flash

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Beware of hasty decisions, early indicators and selection bias.
    (Mis)reading the runes << wirewatcher
    Tags: ( incident-response )
  2. The call for papers for Defcon 18 is open. Get to work.
    DEF CON(r) 18 Hacking Conference - Call for Papers Announcement
    Tags: ( cfg defcon-18 )
  3. As if managing VoIP wasn't difficult enough already, let's through in steganography.
    A new VoIP threat - steganography - RiskPundit
    Tags: ( voip steganography )
  4. This might be a good post to keep handy in the event you need to backout a patch and can't boot.
    Using Linux to back out a Windows XP patch - Computerworld Blogs
    Tags: ( patching recovery )
  5. Challenge number 2 is ready for your attention. Give it a go.
    Forensic Challenge 2010/2 - "browsers under attack" is now online | The Honeynet Project
    Tags: ( forensics challenge )
  6. A lovely article about flash cookies and what they can tell a forensic investigator.
    Local Shared Objects, aka Flash Cookies
    Tags: ( flash cookies privacy )
  7. An interesting topic, tokenization, is covered quite well in this post on InfoCynic.
    A New Approach to Enterprise Data Security | Infosec Cynic
    Tags: ( encryption tokenization )
  8. A few things you should be aware of regarding the HITECH act.
    7 Things You Need to Know About HITECH | Optimal Security: The Lumension Blog
    Tags: ( hitech )
  9. Alex opines on the cloud, metrics and faith. A good read.
    On Cloud Security Metrics >> Dub Cloud
    Tags: ( cloud metrics )
  10. I have attended a couple virtual conferences and enjoyed them. A good line-up here.
    Infosecurity (UK) - 2010 Virtual Conference on Endpoint Security - Beyond the Perimeter - Full conference programme revealed
    Tags: ( conference virtual )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
    Reusable Code: The Mason Jars of Security | threatpost
    Tags: ( programming general )
  2. Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
    Securosis Blog | Why Successful Risk Management is Still a Failure
    Tags: ( general risk-management )
  3. I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
    Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
    Tags: ( reverse-engineering javascript shellcode )
  4. The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
    Offensive Security Exploit Archive Goes live | Security Active Blog
    Tags: ( exploits milw0rm )
  5. This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
    Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
    Tags: ( general )
  6. Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
    Metasploit: Metasploit Framework 3.3 Released!
    Tags: ( metasploit webappsec pentesting )
  7. Here is a quick how-to describing a method to decompile flash files.
    Carnal0wnage Blog: Decompiling Flash Files with SWFScan
    Tags: ( flash decompile webappsec )
  8. An interesting article that explores some real-life cross subdomain exploits.
    Real-Life Examples of Cross-Subdomain Issues | Social Hacking
    Tags: ( cross-subdomain webappsec )
  9. This is going to be a very cool project. Get involved.
    Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
    Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier decided to fuzz his car. Good thing he didn't do it when he was driving down the road.
    /dev/random >> Fuzzing a Car Multimedia System?
    Tags: ( fuzzing )
  2. Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Links/tutorials on writing windows (stack based) exploits
    Tags: ( exploit-writing )
  3. An interesting exploration of the three-way TCP handshake process. Particularly, since it can be a four-way handshake. Very cool. It will be interesting to see what comes out of the research about to happen.
    TCP Portals: The Handshake's a Lie! -- BreakingPoint
    Tags: ( networking tcp-handshake )
  4. There is a new vulnerability in Flash and Mike does a great job of explaining it.
    Skeptikal.org: Flash Origin Attack FAQ
    Tags: ( adobe flash vulnerability )
  5. Thierry ZOLLER has put together a very nice document that describes and demonstrates the recent SSL/TLS vunerability. (Direct link to pdf)
    TLS and SSLv3 vulnerabilitys explained (PDF)
    Tags: ( ssl )
  6. Jack makes some good points about customer data, where it came from and where it is going.
    Uncommon Sense Security: Whose customers are they?
    Tags: ( data-leakage )
  7. Here is another resource to do some free monitoring of your websites.
    HolisticInfoSec.org: Sucuri NBIM: website integrity monitoring for free
    Tags: ( monitoring )
  8. (IN)Secure Magazine issue 23 is out. (Link goes directly to pdf)
    INSECURE-Mag-23.pdf (application/pdf Object)
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty new tools that scans your Flash source code looking for flaws. Always remember that static code analysis is not a panacea.
    Free HP SWFScan tool detects Adobe Flash flaws
    Tags: ( flash )
  2. Some suggested settings to help make your surfing safer with IE. Installing IE 8 will go a long way towards achieving that goal too.
    10 IE Browser Settings for Safer Surfing - Network World
    Tags: ( ie )
  3. Latest AV-Comparatives update is out.
    AV-Comparatives February 2009 report: four winners - Ars Technica
    Tags: ( testing anti-virus )
  4. Very interesting. A botnet that attacks dsl modems and routers.
    Stealthy router-based botnet worm squirming | Zero Day | ZDNet.com
    Tags: ( malware botnet )
  5. Disabling autorun. A very good idea. Rasvan lets us know how.
    Windows 7 Security Tips #1 - Malware City Blogs
    Tags: ( security tips windows-7 )
  6. Ioana asks some really good questions that we should all think about in relationship to our own teams. Being able to eventually answer yes to each of those questions will mean that you have a top flight team working to provide excellent service to your customers.
    The Dichotomy of Customer Service : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }