Firefox

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a good article to look at if you are thinking about the cloud and your business. (Hat Tip: @infosecstuff)
    Cloud Security: Ten Questions to Ask Before You Jump In
    Tags: ( cloud )
  2. Another interesting tool today. Use Bing to find associated IP address and DNS hostnames. (Hat Tip: @lbhuston)
    Bing Web Server Probe
    Tags: ( tools webappsec )
  3. This looks like an interesting tool to add to your web app sec Firefox toolkit.
    Groundspeed 1.1 - Web Application Security Add-on For Firefox | Darknet - The Darkside
    Tags: ( webappsec tools firefox )
  4. Jarrod shares how he got into information security and offers some thoughts on making your own move.
    /dev/null - ramblings of an infosec professional: How to Get A Start in Information Security
    Tags: ( career )
  5. Ben is up next on the D-list interviews. I know Ben from Twitter and hope we can meet IRL someday.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Ben Jackson
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here is part 2 of my catch-up posts.

  1. Argument For Anonymity - Secure Computing: Sec-C
    Tags: ( anonymity )
  2. RaDaJo (RAul, DAvid and JOrge) Security Blog: Samurai Web Testing Framework (WTF) Firefox Add-ons Collection
    Tags: (  firefox add-ons )
  3. Medical Records: Stored in the Cloud, Sold on the Open Market | Threat Level | Wired.com
    Tags: ( data-leakage phi cloud )
  4. Moving from a Threat Centric to Trust Centric Endpoint Management Model | Optimal Security: The Lumension Blog
    Tags: ( whitelisting malware )
  5. SharePoint and Security | Retail Information Security
    Tags: ( sharepoint )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

In the Interesting Bits post for today I pointed to an article that spoke about a flaw in Firefox 3.5 that supposedly resulted in DNS queries not being proxied correctly when using a SOCKS proxy.

Eric "SecRunner" posted a comment that this was not the case. He indicated that it was a proxy management add-on that is the culprit.

He is absolutely correct in his assertion that Firefox 3.5 does not leak DNS queries when a SOCKS proxy is configured. I tested it myself in my lab and saw no leakage.

I have not personally confirmed the proxy management add-on issue at this time so will refrain from commenting on that.

I apologize for feeding you erroneous information.

-Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The videos from Source Boston 2009 are available. Good stuff.
    Source Boston 2009 Videos
    Tags: ( source )
  2. A very nice example of data leakage.
    Firefox 3.5 DNS LEAKS like a waterfall | The Edge of I-Hacked
    Tags: ( firefox dns )
  3. Panda's second challenge is up.
    Panda Challenge: Medium Level - PandaLabs
    Tags: ( challenge )
  4. Keydet89 answers the questions "What is the worst thing an incident response team internally will do?"
    Windows Incident Response: SANS Summit Question
    Tags: ( incident-response )
  5. Not security related, but it's bugged me for a while. I love Firefox, but the molasses slow start time is a real joy killer. Finally an explanation why. Hopefully a fix will come out soon.
    Slow Firefox 3.5 start up time - News - The H Security: News and features
    Tags: ( firefox )
  6. I strongly suggest you read this post before you test out the OpenOwn.c code that is running about. In other words, you will hurt yourself if you don't.
    Secdev - Thierry Zoller: 0pen0wn.c - Shellcode "dissasembled"
    Tags: ( hacker dont-do-that )
  7. As @id084895 says, "wow, just discovered Robtex.com !!! Your src for whois, bgp, AS, RBL checks and lost more: simple & fast => i like ;-)"
    robtex
    Tags: ( tools on-line )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You have (hopefully) an information security policy. You also have an (shame on you if you don't) acceptable use policy. How about a social media policy? Hat tip @agent0x0 who retweeted @koskim
    Should Your Company Have a Social Media Policy?
    Tags: ( policy social-media )
  2. Some nice tips on what to do and what not to do when you land that interview in today's difficult markets.
    10 Dos and Don'ts for Security Job Interviews - CSO Online - Security and Risk
    Tags: ( career interviewing )
  3. This is pretty nifty and a great way to maintain backwards compatibility with applications that require Windows XP to run when you move to Windows 7.
    Windows 7's XP Mode and Security
    Tags: ( windows-7 xp-mode )
  4. I don't own a Mac, so I have not read this article in depth. However, it certainly can't hurt to check it out and send it to those who do have Macs that might benefit from the information within.
    15 easy fixes for Mac security risks
    Tags: ( macosx securing )
  5. ENISA is conducting a security risk assessment of cloud computing. They are interested in your input. Go forth and opine on their survey.
    ENISA Cloud Risk Assessment: What Are Your Concerns about Cloud Computing? | Cloud Security
    Tags: ( cloud assessment enisa )
  6. Time to patch Firefox if you haven't already. For those running the beta, beta 4 is out also.
    Mozilla Updates Firefox, Now At Version 3.0.10
    Tags: ( vulnerability firefox patches )
  7. I attended part 1 and it was quite good. Check it out.
    The Ethical Hacker Network - Webcast: Modern Social Engineering Part II - Top 5 Ways to Manipulate Humans Over the Wire
    Tags: ( webcasts social-engineering )
  8. Chris's thoughts on the Verizon Breach report.
    2009 Verizon Breach Report << Risktical Ramblings
    Tags: ( verizon dbir )
  9. John talks about an interesting report that takes a look at the cost of a lost laptop. Not as obvious as you might think.
    The Real Costs Of Laptop Loss - Evil Bytes Blog - Dark Reading
    Tags: ( laptops )
  10. Dan's list of 10 add-ons that information security professionals might find helpful. I use several of them.
    10 Essential Firefox Plugins for the Infosec Professional | dmiessler.com
    Tags: ( firefox add-ons )
  11. Some nifty updates and changes in the Jeriko project. Check it out.
    Jeriko Group and Source Code Repository | GNUCITIZEN
    Tags: ( pentest jeriko )
  12. Time to patch your Chrome installations.
    Google Releases Chrome Browser Security Fix
    Tags: ( google chrome )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good morning everybody! How about an early dose of the Bits? 🙂

Here are today's Interesting Information Security Bits from around the web.

  1. A nice post by Bill that speaks to an important point. We don't have to be perfect, but we have to be willing to try to be.
    A Tale of Two Vendors or Security Sells : The Security Catalyst
    Tags: ( general )
  2. Time to patch your Firefox. This version addresses the 0-day used at CanSecWest to exploit Firefox.
    Firefox 3.08 Released - Security Watch
    Tags: ( firefox patches vulnerability )
  3. This Network World article points to a report released yesterday "Tracking GhostNet: Investigating a Cyber Espionage Network." From the report:
    "This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs."
    Deep computer-spying network touched 103 countries - Network World
    Tags: ( espionage )
  4. Want to know if you skill set is in demand? Here is a list of the top 10  Network World pulled from a recent Foote Partners survey.
    Top 10 technology skills - Network World
    Tags: ( career )
  5. The Yubikey is a nifty little tool that I ran across as RSA Europe last fall. Xavier has posted a nice tutorial on using one to authenticate to a Linux machine.
    /dev/random >> Blog Archive >> Yubikey Authentication on Linux
    Tags: ( tools yubikey )
  6. The Call for Papers is open for Metricon. If you are into metrics, go submit something.
    Emergent Chaos: Metricon 4.0 Call for Papers
    Tags: ( conference metricon cfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You may have already heard, but Heartland and RBS are having some PCI issues.
    Visa yanks creds for payment card processing pair * The Register
    Tags: ( pci )
  2. Good tips and suggestions here.
    Gaining and Maintaining Professional Momentum During Difficult Times : The Security Catalyst
    Tags: ( career )
  3. Nifty information on digging into what information Firefox keeps as you peruse the internet.
    Firefox 3.X Forensics: Using F3e << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics firefox )
  4. A nice source for lots of HIPAA information. (Via @privacyprof)
    FAQ: What is the impact of HIPAA on IT operations?
    Tags: ( hipaa )
  5. Yup. Part 3 of Synjunkie's "Abusing Citrix" series is up. Again, good stuff.
    Syn: Abusing Citrix - Part 3
    Tags: ( hacking citrix )
  6. Jeff has a great post about first solutions and thoughts. Good stuff.
    How to Catch a Balloon : The Security Catalyst
    Tags: ( general )
  7. Chris has a real good primer/reminder on performing an effective and complete application security risk assessment. Good stuff. I hope he gets permission to share more details.
    Application Security Risk Assessments << Risktical Ramblings
    Tags: ( risk assessment application )
  8. Bill has a slide show up from his trip to Boston for SOURCEBoston.
    CSO Online - Security and Risk - Slideshow - SOURCE Boston Security Conference - Slide 1
    Tags: ( source conferences )
  9. Wow. Just wow. (via @brianhonan)
    Drunken BOFH wreaks $1.2m in Oz damage * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch Firefox again. Yup, again.
    Firefox 3.07 and Other Mozilla Apps Fix Several Vulnerabilities - Security Watch
    Tags: ( browser firefox patches )
  2. No click necessary to get owned.
    Quickpost: /JBIG2Decode Trigger Trio << Didier Stevens
    Tags: ( exploit pdf adobe infosce vulnerablility )
  3. My first reaction to this is, "Privacy just died." Then I stopped and thought about wire-taps that are allowed in the United States with appropriate warrants and wondered if I was overreacting. I've landed on being very concerned.
    Police will have power to secretly search homes [in the NSW jurisdiction of Australia]| The Daily Telegraph
    Tags: ( privacy surveillance )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Title pretty much says it all.
    Verizon to Shut Off Outbound Port 25 E-mail Submission - Security Watch
    Tags: ( spam )
  2. If anybody in your organization ever asks about anybody ever paying fines for HIPAA violations, you can tell them yes.
    CVS pays $2.25 million HIPAA settlement
    Tags: ( hipaa settlment )
  3. There is a lot of good stuff in here with references for further investigation if you wish.
    Carnal0wnage Blog: UT SSE Presentation: Introduction to Software Security and Threat Modeling
    Tags: ( security threat modeling software )
  4. A nice post on some steps to take to get into InfoSec.
    MSI :: State of Security >> So, You Wanna Be in InfoSec?
    Tags: ( career )
  5. Graham points out a nifty add-on for Firefox. We all get things that have the url shortened for in an attempt to be helpful, this tool shows you what's under the covers so you can click on those urls safely.
    A neat add-on for Twitter | Graham Cluley's blog
    Tags: ( firefox plugin urls )
  6. Tenable got some interesting results when they monitored the ShmooCon public network.
    Tenable Network Security: Packets and Logs Found on the Shmoocon Network
    Tags: ( network scanning )
  7. Sometimes you need a full-blown file integrity suite and sometimes you need something that just gets the job done. Xavier has posted a quick bash script that will get the job done.
    /dev/random >> Blog Archive >> Quick and Dirty Integrity Check Script
    Tags: ( tools scripts integrity file )
  8. Kimmo at F-Secure and Elia Florio of Symantec collaborated on a paper about the evolution of the rootkit Mebroot. The paper is now available.
    Mebroot - F-Secure Weblog : News from the Lab
    Tags: ( malware whitepaper mebroot )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch Firefox.
    Firefox 3.0.6 targets security issues | Security - CNET News
    Tags: ( vulnerability firefox patch )
  2. You might want to be careful what sites you go to when you are logged into the twitter web interface. Also remember, that if you clicked on 'remember me', you are logged in even if you don't have it open in tab.
    Twitter Clickjacking Hack Released - DarkReading
    Tags: ( vulnerability clickjacking twitter )
  3. An interesting article with good points regarding the ability to disable UAC in Windows 7 and the fact that somebody has made a user-space program that does it automatically. Worth a gander.
    Both Sides on the Win7 UAC Problem
    Tags: ( windows-7 uac )
  4. If you're looking for a infosec job, the U.K. may be a good place to check. No idea on immigration and such, but couldn't hurt to take a peak.
    Many computer security jobs are still available in UK >> Computer internet security
    Tags: ( jobs )
  5. The CFP of Black Hat is open. Get your pencils ready and your ideas flowing.
    Black Hat : Black Hat USA 2009 Call For Papers
    Tags: ( blackhat conferences cfp )
  6. Black Fisk warns us to be careful of the number we see in reports on the cost of breached data. He doesn't say dismiss them out of hand, but we are better off if we can come up with some figures specific to our own organizations.
    Black Fist Security: Risk analysis: Cost of breaches and rolling your own numbers
    Tags: ( risk management )
  7. A nice post by Kees. Don't forget that you need to plan on more than one level and to do so you need to keep informed.
    On Situational Awareness - Kees Leune Information Security Blog
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }