ipv6

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up at I Smell Packets.
    Packet Challenge - Name that Exploit << I Smell Packets
    Tags: ( challenge packet-capture )
  2. This is an interesting post with some thoughts that can be extended well beyond virtualization.
    View Yonder >> Free the Gladiators!
    Tags: ( virtualization )
  3. This time a peak at php and sessions.
    AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
    Tags: ( session )
  4. Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
    On "PCI Letter"
    Tags: ( pci letter )
  5. Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
    Shutting Down XSS with Content Security Policy at Mozilla Security Blog
    Tags: ( csp mozilla )
  6. Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
    Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
    Tags: ( cloud )
  7. The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
    Apache HTTP DoS tool mitigation
    Tags: ( apache dos )
  8. RSnake take a look at detecting man-in-the-middle proxies.
    Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
    Tags: ( mitm )
  9. Lori offers some thoughts on IPv6 that you should also be thinking about.
    You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
    Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks 🙂
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }