To those in the U.S., welcome back to work unless, of course, you are reading this when it was posted 🙂

Here are some Interesting Information Security Bits from around the web.

  1. Sounds like Paul and I have the same pet peeve. If you are accepting credentials on a page, serve the whole page over SSL, not just the form submission part.
    Not just plain old http | Paul Ducklin's blog
    Tags: ( https integrity )
  2. Are you wondering what is a public network and what is not from a PCI perspective? If so, check out Branden's post.
    Branden Williams's Security Convergence Blog >> The Gobble-Gobble of Public Networks
    Tags: ( pci public )
  3. The call for papers for HITB 2010 Dubai is now open.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Hack In The Box (HITB) Security Conference 2010 Dubai
    Tags: ( conferences cfp hack-in-the-box )
  4. Some interesting data about usernames and passwords used during brute force attacks. It was collected by Microsoft.
    Microsoft Malware Protection Center : Do and don'ts for p@$$w0rd$
    Tags: ( passwords )
  5. The Notocon videos are available now.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Notacon 2009 video files are now online
    Tags: ( conferences notocon videos )
  6. Ever beat your head against the wall because you can't figure out why that stupid program keeps running every time you restart your computer? This fine list will help track down that pesky critter.
    Immutable Security >> Windows Startup Locations
    Tags: ( windows startup )
  7. This is very very cool. How about being able to ssh to your host on port 80, even when it has a fully functional Apache server running on the same port? Like I said, that is seriously cool.
    Creating Ghost Services with Single Packet Authorization
    Tags: ( access-control tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.