iPhone

It is Thanksgiving Day week in the U.S. and that means a couple of days off. I decided to tack on an extra day and won't be working tomorrow either. Yay! Five days off in a row.

Anywho, I will also be taking those days off from the Interesting Bits posts so this one will have to tide you over until Monday 🙂

Here are today's Interesting Information Security Bits from around the web.

  1. 10 things to think about not doing when on Facebook. This list will keep you safer.
    Errata Security: 10 Facebook Don'ts
    Tags: ( facebook )
  2. Is your iPhone infected with the Duh worm? Paul tells us how to clean it up.
    How to clean up the Duh iPhone worm | Paul Ducklin's blog
    Tags: ( iphone worm )
  3. Russel is looking for some collaborators on an research project he is working on. It looks to be very interesting. From his post: "The topic is the arms race between attackers and defenders from the perspective of innovation rates and "evolutionary success" - the Red Queen problem (running just to stand still). Here's a sample research question: "can bureaucracies (defenders) keep up with a decentralized black market (attackers)?", and similar." Read the rest of the post and drop him a line if you are interested.
    Information Security as an Evolutionary Arms Race - Research Collaborators Wanted << The New School of Information Security
    Tags: ( research )
  4. Shrdlu once again has penned an article that you should go read. Metrics are great, but they have to mean something.
    The meaning of metrics
    Tags: ( metrics risk )
  5. There is 0-day out there for IE 6 and IE 7. Microsoft's recommendation in some cases is to upgrade to IE 8. Um, oops.
    Major IE8 flaw makes 'safe' sites unsafe
    Tags: ( ie vulnerabilities )
  6. An interesting post that explores a conundrum that some organizations face when trying to comply with PCI. What happens when some of what I do requires me to be out of compliance with PCI-DSS?
    Branden Williams's Security Convergence Blog >> Multi-Function Service Providers, What To Do?
    Tags: ( pci )
  7. From the post: "We have uploaded the audio recording of select talks from the Ohio Information Security Summit that took place October 29-30, 2009 in Cleveland, Ohio." Looks like some good stuff is available. Check out the post for the details.
    Security Justice >> Blog Archive >> Select Talks from ISS2009 Now Available for Download
    Tags: ( audo conferences talks )
  8. A new tool is available that shows some interesting things about the internet.
    Room362.com - Blog - SHODAN The Computer Search
    Tags: ( tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andy poses the question (paraphrased) "You get to build a security program from the ground up. How do you go about it?" Go over and offer your thoughts.
    Building a security program from the ground up >> Andy ITGuy
    Tags: ( infosec-program )
  2. Want to learn how to write exploits. You should really check out Dino's exploitation class. I'll be going through it at my earliest convenience. Oh, and by the way, it's free.
    Penetration Testing and Vulnerability Analysis - Exploitation
    Tags: ( class education explolits )
  3. From the site: A group of PenTesters/Researchers have gotten together with the purpose of posting their useful scripts. Feel free to submit your scripts, we will gladly review them, even post them crediting you. You can submit them at scripts@pentesterscripting.com
    start [PenTester Scripting]
    Tags: ( pentest scripts tools )
  4. Some interesting thoughts that Richard shares from a talk given by Michael Hayden.
    TaoSecurity: Notes from Talk by Michael Hayden
    Tags: ( general )
  5. I agree with the Infosec Cynic. Allowing non-Latin characters is going to open up a whole new way for evil to be propagated.
    International Websites | The Infosec Cynic
    Tags: ( dns )
  6. If you haven't heard yet, there is a worm running around that Rick Rolls iPhones that have been jailbroken. This post isn't really about the worm, but about the individual who wrote, released and then talked about doing it.
    Worm author tells media he initially infected 100 iPhones | Graham Cluley's blog
    Tags: ( general worm iphone )
  7. A nifty use of netcat to image a drive over the network.
    How-to: Cloning a (Laptop) Hard Drive using DD over the network | Roer.com - Kai Roer's Rants on Infosec
    Tags: ( backup imaging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very interesting blog post. The obvious is not always where you should be looking.
    Developing Security: The Curious Case of the Careless Civic
    Tags: ( incident-response )
  2. CIS has a free benchmark for the iPhone available. If you are familiar with their efforts in the world of Windows and others, you will know that they put out quality stuff.
    CIS issues free benchmark on iPhone security
    Tags: ( cis benchmark iphone )
  3. Russ points out that Applicure has a free tool, WebTuff, available that will test you systems for the IIS 5-6 WebDAV vulnerability.
    HolisticInfoSec.org: WebTuff checks for WebDAV vulnerability
    Tags: ( tools webdav )
  4. Defcon has a new area that archives tools talked about at the conference. Thanks to Rob Fuller for helping out.
    DEFCON(r) Hacking Conference - Archive of Hacking Tools Released at DEFCON
    Tags: ( defcon tools )
  5. Chris has posted some tips and guidance on things to consider when issuing an RFP for your QSA vendor. First read it for just that. Then replace QSA with penetration test, consulting gig, etc. These are great tips for all RFP processes.
    QSA Vendor Selection - Points of Consideration << Risktical Ramblings
    Tags: ( rfp )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Interesting repercussions of if the speeds on this get higher and the file hash issue can be resolved.
    Air Force engineers develop BitTorrent sniffer - Ars Technica
    Tags: ( sniffer bittorrent )
  2. Three papers we could all probably benefit from looking at. My reading pile is growing.
    Holy cow! The infrastructure has gone critical * The Register
    Tags: ( whitepapers )
  3. Might want to be careful what passwords you allow your iPhone to remember.
    TippingPoint | DVLabs | What Security Are You Talkin 'Bout Willis?
    Tags: ( passwords ipone )
  4. Ed Skoudis has produced some nifty cheat sheets for us. One for Windows command line tools, one for netcat, and one for attack tools like metasploit, meterpreter, etc.
    <--InGuardians --> Defensive Intelligence
    Tags: ( windows netcat tips metasploit cheatsheets )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Rich Mogull has a post up that points to the New Identity Theft Stats provided by Debix. Interesting to actually see some numbers.

Amrit Williams has some interesting thoughts on the iPhone creating a mobile malware tipping point.

Russell Handorf gives us some guidance on How-to easily deploy honeypots for production networks.

Kai Roer gives us a look at how someone might go about gathering information about you or your company.

I came across this from friend feed. SecurityTube.net - videos for security folks. Some interesting stuff there.

Finally, are you a computer security professional. Read the the article and see how many of the observations you agree with or exhibit.

Have a good day.

Kevin

Technorati Tags: , , , , ,

{ 0 comments }