forensics

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Not exactly InfoSec related, but some very good advice for those who telecommute, even those who do so part-time.
    Tips for New Telecommuters Who've Been Laid Off or Fired - Network World
    Tags: ( telecommuting )
  2. Are your proxies doing their jobs? Are you sure all your users are going through them as they should be.
    Unauthorized Web Use On The Rise, Sneaking By IT - DarkReading
    Tags: ( proxy )
  3. Go ahead, try that new thing. To try and fail and learn from that failure is infinitely better than to never try at all!
    Fail Better : The Security Catalyst
    Tags: ( general )
  4. Hal shows us a situation we need to be aware of when using some command line tools for exploring text in forensics images.
    Missed It By That Much! << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics tips )
  5. Shack is asking our opinion on a few questions about changes we might be thinking about in our organization's security programs because of the economic environment's impact on staffing and resourcing. Drop by and give him your thoughts.
    ShackF00 >> Infosec Impacts from Understaffing
    Tags: ( general )
  6. Like the title says, the last of the Defcon 16 videos have been updated and await you viewing pleasure.
    Last of the Defcon videos uploaded | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( videos conference defcon )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. If you happen to be running a hacked version of Vista Ultimate, you might want to stop that. Microsoft renews Vista anticrack campaign Tags: ( piracy )
  2. Make sure you are providing value to your employer. According to this article, security is not safe from economic downturn. Survey: Economy Forces Many to Slash, Freeze Security Staff - Network World Tags: ( career employment )
  3. Michael has a few scripts for us that help us gather information from PDFs and such. Much goodness. Perl scripts for parsing PDFs, MACs, IPs, URLs, etc. << SANS Computer Forensics, Investigation, and Response Tags: ( tools forensics perl )
  4. Hoff points us to the World Privacy Forum's Cloud Privacy Report. Should be an interesting read. Rational Survivability: Interesting Read: The World Privacy Forum's Cloud Privacy Report Tags: ( cloud privacy )

That's it for today. Have fun! Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. If you were thinking about changing patch management software vendors, BigFix might be able to save you some cashola. Disclaimer: I do not work for or have any interest in BigFix.
    BigFix hits rivals with 50% price chop - Network World
    Tags: ( patching )
  2. Another list of top whatevers. Worth a glance.
    Defense agencies list top 20 security controls | Security - CNET News
    Tags: ( general )
  3. Surprise, surprise. Another piece of malicious software on Facebook. This is why I A) Don't user very many Facebook apps and B) don't accept requests from folks for things like "Flair" and "Drinks."
    Facebook users targeted by rogue application | Security - CNET News
    Tags: ( malware facebook )
  4. Christofer or The Hoff, as he is frequently called, has a post up that has a very good point we should all take to heart.
    Rational Survivability: Trust But Verify? That's An Oxymoron...
    Tags: ( general )
  5. Jeremiah's Top Ten Web Hacking techniques for 2008 is out.
    Jeremiah Grossman: Top Ten Web Hacking Techniques of 2008 (Official)
    Tags: ( hacking top-ten )
  6. The first of a couple of articles that will explore how the Heartland issue might have occurred. This one is a primer of empty disk space. Good stuff.
    Ascension Blog >> Don't let what Happened to Heartland Happen to You - Part One
    Tags: ( forensics )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. Rob has a really nice post up for those who are participating in cyber defense competitions as the defenders. Having just participated on the red team (hackers) this weekend for such a competition, I can say that some of the teams would have benefited greatly from this post 🙂
    Winning Hacker Competitions as Defenders - Room362.com
    Tags: ( cdc )
  2. Hoff has some really good points in this post. Rational Survivability: What People REALLY Mean When They Say "THE Cloud" Is More Secure...
    Tags: ( cloud saas )
  3. Synjunkie gives us the 10 steps he takes to secure his consumer grade wireless routes. It's a good list.
    Syn: 10 Steps to Securing a Wireless Router
    Tags: ( wireless tips )
  4. A nice little guide to finding "bad stuff" in a windows image.
    Windows Incident Response: Looking for "Bad Stuff", part I
    Tags: ( forensics )
  5. A nice article on change management and its importance.
    Black Fist Security: Change Management and some Misc stuff
    Tags: ( change-management )
  6. This should be a very interesting webcast.
    The Ethical Hacker Network - Webcast: Modern Social Engineering - A Vital Component of Pen Testing
    Tags: ( webcast social-engineering )
  7. From the post: "We just released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration."
    New Version of dnsmap out! | GNUCITIZEN
    Tags: ( tools dnsmap )

That's it for today.
Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch your wlan controllers if they are made by Cisco.
    Cisco warns of four WLAN controller vulnerabilities - Network World
    Tags: ( vulnerability cisco patches wlan controllers )
  2. Looks like some new courses are going to be offered at SANSFIRE 2009.
    New Forensic Courses Offered at SANSFIRE 2009 << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics training sans )
  3. Interesting recap of the recent RBS Worldpay theft.
    Data Breach Notification Law Fail << SANS Computer Forensics, Investigation, and Response
    Tags: ( cybercrime )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Another day of great content. Enjoy.

Here are today's Interesting Information Security Bits from around the web.

  1. VeriSign has stepped up and offered replacement SSL certs free of change to all customers with MD5-based certs. They have also implemented SHA-1 for all certs now. Should have happened much earlier, but at least they were quick in there response.
    VeriSign addresses MD5 flaw
    Tags: ( vulnerability ssl general cert )
  2. Good guidance for us all and some suggestions on how to go about doing it.
    Know your network to keep it secure :: SearchNetworking.com.au
    Tags: ( network )
  3. Forrester is indicating that security spending may be taking a bigger chunk of IT spending in 2009.
    Despite Economy, Security Spending To Increase In 2009 - security industry/Management - DarkReading
    Tags: ( general spending 2009 )
  4. Oops. Trusted Execution Technology might not deserve to be trusted as much as we were lead to believe.
    Researchers hack into Intel's vPro - Network World
    Tags: ( txt )
  5. This is nifty. A nice visualization of botnet IRC channel joins.
    Flashy botnet is Flashy - F-Secure Weblog : News from the Lab
    Tags: ( botnet visualization )
  6. Erik has part 1 of a series that will address securing our Linux hosts.
    Art of Information Security >> Secure Your Linux Host - Part 1: Foundations...
    Tags: ( linux securing )
  7. Donald points us to a paper written by Brett Shavers about virtual machines and forensics analysis. I just added it to my stack of stuff to read.
    Forensic reading - Malta Info Security
    Tags: ( forensics virtualization vmware )
  8. A very good read. Well written and has a good point.
    Could the Titanic have changed course? | The Guerilla CISO
    Tags: ( general compliance checklists )
  9. I have pointed to all the previous parts of the this series of posts. The first paragraph has links to them also. I really like how they have brought all the previous posts together by showing some use cases. Well done.
    Building a Web Application Security Program, Part 8: Putting It All Together | securosis.com
    Tags: ( webappsec program )
  10. Adam points us to Maine's Data Breach Study. He points out some interesting tidbits. Enough that I have grabbed the study for reading later.
    Emergent Chaos: Maine Breach Study
    Tags: ( data breach study maine )
  11. Damon has a very nice guest post up on Jennifer Leggio's Feeds blog. It reaches beyond the issues that Twitter was dealing with this weekend.
    The inevitable rise (and fall?) of 'twishing' | Feeds | ZDNet.com
    Tags: ( twitter phishing social-networks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks 🙂
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. PC Pandora has a gift for you parents. A free copy of their software which helps you keep your children safe. Check it out.
    PC Pandora Monitoring Software Absolutely Free !
    Tags: ( childern parental control )
  2. From being sued to being employed. Only in America 🙂
    MIT students to help Boston secure subway fare system | Security - CNET News
    Tags: ( general )
  3. Watch out folks. Looks like more picture frames with malware on them.
    Samsung shipped infected digital picture frames - Network World
    Tags: ( malware usb shipped )
  4. Another x steps to secure Vista article. Still good stuff.
    http://www.networkworld.com/news/2008/122508-secure-your-vista-pc-in.html
    Tags: ( vista )
  5. This looks pretty nifty. Gonna have to download it and play about.
    Happy Holidays!! SANS SIFT Workstation Version 1.2 Released << SANS Computer Forensics, Investigation, and Response
    Tags: ( vmware sans forensics appliance )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. I would say some of the guidance appears a bit more tactical that I would expect for a CSO, but still worth a gander.
    ASIS releases standards detailing CSO role @ The Latest for Security Executives SecurityInfoWatch.com
    Tags: ( cso )
  2. This is a good article to put in front of anybody that thinks that cross-site scripting vulnerabilities are minor and don't really need to be worried about.
    SecuriTeam Blogs >> Cross Site Scripting can cause your stock to tank
    Tags: ( xss )
  3. A very nice article about the recent patching of a flaw in the SimpleDB api.
    What's New in the Amazon Cloud?: Security Vulnerability in Amazon EC2 and SimpleDB Fixed (7.5 Months After Notification) | Cloud Security
    Tags: ( vulnerability patches amazon simpledb )
  4. Martin has a post asking us what we are doing to keep our skills current. Several, including me, have offered some input. There is some good stuff there. Go check it out and add your own ideas.
    Network Security Blog >> Investing in my career
    Tags: ( career education )
  5. Nifty tip on how to mount a filesystem using the alternate superblock when it won't mount normally. Of course, this is from a forensic perspective, but useful from a general perspective also.
    Mounting Images Using Alternate Superblocks << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics mount superblock )
  6. The bad guys are not in this for fun and games. There is value in the data they are taking from you.
    Hundreds of Stolen Data Dumps Found - Security Fix
    Tags: ( data breach )
  7. Looks like there might be some clarification coming regarding PCI and virtualization in 2009. Keep you eyes open.
    http://www.networkworld.com/news/2008/121808-crystal-ball-pci.html
    Tags: ( pci virtualization )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }