interview

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The latest edition of the CWE/SANS Top 25 is available now.
    CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
    Tags: ( webappsec )
  2. Who doesn't like stickers? Check out this survey.
    Answer Survey, Get Stickers - F-Secure Weblog : News from the Lab
    Tags: ( survey )
  3. This is pretty nifty. Importing Secunia Advisories into a SIEM/OSSEC.
    /dev/random >> Importing Secunia Advisories into a SIEM/OSSEC
    Tags: ( ossec logging )
  4. Rich and crew have released their latest whitepaper. Check it out.
    Securosis Blog | New Release: Understanding and Selecting a Database Assessment Solution
    Tags: ( database assessment )
  5. Congratulations to Kees for being designated as a SANS Thought Leader! Read his interview here.
    SANS: Security Thought Leaders - Kees Leune
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. For even more links, check out the blog's twitter feed: @InfoSecRamblins.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew has a talk up for consideration for BSidesSF.
    Andrew Hay >> Blog Archive >> Vote For My #BSidesSF Talk "My Life on the Infosec D-List"
    Tags: ( bsidessf )
  2. Apache hit end-of-life today. The last update has been released.
    Apache HTTP Server 1.3's final update released - The H Security: News and Features
    Tags: ( apache )
  3. Ouch. That's a lot of infected machines.
    48% of 22,000,000 Scanned Systems Malware Laden
    Tags: ( malware )
  4. Ben has tossed his hat into the BSidesSF ring too.
    BSides or Be Square: San Francisco and Austin (The Falcon's View)
    Tags: ( conferences bsidessf )
  5. Andrew's next interview is with Rob Fuller. I met Rob last year at RSA. Good guy.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Rob Fuller
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a good article to look at if you are thinking about the cloud and your business. (Hat Tip: @infosecstuff)
    Cloud Security: Ten Questions to Ask Before You Jump In
    Tags: ( cloud )
  2. Another interesting tool today. Use Bing to find associated IP address and DNS hostnames. (Hat Tip: @lbhuston)
    Bing Web Server Probe
    Tags: ( tools webappsec )
  3. This looks like an interesting tool to add to your web app sec Firefox toolkit.
    Groundspeed 1.1 - Web Application Security Add-on For Firefox | Darknet - The Darkside
    Tags: ( webappsec tools firefox )
  4. Jarrod shares how he got into information security and offers some thoughts on making your own move.
    /dev/null - ramblings of an infosec professional: How to Get A Start in Information Security
    Tags: ( career )
  5. Ben is up next on the D-list interviews. I know Ben from Twitter and hope we can meet IRL someday.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Ben Jackson
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The title says it all. SAINT 7 has been released.
    SAINT 7 released
    Tags: ( saint scanner tools )
  2. Anue Systems interviews Jack Daniel.
    Security Pros on Twitter (SPoT): Jack Daniel/@Jack_Daniel - The Network View
    Tags: ( infoec interview )
  3. Lenney Zeltser, who teaches a popular malware analysis course for SANS, has made one of his slide decks available online. The cool part, the speaker notes are included. Note: You can also watch the recorded webcast.
    Introduction to Malware Analysis - Free Webcast by Lenny Zeltser
    Tags: ( malware analysis )
  4. The T2'09 challenge is up.
    T2'09 Challenge - F-Secure Weblog : News from the Lab
    Tags: ( challenge )
  5. This is the second half of a post pointed to recently. Interesting stuff.
    >> The Internet After Dark (Part 2) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  6. So, um, all those wonderful security cameras...basically worth bupkiss in stopping or solving crime. There goes that argument for why Big Brother is your friend.
    Schneier on Security: On London's Surveillance Cameras
    Tags: ( surveillance privacy cameras )
  7. An interesting exploration of free security products.
    Plausible Deniability >> Freegan-ism: how free product might upset the anti malware space
    Tags: ( anti-virus anti-malware opinion )
  8. If you are running an FTP server on top of IIS 5 or 6 on Windows 2000, you will want to check this out and put in some extra logging if you can't turn that puppy off.
    IIS5&6 FTP Stack Overflow Zeroday : Liquidmatrix Security Digest
    Tags: ( iis ftp win2k )
  9. The author has a very good point. Worth a read.
    stop the alert(); - The HP Security Laboratory Blog | HP Web Application Security -
    Tags: ( xss )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I missed Blackhat and Defcon this year and I was bummed about it. The SecurityBSides event that I also missed just made it worse. 🙁
    SecurityBSides: The Best-Kept Vegas Secret - Hacked Off - Dark Reading
    Tags: ( securitybsides )
  2. The Infosec Cynic gets stuck in the lift with Rebecca Herold.
    Rebecca Herold - Stuck in the lift with the cynic | The Infosec Cynic
    Tags: ( interview )
  3. Here is a Google talk from Nate Lawson on common cryptology flaws.
    Google Tech Talk on common crypto flaws << root labs rdist
    Tags: ( cryptography )
  4. A new tool is available from GNUCITIZEN. Unfortunately, it is only available for Mac right now. Windows and Linux releases to come in the future.
    Free Web Application Security Testing Tool | GNUCITIZEN
    Tags: ( webappsec tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A new site is being launched that looks very nice. Check it out for social media specific security information.
    Launching: SocialMediaSecurity.com -- spylogic.net
    Tags: ( social-media )
  2. The Infosec Cynic interviews Kai Roer, the most positive individual in information security 🙂
    Kai Roer stuck in the lift with the Cynic | The Infosec Cynic
    Tags: ( interview )
  3. Wanna save some cash getting into Defcon? Give this a try 🙂
    Just because it's defcon17 | The Edge of I-Hacked
    Tags: ( defcon17 )
  4. This isn't good. Hope they figure out how to do this more securely.
    Researchers find insecure BIOS 'rootkit' pre-loaded in laptops | Zero Day | ZDNet.com
    Tags: ( bios rootkit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Raf interviews Andre Gironda.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
    Tags: ( interview )
  2. Here is the solution and winners of the third PandaLabs challenge.
    3rd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  3. Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
    Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
    Tags: ( webappsec )
  4. Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
    Project Quant Version 1.0 Report and Survey Results
    Tags: ( patching )
  5. Part 3 of Ax0n's recipe for evilness.
    HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
    Tags: ( wireless hacking )
  6. Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
    Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
    Tags: ( registry malware )
  7. Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
    Looking beyond the surface ... << The Security Kitchen
    Tags: ( data-leakage )
  8. Martin points out some basic truths you should be aware of.
    Incident Response Leadership: Basic Truths : The Security Catalyst
    Tags: ( incident-response )
  9. You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
    Uncommon Sense Security: A good primer on Social Networking and Security Risks
    Tags: ( social-networks )
  10. Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
    Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Heh. This looks like a fun project.
    War-walking case << Infosanity's Blog
    Tags: ( wireless hacking )
  2. The Sophos mid-year threat report is out.
    Download Sophos Security Threat report: Jan-July 2009 | Graham Cluley's blog
    Tags: ( report threat )
  3. Trey Ford is next up in Raf's interview series. I feel lucky that so far I have met and gotten to talk with, live and in person, three of the four interviewed so far.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Trey Ford
    Tags: ( interview )
  4. Lee Kushner and Mike Murray did a survey asking questions about job satisfaction in information security. Here is a bit of what they found.
    Job Satisfaction in Security | Information Security Leaders
    Tags: ( career )
  5. Part 2 of Ax0n's evil how-to is up.
    HiR Information Report: Evil WiFi Part 2: Metasploit Framework Setup
    Tags: ( wireless hacking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Ax0n has started a series on setting up an evil wifi attack type thing 🙂
    HiR Information Report: Evil WiFi Part 1: Jasager/Fonera Setup
    Tags: ( wifi hacking )
  2. Jennifer is pimping the Security B-Sides unconference that is occurring in Las Vegas around the same time as Blackhat. Cool stuff.
    Security Uncorked >> Security B-Sides Conference in Vegas
    Tags: ( conference security-b-sides )
  3. Zach "Quine" Lanier, the @securitytwits herder, is the next up in Raf's interview series.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: "Quine"
    Tags: ( interview )
  4. Here is the solution to the latest I Smell Packets challenge.
    Solution to Where in The World is Chris? << I Smell Packets
    Tags: ( challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }