information security links

Howdy folks. Here are some worthy reading items for today.

This was actually posted last month by Don Weber, but I just came across it and thought it worth pointing out. He has written and provided to us all an incident response information collection script that uses only built-in Windows operating systems resources. Nifty!

Danny McPherson provides a classic article published in 1928 by J.B.S Haldane titled "On Being the Right Size." He observes that it is still applicable today in wide variety of topics. Worth a gander.

Rafal Los provides some compelling evidence that while static code analysis can provide value, it does not guarantee that the compiled code will be secure.

Anton Chuvakin writes about "reverse compliance" or purposefully not logging information so that you won't know what is going on. Drazen Drazic posted about not logging to avoid PCI fines last month. Obviously, neither is promoting this type of behavior, but there it is. "Don't ask, Don't Tell" in Information Security 🙂

Dre put up a post that talks about a cross-browser, multi-os browser vulnerability that may not be closed for quite some time.

The folks over at Wouter Veugelen Blog have been putting up a few posts about interesting tools and one of them is call AOSS. It is a bootable CD that will detect and remove deeply embedded malware on windows systems. I haven't played with it yet, but it looks neat. They also point out UBCD4Win, the Ultimate Boot CD for Windows that is useful for repairing broken windows systems.

Finally, Darknet points out that rtpbreak 1.3a has been released. It is an RTP analysis and hacking tool. Again, haven't played with it yet, but will be soon.

Have a great rest of your day!



Hello all. This is a bit later than usual. Been a busy day.

@innismir was hunting for some statistics on data loss and breaches. @bkdelong set him up with a link to which is awesome. Check it out.

FarfromR00tin has an interesting post about a nifty way to gather information about which version of Vista a user may be using. Always helpful to know what your target is running.

JonesJ posted Communication about risk - part 1 which is a good read. Framing is important when we talk about risk.

Danny McPherson over at Arbor Networks posts How Solid Is Your DNS Architecture? where he explores the recent YouTube outage that was caused by DNS issues.

Charl is raising money for CNCF by participating in GobiMarch. Any donations go directly to CNCF since the team is paying for all of their expenses personally.

Mitchell Ashley talks about Measuring Leadership. Several very good points are made.

There is a post up at 0x000000 talking about HTTP Source Streaming. Another case of a vulnerability that is "old school", but still very prevalent.

That's it for today. Have a good rest of the day!


{ 1 comment }