Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- I mentioned this white paper when I did my RSA Europe recap back in October. It is worth a read. * the link goes directly to the PDF
Web 2.0 Security and Privacy
Tags: ( privacy enisa ) - Here are some things you can do to protect yourself against the 0-day exploit that works against IE7.
Microsoft talks up countermeasures to fend off new IE attacks
Tags: ( vulnerability microsoft ie7 ) - Adding to the growing pile of recent 0-day exploits for Microsoft products, there appears to be one for SQL Server.
Security pros groan as zero-day hits Microsoft's SQL Server * The Register
Tags: ( exploit vulnerability 0day sqlserver micrsoft ) - Some good general guidance for how to react in the event you have a data breach. I would offer that it is good advice for everybody involved and not just the CIO.
How a CIO should deal with aftermath of a data breach
Tags: ( data breach ) - looks like Cisco is in for a legal fight.
Cisco sued by Free Software Foundation for copyright infringement - Network World
Tags: ( general ) - Innismir weighs in on the recent meme of penetration testing being dead. He, like most of us involved in the discussion, doesn't think its dead either.
innismir.net -- Pentration Testing - Not Quite Dead Yet
Tags: ( pentest ) - Rich brings up some good points. Worth reading and thinking about.
How The Cloud Destroys Everything I Love (About Web App Security) | securosis.com
Tags: ( cloud webappsec ) - WhiteHat Security's quarterly report on website security statistics is available for download. This is the sixth one they have put out. Good stuff in there.
Jeremiah Grossman: Sixth Quarterly Website Security Statistics Report
Tags: ( general reports ) - Jeremiah offers some really good guidance for justifying your budget for web application security spending.
Jeremiah Grossman: Budgeting for Web Application Security
Tags: ( webappsec ) - Here's a framework for SAP pen testing.
sapyto v0.98 Released - SAP Penetration Testing Framework Tool | Darknet - The Darkside
Tags: ( pentest sap ) - You can't make this stuff up. Remember folks, you have to make sure that all data is removed form devices before you get rid of them.
Liquidmatrix Security Digest >> McCain Campaign Sells Off... Data?
Tags: ( data leakage )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
{ 2 comments }