javascript

Interesting Information Security Bits for 11/17/2009

by kriggins on November 17, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
Reusable Code: The Mason Jars of Security | threatpost
Tags: ( programming general )
Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
Securosis Blog | Why Successful Risk Management is Still a Failure
Tags: ( general risk-management )
I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
Tags: ( reverse-engineering javascript shellcode )
The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
Offensive Security Exploit Archive Goes live | Security Active Blog
Tags: ( exploits milw0rm )
This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
Tags: ( general )
Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
Metasploit: Metasploit Framework 3.3 Released!
Tags: ( metasploit webappsec pentesting )
Here is a quick how-to describing a method to decompile flash files.
Carnal0wnage Blog: Decompiling Flash Files with SWFScan
Tags: ( flash decompile webappsec )
An interesting article that explores some real-life cross subdomain exploits.
Real-Life Examples of Cross-Subdomain Issues | Social Hacking
Tags: ( cross-subdomain webappsec )
This is going to be a very cool project. Get involved.
Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Interesting Information Security Bits for 09/21/2009

by kriggins on September 21, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

Justin has posted the slides from a talk he gave at an OWASP meeting on JavaScript exploits. Good stuff.
Developing Security: Crossing the Border - JavaScript Exploits
Tags: ( javascript )
A nice article by Dancho talking about scareware.
The ultimate guide to scareware protection | Zero Day | ZDNet.com
Tags: ( malware )
This is a fun article from Rsnake comparing current security practices with those observed in Star Trek. 🙂
What Star Trek Predicts About The Future of Information Security ha.ckers.org web application security lab
Tags: ( general )
Dave Mortman is taking on Identity Management for his first project with Securosis. This should result in some good stuff. I'm looking forward to seeing what he comes up with.
Securosis Blog | Incomplete Thought: Why Is Identity and Access Management Hard?
Tags: ( identity-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Interesting Information Security Bits for 05/14/2009

by kriggins on May 14, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

Do you trust your web application firewall? If so, you might want to rethink that decision.
Researchers Hack Web Application Firewalls - DarkReading
Tags: ( waf )
Alex has posted another good. It is very much worth reading and thinking about.
Richard Bejtlich's Quantum State << The New School of Information Security
Tags: ( risk-management risk-analysis )
A nifty article on how to use hackvertor to de-obfuscate javascript.
The Spanner - Hackvertor obfuscated code tutorial
Tags: ( malware javascript )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Interesting Information Security Bits for 01/13/2009

by kriggins on January 13, 2009

in Interesting Bits

In today's Bits post we take a look browser bugs, Blackberry Server bugs, fun with hardware hacking, defining effectiveness, the Source Boston schedule, Incident Response Management, and Downadup.

Oh look, it's a browser bug. How novel. (yes, that was sarcasm and this appears to be pretty nasty)
Browser bug could allow phishing without e-mail - Network World
Tags: ( vulnerability browser javascript phishing )
Time to patch your Blackberry Servers.
RIM issues security patches for BlackBerry | Security - CNET News
Tags: ( pdf vulnerability blackberry patches rim )
Didier's been playing with some hardware. Nifty stuff.
A Hardware Tip for Fuzzing Embedded Devices << Didier Stevens
Tags: ( hardware hacking embedded devices phidgets )
Read this post. Also read the comments. Some good device and a very workable definition of effectiveness and where efficiency and optimization come into play.
Verizon Business Security Blog >> Blog Archive >> What is an "effective" Control?
Tags: ( control effectiveness )
The Source Boston 2009 sessions have all been solidified and the schedule is up and ready for you perusal. Have fun. I so wish I was going to be there.
Source Boston - Sessions
Tags: ( source conferences )
A nice article about Incident Response Management from Kees.
Incident Response Management - Kees Leune Information Security Blog
Tags: ( management incident response )
Wow. Take look at what F-Secure is doing and what they have found out. This botnet appears to be huge.
How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
Tags: ( )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]