javascript

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
    Reusable Code: The Mason Jars of Security | threatpost
    Tags: ( programming general )
  2. Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
    Securosis Blog | Why Successful Risk Management is Still a Failure
    Tags: ( general risk-management )
  3. I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
    Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
    Tags: ( reverse-engineering javascript shellcode )
  4. The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
    Offensive Security Exploit Archive Goes live | Security Active Blog
    Tags: ( exploits milw0rm )
  5. This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
    Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
    Tags: ( general )
  6. Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
    Metasploit: Metasploit Framework 3.3 Released!
    Tags: ( metasploit webappsec pentesting )
  7. Here is a quick how-to describing a method to decompile flash files.
    Carnal0wnage Blog: Decompiling Flash Files with SWFScan
    Tags: ( flash decompile webappsec )
  8. An interesting article that explores some real-life cross subdomain exploits.
    Real-Life Examples of Cross-Subdomain Issues | Social Hacking
    Tags: ( cross-subdomain webappsec )
  9. This is going to be a very cool project. Get involved.
    Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
    Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Justin has posted the slides from a talk he gave at an OWASP meeting on JavaScript exploits. Good stuff.
    Developing Security: Crossing the Border - JavaScript Exploits
    Tags: ( javascript )
  2. A nice article by Dancho talking about scareware.
    The ultimate guide to scareware protection | Zero Day | ZDNet.com
    Tags: ( malware )
  3. This is a fun article from Rsnake comparing current security practices with those observed in Star Trek. 🙂
    What Star Trek Predicts About The Future of Information Security ha.ckers.org web application security lab
    Tags: ( general )
  4. Dave Mortman is taking on Identity Management for his first project with Securosis. This should result in some good stuff. I'm looking forward to seeing what he comes up with.
    Securosis Blog | Incomplete Thought: Why Is Identity and Access Management Hard?
    Tags: ( identity-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Do you trust your web application firewall? If so, you might want to rethink that decision.
    Researchers Hack Web Application Firewalls - DarkReading
    Tags: ( waf )
  2. Alex has posted another good. It is very much worth reading and thinking about.
    Richard Bejtlich's Quantum State << The New School of Information Security
    Tags: ( risk-management risk-analysis )
  3. A nifty article on how to use hackvertor to de-obfuscate javascript.
    The Spanner - Hackvertor obfuscated code tutorial
    Tags: ( malware javascript )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

In today's Bits post we take a look browser bugs, Blackberry Server bugs, fun with hardware hacking, defining effectiveness, the Source Boston schedule, Incident Response Management, and Downadup.

  1. Oh look, it's a browser bug. How novel. (yes, that was sarcasm and this appears to be pretty nasty)
    Browser bug could allow phishing without e-mail - Network World
    Tags: ( vulnerability browser javascript phishing )
  2. Time to patch your Blackberry Servers.
    RIM issues security patches for BlackBerry | Security - CNET News
    Tags: ( pdf vulnerability blackberry patches rim )
  3. Didier's been playing with some hardware. Nifty stuff.
    A Hardware Tip for Fuzzing Embedded Devices << Didier Stevens
    Tags: ( hardware hacking embedded devices phidgets )
  4. Read this post. Also read the comments. Some good device and a very workable definition of effectiveness and where efficiency and optimization come into play.
    Verizon Business Security Blog >> Blog Archive >> What is an "effective" Control?
    Tags: ( control effectiveness )
  5. The Source Boston 2009 sessions have all been solidified and the schedule is up and ready for you perusal. Have fun. I so wish I was going to be there.
    Source Boston - Sessions
    Tags: ( source conferences )
  6. A nice article about Incident Response Management from Kees.
    Incident Response Management - Kees Leune Information Security Blog
    Tags: ( management incident response )
  7. Wow. Take look at what F-Secure is doing and what they have found out. This botnet appears to be huge.
    How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
    Tags: ( )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }