enisa

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You have (hopefully) an information security policy. You also have an (shame on you if you don't) acceptable use policy. How about a social media policy? Hat tip @agent0x0 who retweeted @koskim
    Should Your Company Have a Social Media Policy?
    Tags: ( policy social-media )
  2. Some nice tips on what to do and what not to do when you land that interview in today's difficult markets.
    10 Dos and Don'ts for Security Job Interviews - CSO Online - Security and Risk
    Tags: ( career interviewing )
  3. This is pretty nifty and a great way to maintain backwards compatibility with applications that require Windows XP to run when you move to Windows 7.
    Windows 7's XP Mode and Security
    Tags: ( windows-7 xp-mode )
  4. I don't own a Mac, so I have not read this article in depth. However, it certainly can't hurt to check it out and send it to those who do have Macs that might benefit from the information within.
    15 easy fixes for Mac security risks
    Tags: ( macosx securing )
  5. ENISA is conducting a security risk assessment of cloud computing. They are interested in your input. Go forth and opine on their survey.
    ENISA Cloud Risk Assessment: What Are Your Concerns about Cloud Computing? | Cloud Security
    Tags: ( cloud assessment enisa )
  6. Time to patch Firefox if you haven't already. For those running the beta, beta 4 is out also.
    Mozilla Updates Firefox, Now At Version 3.0.10
    Tags: ( vulnerability firefox patches )
  7. I attended part 1 and it was quite good. Check it out.
    The Ethical Hacker Network - Webcast: Modern Social Engineering Part II - Top 5 Ways to Manipulate Humans Over the Wire
    Tags: ( webcasts social-engineering )
  8. Chris's thoughts on the Verizon Breach report.
    2009 Verizon Breach Report << Risktical Ramblings
    Tags: ( verizon dbir )
  9. John talks about an interesting report that takes a look at the cost of a lost laptop. Not as obvious as you might think.
    The Real Costs Of Laptop Loss - Evil Bytes Blog - Dark Reading
    Tags: ( laptops )
  10. Dan's list of 10 add-ons that information security professionals might find helpful. I use several of them.
    10 Essential Firefox Plugins for the Infosec Professional | dmiessler.com
    Tags: ( firefox add-ons )
  11. Some nifty updates and changes in the Jeriko project. Check it out.
    Jeriko Group and Source Code Repository | GNUCITIZEN
    Tags: ( pentest jeriko )
  12. Time to patch your Chrome installations.
    Google Releases Chrome Browser Security Fix
    Tags: ( google chrome )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

What have we got today? Well, super secret spy writing, justification for implementing security measures, be careful with publicly talking about your infrastructure, some PCI discussion, ENISA is looking for some writers, and nice article about making the web more secure.

  1. Super secret spy writing technique brought to by Ax0n. Pretty nifty.
    HiR Information Report: "Secret" messages with Pilot Frixion
    Tags: ( general )
  2. Another way or framework for justifying implementation of security measures. They will be talking about it over the course of several blog posts and releasing the paper soon.
    The Business Justification For Data Security | securosis.com
    Tags: ( risk business justification )
  3. Tom makes are really good point. Be careful how much information you share about your infrastructure publicly. Particularly if you have some challenges to overcome.
    spylogic.net - Who's managing information security in your city?
    Tags: ( data gathering general )
  4. Michael puts forth his perspective on what PCI compliance really means. Then there is some interesting discussion in the comments. You should read it.
    Society of Payment Security Professionals - Compliance Demystified >> Blog Archive >> What PCI compliance really means
    Tags: ( pci )
  5. ENISA is looking for articles for the ENISA Quarterly Review. Topic preference: "Resilience and Security of Communication Networks"
    ENISA Call For Articles
    Tags: ( cfp enisa )
  6. Very nice article with some good ideas on how to better accomplish making the web more secure.
    Blog :: by Wade Woolwine >> Blog Archive >> RE: Alignment of Interests in Web Security
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I mentioned this white paper when I did my RSA Europe recap back in October. It is worth a read. * the link goes directly to the PDF
    Web 2.0 Security and Privacy
    Tags: ( privacy enisa )
  2. Here are some things you can do to protect yourself against the 0-day exploit that works against IE7.
    Microsoft talks up countermeasures to fend off new IE attacks
    Tags: ( vulnerability microsoft ie7 )
  3. Adding to the growing pile of recent 0-day exploits for Microsoft products, there appears to be one for SQL Server.
    Security pros groan as zero-day hits Microsoft's SQL Server * The Register
    Tags: ( exploit vulnerability 0day sqlserver micrsoft )
  4. Some good general guidance for how to react in the event you have a data breach. I would offer that it is good advice for everybody involved and not just the CIO.
    How a CIO should deal with aftermath of a data breach
    Tags: ( data breach )
  5. looks like Cisco is in for a legal fight.
    Cisco sued by Free Software Foundation for copyright infringement - Network World
    Tags: ( general )
  6. Innismir weighs in on the recent meme of penetration testing being dead. He, like most of us involved in the discussion, doesn't think its dead either.
    innismir.net -- Pentration Testing - Not Quite Dead Yet
    Tags: ( pentest )
  7. Rich brings up some good points. Worth reading and thinking about.
    How The Cloud Destroys Everything I Love (About Web App Security) | securosis.com
    Tags: ( cloud webappsec )
  8. WhiteHat Security's quarterly report on website security statistics is available for download. This is the sixth one they have put out. Good stuff in there.
    Jeremiah Grossman: Sixth Quarterly Website Security Statistics Report
    Tags: ( general reports )
  9. Jeremiah offers some really good guidance for justifying your budget for web application security spending.
    Jeremiah Grossman: Budgeting for Web Application Security
    Tags: ( webappsec )
  10. Here's a framework for SAP pen testing.
    sapyto v0.98 Released - SAP Penetration Testing Framework Tool | Darknet - The Darkside
    Tags: ( pentest sap )
  11. You can't make this stuff up. Remember folks, you have to make sure that all data is removed form devices before you get rid of them.
    Liquidmatrix Security Digest >> McCain Campaign Sells Off... Data?
    Tags: ( data leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }