fud

Hello there! Just wanted to let you know that this Bits post is the last one you will likely see this year. I am taking some time off from the day gig and decided I am also going to do the same here. You might see a post or two if something strikes my fancy, but the Bits posts will be on hiatus.

We'llĀ  be picking back up on January 4th.

Here are today's Interesting Information Security Bits from around the web.

  1. Another great FUDSec article.
    FUD and Other Sales Errors - fudsec.com
    Tags: ( fud )
  2. Want to build a custom wordlist based on a website for password cracking? Look no further. Here is nice how-to on getting that setup.
    Will Hack For SUSHI >> Wordlist Generation - CeWL on Ubuntu
    Tags: ( wordlist password )
  3. George has put together a nice how-to on setting up a logging virtual machine using syslog-ng, splunk and vmware. Very good stuff.
    Building a logging VM - syslog-ng and Splunk | George Starcher
    Tags: ( loging splunk )
  4. Some good information on NTLM reflection.
    Reflecting on NTLM Reflection
    Tags: ( ntlm reflection )
  5. Here is a fun fictional story about a 'lost' laptop.
    The Confessions of a Chief Executive and his lost laptop | Infosec Cynic
    Tags: ( story laptop encryption )
  6. I always get a kick of walk-through/how-we-did-it stories. This is the beginning of a series about a physical pen test.
    Red Team Physical Security Penetration Test
    Tags: ( pentest )
  7. This is absolutely full of awesome sauce. Go check it out.
    'Twas the night before D-DoS << wirewatcher
    Tags: ( poem )
  8. If you are not familiar with SteadyState and are responsible or kiosks, labs, etc., you should check out this page.
    Maintain Shared Computers with the Free Windows SteadyState Tool
    Tags: ( kiosk )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very good article on an issue that we need to think about as those who are very social media focused are working in our organizations.
    Lifestyle Hackers - CSO Online - Security and Risk
    Tags: ( social-media )
  2. You know you've been wanting to try it.
    Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
    Tags: ( passwords cloud cracking )
  3. Wonder what the latest changes to MA 201 CMR 17.00 are? Jack does us all a wonderful service by showing us the differences.
    Uncommon Sense Security: diff MA 201 CMR 17.00
    Tags: ( ma-201-cmr-17 )
  4. Part two of SynJunkie's latest story is up.
    Syn: Bobs Double Penetration Adventure - Part 2
    Tags: ( story wifi pentest )
  5. The latest version of Microsoft's Security Intelligence Report is available.
    Download details: Microsoft Security Intelligence Report volume 7 (January - June 2009)
    Tags: ( intelligence report microsoft )
  6. This post points out that we really need to be able to communicate with non-technical audiences. It then points to a new SANS short course that helps us learn how to do that more effectively. Looks very interesting.
    Keys to Professional Communication | Courses, Training | Enclave Forensics
    Tags: ( presenting speaking writing )
  7. This page contains links to a wealth of information on psychology and information security. Fascinating stuff that will keep you busy for quite some time.
    Hat tip: Adam @ The New School of Information Security Blog
    Psychology and Security Resource Page
    Tags: ( psychology )
  8. Here is the third and final part of SpyLogic's Enterprise Open Source Intelligence Gathering series. It focuses on monitoring and social media policies.
    Enterprise Open Source Intelligence Gathering - Part 3 Monitoring and Social Media Policies -- spylogic.net
    Tags: ( gathering intelligence )
  9. This is a nicely detailed post on using OWASP ESAPI for output validation. You are validating your output, right? It is actual the second in a series. The first part on input validation is linked to at the beginning and is also worthy of a gander.
    Output Validation using the OWASP ESAPI << Security Ninja
    Tags: ( output-validation owasp esapi )
  10. Anton posits that FUD is good sometimes. Interesting perspective. The New School Security blog has an interseted reponse too: http://newschoolsecurity.com/2009/10/just-say-no-to-fud/
    A Treatise on FUD - fudsec.com
    Tags: ( iis fud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NSS Labs has published their third quarter Browser Security Test.
    Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
    Tags: ( browser )
  2. The Call for Speakers for RSA USA 2010 has been extended a week. Deadline is now August 21st.
    Call for Speakers
    Tags: ( rsa cfp )
  3. Brian talks about hype in the information security market.
    Hyper Security - fudsec.com
    Tags: ( fud )
  4. It has been talked about quite a bit over the last year or more. Can a cloud based solution be PCI compliant? Looks like the answer to that question has been given and by one of the larger cloud providers.
    Network Security Blog >> Cannot achieve PCI compliance with Amazon EC2/S3
    Tags: ( pci cloud )
  5. This is interesting. A botnet being controlled via Twitter.
    >> Twitter-based Botnet Command Channel * Security to the Core | Arbor Networks Security
    Tags: ( twitter botnet )
  6. Is your cell phone telling tales on you? Looks like the Palm Pre might be.
    Is Your Palm Pre Watching You? : Liquidmatrix Security Digest
    Tags: ( surveillance )
  7. Dave offers up a tutorial on encrypting your data backups on the cheap.
    IT Security Expert: Secure Encrypted Data Backup on a Budget Tutorial
    Tags: ( backup encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }