ie

It is Thanksgiving Day week in the U.S. and that means a couple of days off. I decided to tack on an extra day and won't be working tomorrow either. Yay! Five days off in a row.

Anywho, I will also be taking those days off from the Interesting Bits posts so this one will have to tide you over until Monday 🙂

Here are today's Interesting Information Security Bits from around the web.

  1. 10 things to think about not doing when on Facebook. This list will keep you safer.
    Errata Security: 10 Facebook Don'ts
    Tags: ( facebook )
  2. Is your iPhone infected with the Duh worm? Paul tells us how to clean it up.
    How to clean up the Duh iPhone worm | Paul Ducklin's blog
    Tags: ( iphone worm )
  3. Russel is looking for some collaborators on an research project he is working on. It looks to be very interesting. From his post: "The topic is the arms race between attackers and defenders from the perspective of innovation rates and "evolutionary success" - the Red Queen problem (running just to stand still). Here's a sample research question: "can bureaucracies (defenders) keep up with a decentralized black market (attackers)?", and similar." Read the rest of the post and drop him a line if you are interested.
    Information Security as an Evolutionary Arms Race - Research Collaborators Wanted << The New School of Information Security
    Tags: ( research )
  4. Shrdlu once again has penned an article that you should go read. Metrics are great, but they have to mean something.
    The meaning of metrics
    Tags: ( metrics risk )
  5. There is 0-day out there for IE 6 and IE 7. Microsoft's recommendation in some cases is to upgrade to IE 8. Um, oops.
    Major IE8 flaw makes 'safe' sites unsafe
    Tags: ( ie vulnerabilities )
  6. An interesting post that explores a conundrum that some organizations face when trying to comply with PCI. What happens when some of what I do requires me to be out of compliance with PCI-DSS?
    Branden Williams's Security Convergence Blog >> Multi-Function Service Providers, What To Do?
    Tags: ( pci )
  7. From the post: "We have uploaded the audio recording of select talks from the Ohio Information Security Summit that took place October 29-30, 2009 in Cleveland, Ohio." Looks like some good stuff is available. Check out the post for the details.
    Security Justice >> Blog Archive >> Select Talks from ISS2009 Now Available for Download
    Tags: ( audo conferences talks )
  8. A new tool is available that shows some interesting things about the internet.
    Room362.com - Blog - SHODAN The Computer Search
    Tags: ( tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Looks like we may have some work to do to secure our IE installations.
    IE 7 and 8 Default Security Leaves Intranets At Risk - DarkReading
    Tags: ( ie )
  2. Congratulations to the guys at Liquidmatrix! 3000 posts and counting.
    Milestone Post 3000 For Liquidmatrix : Liquidmatrix Security Digest
    Tags: ( general )
  3. This is not good. Not good as in, very bad. If you allow virtual guests with different security characteristics to live on the same host, you might want to rethink that decision.
    VMware exploits - just how bad is it ? - isc
    Tags: ( exploits virtualization )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nifty new tools that scans your Flash source code looking for flaws. Always remember that static code analysis is not a panacea.
    Free HP SWFScan tool detects Adobe Flash flaws
    Tags: ( flash )
  2. Some suggested settings to help make your surfing safer with IE. Installing IE 8 will go a long way towards achieving that goal too.
    10 IE Browser Settings for Safer Surfing - Network World
    Tags: ( ie )
  3. Latest AV-Comparatives update is out.
    AV-Comparatives February 2009 report: four winners - Ars Technica
    Tags: ( testing anti-virus )
  4. Very interesting. A botnet that attacks dsl modems and routers.
    Stealthy router-based botnet worm squirming | Zero Day | ZDNet.com
    Tags: ( malware botnet )
  5. Disabling autorun. A very good idea. Rasvan lets us know how.
    Windows 7 Security Tips #1 - Malware City Blogs
    Tags: ( security tips windows-7 )
  6. Ioana asks some really good questions that we should all think about in relationship to our own teams. Being able to eventually answer yes to each of those questions will mean that you have a top flight team working to provide excellent service to your customers.
    The Dichotomy of Customer Service : The Security Catalyst
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here we go.

From the Blogosphere.

F-Secure has released their Security Threat Summary for the First Half of 2008.

(IN)SECURE Magazine issue 17 is available. Good stuff as always.

Continuing their week of War on WAF's (Web Application Firewall), ts/sci security talks about language specificity in WAFs.

Well, looky there, there's as a new Zero-day flaw in Internet Explorer. Who'd a thunk it? Caveat: It is for version 6.

From the Newsosphere.

Nothing today.

Have a good one folks.

Kevin

Technorati Tags: , ,

{ 0 comments }