
    OpenDNS Blog >> OpenDNS adopts DNSCurve
    Tags: ( dns dnssec dnscurve opendns )
  4. This looks interesting. See how well you are alerting/stopping data leakage in your org.
    Hydra: Data Leakage Vulnerability Test System | Fidelis Security Systems
    Tags: ( dlp data-leakage tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Jack Daniel
    Tags: ( interview d-list )
  2. Challenge 1 of the Forensic Challenge 2010 - pcap attack trace | The Honeynet Project
    Tags: ( challenge forensics )
  3. German Government: Don't use Internet Explorer | Graham Cluley's blog
    Tags: ( wepabbsec ie )
  4. Andrew Hay >> Blog Archive >> Get the Free Andrew Hay iTunes App
    Tags: ( general )
  5. /dev/random >> Adding Data Leakage Protection into Apache
    Tags: ( dlp apache )
  6. Metasploit: Reproducing the "Aurora" IE Exploit
    Tags: ( metasploit google aurora malware exploit )
  7. A checklist approach to security code reviews, part 4 << Security Ninja
    Tags: ( assessment wepappsec code-review )
  8. Would You Have Spotted the Fraud? -- Krebs on Security
    Tags: ( atm skimming )
  9. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Benjamin Tomhave
    Tags: ( interview d-list )
  10. Roger's Security Blog : Leveraging Data Execution Prevention (DEP)
    Tags: ( system-hardening )
  11. Following Google's Lead on Security? Don't Forget to Encrypt Cookies
    Tags: ( webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. Folks, please be careful what you put on your Facebook pages. Don't let something like this happen to you. Police: Facebook hacker gets student's nude photos Tags: ( privacy facebook )
  2. Some video of Dino Dai Zovi, Rich Mogull, Christofer Hoff being interviewed by Dennis Fisher on virtualization. Rational Survivability: Virtualization & Security: Disruptive Technologies - A Four Part Video Miniseries... Tags: ( virtualization )
  3. When to use the carrot and when to use the stick? Both good questions. Shrdlu has some advice for us. Carrot-sticks and security. Tags: ( enforcement )
  4. What happens when you need endpoint DLP on Windows, Mac and Linux all at once? The answer, nothing easy 😉 Is There Any DLP or Data Security On Mac/Linux? | securosis.com Tags: ( dlp )
  5. This looks to be like a whole lot of fun. If you are close, it should go on your list of things to do. HiR Information Report: Cowtown Computer Congress Grand Opening [Kansas City] Tags: ( hackerspace )
  6. Erik has part 3 of his securing Linux series up. Art of Information Security >> Secure Your Linux Host - Part 3: Why A Host Firewall ? Tags: ( linux )
  7. A nice beginning to what looks to be an interesting series. ShackF00 >> BS Filtering for CISOs: An Introduction Tags: ( ciso )

That's it for today. Have fun! Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. Kevin

{ 2 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. You've probably already seen this, but if you haven't, Kaspersky had a little problem this weekend. They did get it corrected quickly.
    Kaspersky database exposed | Security and the Net
    Tags: ( vulnerability sql )
  2. Folks, as Graham says, secret is secret. Don't chatter about stuff on Facebook, Twitter, etc. that should be secret. Seems obvious, but apparently, some people are quite adept at missing the elephant standing in the room.
    Congressman Twitters secret trip to Iraq | Graham Cluley's blog
    Tags: ( privacy socialnetworking confidentiality )
  3. If you use OpenDNS as your name resolution provider, which I heartily recommend, you will have some additional protection in place this week.
    OpenDNS to step up fight against Conficker worm
    Tags: ( malware opendns conficker worms )
  4. A nice primer on DLP.
    What You Really Need To Know About Data Loss Prevention - insider threats/Management - DarkReading
    Tags: ( dlp )
  5. A nice post with some good recommendations.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: People Hacking 101: How to Infiltrate a Credit Agency
    Tags: ( data-leakage )
  6. The 2008 SANS Salary Survey is available.
    salary_survey_2008.pdf (application/pdf Object)
    Tags: ( salary )
  7. The latest Ethical Hacker Network challenge is up. Go get'em!
    The Ethical Hacker Network - Brady Bunch Boondoggle
    Tags: ( challenge )
  8. A new man-in-the-middle tool is available. It was released a Schmoo Con this weekend. Mubix has a copy for us if you are interested in playing with it.
    The Middler gets released at ShmooCon! - Room362.com
    Tags: ( pentest mitm )
  9. New version available of Samurai.
    Samurai LiveCD version 0.4 released | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( tools samarai )
  10. Something to think about. BTW - You might want to think about leaving your garage door opener in your vehicle. Or locking the door from the garage to the house if you do.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: Your GPS is evil
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hello all. I apologize for the lack of posts over the last couple of weeks. Life and death have taken up all my time. Things should be back to normal now. So without further ado, here's are some things to take a look at today.

From the Blogosphere

Wesley over at McGrewSecurity has collected a bunch of links and embedded a bunch of videos of Dan Kaminsky talks. Very cool.

Craig at SecurityWannabe gives us a link to a video of Lee Kushner and Mike Murry's talk about a career in Information Security. I attended their session at Defcon 15 and the informal Q&A after. Really good stuff. Go watch the video or even better attend their session at this year's Defcon.

Rich Mogull writes on Securosis that he will be giving a webcast entitled Using Data Leakage Prevention and Database Activity Monitoring for Data Protection on July 29th. Register here. I'll be watching. You should too.

Via security4all, VMWare has released an updated paper on hardening ESX 3.5 and VirtualCenter 2.5. It can be found here.

From the Newsosphere

Via Dark Reading, Half of Financial Firms Don't Investigate. That's not good.

Via Tech Republic, When your network admin hijacks your system. Talks about the San Fransisco situation you have already heard about.

Via Search Security, Blackberry server faced with critical zero-day. There is a flaw in the PDF handling function of the BlackBerrty Attachement Service. Bad stuff.

Via Dark Reading, MessageLabs Reveals Most Spammed States. Illinois apparently has the largest bulls eye painted on its forehead.

Via Information Week, Gmail Privacy Hole Shows User Names. Be careful with Google calendar.

That's it for today's bits. Have a great day.

Kevin

{ 0 comments }