General

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. eBay/Paypal is being particularly bothersome. See why in this post.
    EBay / Paypal Reports Security Blog To FBI For Phish Screenshot - SpywareGuide Greynets Blog
    Tags: ( phishing )
  2. This has nothing to do with information security. I have read several books about Dr. Feynan and his biography. He was a fascinating man and scientist. These classic videos will be fun to watch. Note: You have to have Silverlight 3.0 installed to watch them. Sorry.
    The Messenger Series - Microsoft Research - Richard Feynman
    Tags: ( general )
  3. Richard has followed up his "$1 millon dollar/yer Black Hat Team" post with one for the whitehats. It is not near as easy for the whilehats.
    TaoSecurity: White Hat Budgeting
    Tags: ( general )
  4. Get'em while they're hot. Rainbow tables for WPA.
    SecuriTeam Blogs >> Offensive-Security WPA Rainbow Tables
    Tags: ( rainbow-tables wpa )
  5. Adriane brings up something that we should keep in mind when we are pitching a product to our customers or business units. It is very important. They don't really care about the "How cool is that?" argument.
    Securosis Blog | Technology vs. Practicality
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's interesting bits in information security.

  1. This is an interesting story of the DarkMarket sting.
    Three years undercover with the identity thieves
    Tags: ( general )
  2. Just because the website you are visiting is a popular, well-known site doesn't mean that it is complete safe. Conversely, just because a site is declared to host malware, doesn't mean they whole site is malicious.
    70 Of Top 100 Web Sites Spread Malware -- Malware -- InformationWeek
    Tags: ( malware )
  3. Want to get some personally identifiable information on somebody. Find out where they get the dry cleaning done and get a job. Wow.
    9,000 USBs left in Laundrettes : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( data gathering breach usb )
  4. Time to patch Quicktime.
    QuickTime 7.6 Fixes First 7 Bugs of 2009 - Security Watch
    Tags: ( vulnerability patches quicktime )
  5. I pointed this out recently. Looks like Seagate users are going to need to patch again.
    Seagate Offers Second Fix For Hard-Drive Firmware -- Storage Security -- InformationWeek
    Tags: ( availability )
  6. This is very cool. I use OpenDNS at home and have never been happier.
    New Security Services Land In Home Routers - DarkReading
    Tags: ( home-networking )
  7. Gonna be a meetup for podcasters at ShmooCon. Looks like a lot of fun.
    Podcasters Meetup at ShmooCon - Room362.com
    Tags: ( conferences meetup shmoocon )
  8. A very nice article about why we need to keep identity and authentication as separate and distinct.
    Hat tip: http://www.schneier.com/blog/archives/2009/01/identity_authen.html
    It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct
    Tags: ( identity authentication access-control )
  9. A new blog talking about SSL and some of the pitfalls one can come across in various implementations.
    Introducing SSLFail.com | tssci security
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Sorry for the late post folks. Been a busy, busy day. Below you find a post by RSnake begging for discussion, EFF pushing for modification to DMCA, a method to secure BGP, how we communicate to our users is important, the final part of an risk assessment using FAIR, SQL firewalls, and the fact that BeanSec is next week. Have a great weekend.

  1. Crime and Punishment ha.ckers.org web application security lab
    Tags: ( general opinion )
  2. This would benefit everybody.
    EFF pushes for legal handset jail-breaks - vnunet.com
    Tags: ( cellphone drm )
  3. This will be a definite improvement. There have been several cases of BGP errors causing significant problems in the year or so.
    U.S. plots major upgrade to Internet router security - Network World
    Tags: ( bgp bgpsec )
  4. David reminds us that how a message is delivered just as important as why the message is delivered.
    The Power of Positive Rethinking : The Security Catalyst
    Tags: ( communication )
  5. Part 4 of Chris's latest FAIR assessment is posted.
    Risk Scenario - Hidden Field / Sensitive Information (Part 4 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  6. It was only a matter of time before we started seeing SQL firewalls. Not saying it's a bad thing.
    /dev/random >> Blog Archive >> Databases Protection with GreenSQL
    Tags: ( firewall sql )
  7. Beansec next week.
    Rational Survivability: BeanSec! Wednesday, January 21st, 2009 - 6PM to ?
    Tags: ( beansec meetings )
  8. Yes, indeed. I and others have said it more than once, compliance does not equal security.
    Network Security Blog >> "Security first" please!
    Tags: ( security pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks 🙂
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I mentioned this white paper when I did my RSA Europe recap back in October. It is worth a read. * the link goes directly to the PDF
    Web 2.0 Security and Privacy
    Tags: ( privacy enisa )
  2. Here are some things you can do to protect yourself against the 0-day exploit that works against IE7.
    Microsoft talks up countermeasures to fend off new IE attacks
    Tags: ( vulnerability microsoft ie7 )
  3. Adding to the growing pile of recent 0-day exploits for Microsoft products, there appears to be one for SQL Server.
    Security pros groan as zero-day hits Microsoft's SQL Server * The Register
    Tags: ( exploit vulnerability 0day sqlserver micrsoft )
  4. Some good general guidance for how to react in the event you have a data breach. I would offer that it is good advice for everybody involved and not just the CIO.
    How a CIO should deal with aftermath of a data breach
    Tags: ( data breach )
  5. looks like Cisco is in for a legal fight.
    Cisco sued by Free Software Foundation for copyright infringement - Network World
    Tags: ( general )
  6. Innismir weighs in on the recent meme of penetration testing being dead. He, like most of us involved in the discussion, doesn't think its dead either.
    innismir.net -- Pentration Testing - Not Quite Dead Yet
    Tags: ( pentest )
  7. Rich brings up some good points. Worth reading and thinking about.
    How The Cloud Destroys Everything I Love (About Web App Security) | securosis.com
    Tags: ( cloud webappsec )
  8. WhiteHat Security's quarterly report on website security statistics is available for download. This is the sixth one they have put out. Good stuff in there.
    Jeremiah Grossman: Sixth Quarterly Website Security Statistics Report
    Tags: ( general reports )
  9. Jeremiah offers some really good guidance for justifying your budget for web application security spending.
    Jeremiah Grossman: Budgeting for Web Application Security
    Tags: ( webappsec )
  10. Here's a framework for SAP pen testing.
    sapyto v0.98 Released - SAP Penetration Testing Framework Tool | Darknet - The Darkside
    Tags: ( pentest sap )
  11. You can't make this stuff up. Remember folks, you have to make sure that all data is removed form devices before you get rid of them.
    Liquidmatrix Security Digest >> McCain Campaign Sells Off... Data?
    Tags: ( data leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. If any of these apply to your organization you have some work to do.
    http://www.networkworld.com/news/2008/121008-the-seven-deadly-sins-of.html
    Tags: ( program )
  2. Looks like there is another 0-day out.
    Microsoft looking into WordPad zero-day flaw | Security - CNET News
    Tags: ( vulnerability microsoft wordpad )
  3. Shrdlu offers some good suggestions on preparing for next year.
    Layer 8: Out with the old, in with the new.
    Tags: ( general )
  4. Nifty. Five security related distributions in one.
    Ask and you shall receive - SumoLinux - Room362.com
    Tags: ( tools linux distro )
  5. Rich puts to paper (work with me) the same thoughts I had when I read about the direction China is thinking of taking in regards to technical information of products entering China.
    A Good (Potential) Risk Management IQ Test For Management | securosis.com
    Tags: ( general )
  6. Google gives a nifty resource.
    Google's Browser Security Handbook | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( security browser google books )
  7. Part 5 of this great series is now available. If you haven't read the previous parts, they are linked in the first paragraph.
    Building a Web Application Security Program, Part 5: Secure Development | securosis.com
    Tags: ( webappsec program )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }