intelligence gathering

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very good article on an issue that we need to think about as those who are very social media focused are working in our organizations.
    Lifestyle Hackers - CSO Online - Security and Risk
    Tags: ( social-media )
  2. You know you've been wanting to try it.
    Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
    Tags: ( passwords cloud cracking )
  3. Wonder what the latest changes to MA 201 CMR 17.00 are? Jack does us all a wonderful service by showing us the differences.
    Uncommon Sense Security: diff MA 201 CMR 17.00
    Tags: ( ma-201-cmr-17 )
  4. Part two of SynJunkie's latest story is up.
    Syn: Bobs Double Penetration Adventure - Part 2
    Tags: ( story wifi pentest )
  5. The latest version of Microsoft's Security Intelligence Report is available.
    Download details: Microsoft Security Intelligence Report volume 7 (January - June 2009)
    Tags: ( intelligence report microsoft )
  6. This post points out that we really need to be able to communicate with non-technical audiences. It then points to a new SANS short course that helps us learn how to do that more effectively. Looks very interesting.
    Keys to Professional Communication | Courses, Training | Enclave Forensics
    Tags: ( presenting speaking writing )
  7. This page contains links to a wealth of information on psychology and information security. Fascinating stuff that will keep you busy for quite some time.
    Hat tip: Adam @ The New School of Information Security Blog
    Psychology and Security Resource Page
    Tags: ( psychology )
  8. Here is the third and final part of SpyLogic's Enterprise Open Source Intelligence Gathering series. It focuses on monitoring and social media policies.
    Enterprise Open Source Intelligence Gathering - Part 3 Monitoring and Social Media Policies --
    Tags: ( gathering intelligence )
  9. This is a nicely detailed post on using OWASP ESAPI for output validation. You are validating your output, right? It is actual the second in a series. The first part on input validation is linked to at the beginning and is also worthy of a gander.
    Output Validation using the OWASP ESAPI << Security Ninja
    Tags: ( output-validation owasp esapi )
  10. Anton posits that FUD is good sometimes. Interesting perspective. The New School Security blog has an interseted reponse too:
    A Treatise on FUD -
    Tags: ( iis fud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.