interviews

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Hoff points to an interesting project that addresses the distributed authentication issue in web based systems.
    MashSSL - An Excellent Idea You've Probably Never Heard Of... | Rational Survivability
    Tags: ( authentication ssl web )
  2. Get your Security Threat Report 2010 while it's hot!
    Sophos Security Threat Report 2010 | Graham Cluley's blog
    Tags: ( threats reports )
  3. Jennifer is involved in a few talks at Security BSides San Fran. Vote for her!
    Security Uncorked >> The Skinny on Security BSides San Francisco
    Tags: ( conferences bsides )
  4. The finalists for the Social Security Blogger Awards 2010 have been selected.
    The Ashimmy Blog: Envelope please, and the winners are . . .
    Tags: ( awards )
  5. Very cool. Encrypt your logs before sending them across the wire.
    Immutable Security >> Using OSSEC for Encrypted Log Transport
    Tags: ( logging encryption ossec )
  6. Similar to the Amazon EC2 experiment last year, this time it is done with Microsoft's Azure.
    Breaking Password Based Encryption with Azure - Gotham Digital Science
    Tags: ( passwords cracking cloud )
  7. Looks like status quo for the PCI DSS this year.
    Security.exe - Powered by The CISO Group >> Blog Archive >> No major changes to PCI DSS in 2010, but watch for chip and pin in the future
    Tags: ( pci )
  8. Graham points out something those who use twitter should be aware of. Lists as spamming tools.
    Twitter list spam
    Tags: ( lists )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Jack Daniel
    Tags: ( interview d-list )
  2. Challenge 1 of the Forensic Challenge 2010 - pcap attack trace | The Honeynet Project
    Tags: ( challenge forensics )
  3. German Government: Don't use Internet Explorer | Graham Cluley's blog
    Tags: ( wepabbsec ie )
  4. Andrew Hay >> Blog Archive >> Get the Free Andrew Hay iTunes App
    Tags: ( general )
  5. /dev/random >> Adding Data Leakage Protection into Apache
    Tags: ( dlp apache )
  6. Metasploit: Reproducing the "Aurora" IE Exploit
    Tags: ( metasploit google aurora malware exploit )
  7. A checklist approach to security code reviews, part 4 << Security Ninja
    Tags: ( assessment wepappsec code-review )
  8. Would You Have Spotted the Fraud? -- Krebs on Security
    Tags: ( atm skimming )
  9. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Benjamin Tomhave
    Tags: ( interview d-list )
  10. Roger's Security Blog : Leveraging Data Execution Prevention (DEP)
    Tags: ( system-hardening )
  11. Following Google's Lead on Security? Don't Forget to Encrypt Cookies
    Tags: ( webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Woot! ShmooCon will be video streaming the conference live!
    ShmooCon 2010 - Latest News
    Tags: ( conferences video shmoocon )
  2. Here is a very reasoned look at the recently announce flaw in certain FIPS140-2 certified USB devices.
    Is FIPS 140-2 Fatally Flawed? | Optimal Security: The Lumension Blog
    Tags: ( fips140-2 usb )
  3. Andrew's next D-list interview is up. This time it's Chris Boyd, more affectionately known as paperghost. I haven't had the pleasure of meeting Chris is real life, but I have in the land of the intarwebs.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Chris Boyd
    Tags: ( interviews )
  4. Dennis shares some thoughts on first steps in getting an information security program up and running from scratch.
    Security From Scratch: Getting the Lay of the Land : The Security Catalyst
    Tags: ( program )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Like the title below says, a new version of the SANS Consensus Audit Guidelines has been published.
    New Version of SANS 20 Critical Security Controls is Available << Security is Golden
    Tags: ( sans )
  2. Chet offers up some tips on being a safer Twitter user in 2010.
    12 tips of Christmas - A safer Twitter for 2010 | Chester Wisniewski's Blog
    Tags: ( twitter safety )
  3. Surprise, surprise. Another adobe reader o-day vulnerability.
    New Adobe 0-day
    Tags: ( adobe vulnerability 0day )
  4. If you are concerned about your privacy as you surf the internet you should read this article. It provides some guidance on doing so in a more anonymous manner.
    How to surf anonymously without a trace
    Tags: ( privacy internet )
  5. Wow. Andrew is really cranking out the interviews. This time it is another good friend, Michael Santarcangelo.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Michael Santarcangelo
    Tags: ( interviews )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I think I pointed to part 1 of this article, but can't remember and am a bit too lazy at the moment to go look 🙂 Either way, the second part is up and you will find a link to the first part inside. It is some pretty cool stuff from a visualization perspective.
    Detailed look at using Circos for IT Investigation - Part II << fifth.sentinel
    Tags: ( tools )
  2. This is a must read. I'm not saying anything else other than go read it. Now. Hurry!
    Verizon Business Security Blog >> Blog Archive >> 2009 Data Breach Investigations Supplemental Report
    Tags: ( verizon dbir )
  3. Heh. The first of a series of interviews by Andrew.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Paul Asadoorian
    Tags: ( interviews )
  4. Here is an interesting perspective on the wonderful addition of Google and Bing integrating Facebook and Twitter status updates into search results.
    Google, Bing open new criminal opportunities by adding Twitter, Facebook feeds | The Last Watchdog
    Tags: ( malware facebook twitter search google )
  5. The Social Security Blogger Awards will be happening again at RSA 2010. If you have a security blog and want to be considered you need to become a member of the Security Bloggers Network. Check inside for details.
    The Ashimmy Blog: Social Security Blogger Awards 2010
    Tags: ( sbn awards )
  6. Chris's slides and handouts from his State of (In)Security talk at the 2009 MN-GTS conference are available for a short while.
    Dr. InfoSec: MN-GTS - The State of (In)Security in 2009
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Sorry for the missing Bits posts on Friday and yesterday. I took Friday off and just didn't get it done yesterday. Therefore, we have quite a crop today.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is an interesting article on how Mozilla finds bugs that crash their products.
    How Mozilla finds crash bugs at Mozilla Security Blog
    Tags: ( mozilla )
  2. Here is a handy list of on-line malware scanners.
    List of Online Malware Scanners | PenTestIT
    Tags: ( tools malware scanners )
  3. The last of the three Panda challenges is up. I understand some answers have already been submitted, but you never know, they could be wrong.
    Panda Challenge: Hard Level - PandaLabs
    Tags: ( challenge )
  4. Wow. Just wow.
    I Can Has UR .htaccess File
    Tags: ( twitter )
  5. Raf's next interview. This time he talks to Mike "mckt" Bailey.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: "mckt"
    Tags: ( interviews )
  6. RSnake finds some interesting things you can do with/to wget.
    wget DNS-rebinding and Weak Intranet Port Scanning ha.ckers.org web application security lab
    Tags: ( wget )
  7. Here some information for you if you are interested in hacking your Defcon 17 badge.
    DC17 Badge Pre-Release Information - Defcon Forums
    Tags: ( defcon17 )
  8. Answers to the 2nd Panda Challenge.
    2nd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  9. Raf interviewed Mubix for the first of a series of interviews of security folk.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Mubix
    Tags: ( interview )
  10. An interesting article which brings up some good points. I would add password age to this type of consideration also, provided compensating controls are in place like lockouts as presented in the paper.
    Do Strong Web Passwords Accomplish Anything? (PDF)
    Tags: ( passwords )
  11. Inferno put together a couple things and came up with a fairly scaring attack on CRSF tokens.
    Hacking CSRF Tokens using CSS History Hack | SecureThoughts.com
    Tags: ( hacking crsf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }