linux

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Gunnar says what I have been thinking about the whole APT argument, only much better than I could.
    1 Raindrop: I Can See APT From Here
    Tags: ( apt )
  2. Anyone who does forensics or needs to deal with Linux machines should be aware of how the /etc/fstab file works. Sometimes to can find interesting things by peaking in there.
    How to edit and understand /etc/fstab
    Tags: ( linux filesystem fstab )
  3. This is just very cool. A very neat visualization of historical browser use statistics.
    http://www.michaelvandaniker.com/labs/browserVisualization/
    Tags: ( visualization )
  4. This is an interesting treatment of what cloud computing is.
    Elemental Cloud-o-gram : elemental cloud computing
    Tags: ( cloud )
  5. This is the one of the big questions you have to answer when you consider moving your sensitive corporate and customer data to externally hosted cloud services.
    Thoughts on Secure Multi-Tenancy - Chuck's Blog
    Tags: ( cloud multi-tenancy )
  6. Hmm, doesn't look like the basis for Google claiming the Chinese are behind the Aurora attacks is quite as cut and dried as presented.
    'Aurora' code circulated for years on English sites * The Register
    Tags: ( google aurora )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Verizon has released their 2009 Data Breach report. I haven't read it yet, but below are a few people's first thoughts on the report.
    Verizon Business Security Blog >> Blog Archive >> The 2009 Data Breach Investigations Report
    Tags: ( reports )
  2. Martin's first pass at the PCI specific portions of the Verizon report.
    Network Security Blog >> Verizon Data Breach Investigation: The numbers say PCI IS important
    Tags: ( reports )
  3. David's first take on the Verizon report.
    Initial Thoughts on the 2009 Verizon DBIR << The New School of Information Security
    Tags: ( reports )
  4. Shrdlu's take on the Verizon report.
    Once more into the breach report.
    Tags: ( reports )
  5. Time to patch those Oracle installations.
    Oracle delivers major security patch update - Network World
    Tags: ( oracle patches vulnerability )
  6. Interesting article on a sneaky way to get a linux rootkit into the kernel.
    New Attack Sneaks Rootkits Into Linux Kernel - DarkReading
    Tags: ( linux rootkit )
  7. Some good thoughts on risk management and what it means.
    Ascension Blog >> Musing on Risk
    Tags: ( infosec risk-management )
  8. A Q&A with Johnny Long whose new ihackcharities.org website was unveiled recently.
    Q&A: Johnny Long - Christian, Pirate, Hacker, Ninja - Security
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. Folks, please be careful what you put on your Facebook pages. Don't let something like this happen to you. Police: Facebook hacker gets student's nude photos Tags: ( privacy facebook )
  2. Some video of Dino Dai Zovi, Rich Mogull, Christofer Hoff being interviewed by Dennis Fisher on virtualization. Rational Survivability: Virtualization & Security: Disruptive Technologies - A Four Part Video Miniseries... Tags: ( virtualization )
  3. When to use the carrot and when to use the stick? Both good questions. Shrdlu has some advice for us. Carrot-sticks and security. Tags: ( enforcement )
  4. What happens when you need endpoint DLP on Windows, Mac and Linux all at once? The answer, nothing easy 😉 Is There Any DLP or Data Security On Mac/Linux? | securosis.com Tags: ( dlp )
  5. This looks to be like a whole lot of fun. If you are close, it should go on your list of things to do. HiR Information Report: Cowtown Computer Congress Grand Opening [Kansas City] Tags: ( hackerspace )
  6. Erik has part 3 of his securing Linux series up. Art of Information Security >> Secure Your Linux Host - Part 3: Why A Host Firewall ? Tags: ( linux )
  7. A nice beginning to what looks to be an interesting series. ShackF00 >> BS Filtering for CISOs: An Introduction Tags: ( ciso )

That's it for today. Have fun! Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You probably already are aware of this. Monster.com has indicated that they have suffered a breach. The evil doers have pretty much everything you ever put into Monster that you would consider sensitive.
    Monster.com suffers database breach deja vu * The Register
    Tags: ( breach monstor )
  2. Andrew has a nifty little script you can use to remotely check the time on your windows boxen.
    Andrew Hay >> Blog Archive >> Quick Script to Remotely Check Windows System Time
    Tags: ( tools windows scripts time )
  3. Sensepost has a challenge up regarding reverse engineering an FTP server. Give it a go.
    QoW: Software Reversing and Exploitation
    Tags: ( challenge exploit software reversing )
  4. Alex calls PCI security through obscurity.
    The Source of PCI DSS "Failure" | RiskAnalys.is
    Tags: ( pci )
  5. Chris disagrees with Alex's notion that PCI is security through obscurity.
    PCI-DSS Is Not About "Security by Obscurity" << Risktical Ramblings
    Tags: ( pci )
  6. A nice set of links to good articles on cloud computing. Includes some security related info too.
    Hat Tip: http://rationalsecurity.typepad.com/blog/2009/01/cloud-security-link-love-monk-style.html
    System Advancements at the Monastery >> Blog Archive >> Recent Cloud Postings
    Tags: ( cloud )
  7. Part 2 of Erik's series on Security Your Linux Host is available.
    Art of Information Security >> Secure Your Linux Host - Part 2: Secure SSH
    Tags: ( linux securing )
  8. Nice walk through of an XSS attack.
    Hat tip: @lbhuston
    Anatomy of an XSS Attack
    Tags: ( xss )
  9. A nice exploration of Skype and its use in your environment.
    Skype, is it right for you?
    Tags: ( skype )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Another day of great content. Enjoy.

Here are today's Interesting Information Security Bits from around the web.

  1. VeriSign has stepped up and offered replacement SSL certs free of change to all customers with MD5-based certs. They have also implemented SHA-1 for all certs now. Should have happened much earlier, but at least they were quick in there response.
    VeriSign addresses MD5 flaw
    Tags: ( vulnerability ssl general cert )
  2. Good guidance for us all and some suggestions on how to go about doing it.
    Know your network to keep it secure :: SearchNetworking.com.au
    Tags: ( network )
  3. Forrester is indicating that security spending may be taking a bigger chunk of IT spending in 2009.
    Despite Economy, Security Spending To Increase In 2009 - security industry/Management - DarkReading
    Tags: ( general spending 2009 )
  4. Oops. Trusted Execution Technology might not deserve to be trusted as much as we were lead to believe.
    Researchers hack into Intel's vPro - Network World
    Tags: ( txt )
  5. This is nifty. A nice visualization of botnet IRC channel joins.
    Flashy botnet is Flashy - F-Secure Weblog : News from the Lab
    Tags: ( botnet visualization )
  6. Erik has part 1 of a series that will address securing our Linux hosts.
    Art of Information Security >> Secure Your Linux Host - Part 1: Foundations...
    Tags: ( linux securing )
  7. Donald points us to a paper written by Brett Shavers about virtual machines and forensics analysis. I just added it to my stack of stuff to read.
    Forensic reading - Malta Info Security
    Tags: ( forensics virtualization vmware )
  8. A very good read. Well written and has a good point.
    Could the Titanic have changed course? | The Guerilla CISO
    Tags: ( general compliance checklists )
  9. I have pointed to all the previous parts of the this series of posts. The first paragraph has links to them also. I really like how they have brought all the previous posts together by showing some use cases. Well done.
    Building a Web Application Security Program, Part 8: Putting It All Together | securosis.com
    Tags: ( webappsec program )
  10. Adam points us to Maine's Data Breach Study. He points out some interesting tidbits. Enough that I have grabbed the study for reading later.
    Emergent Chaos: Maine Breach Study
    Tags: ( data breach study maine )
  11. Damon has a very nice guest post up on Jennifer Leggio's Feeds blog. It reaches beyond the issues that Twitter was dealing with this weekend.
    The inevitable rise (and fall?) of 'twishing' | Feeds | ZDNet.com
    Tags: ( twitter phishing social-networks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. If any of these apply to your organization you have some work to do.
    http://www.networkworld.com/news/2008/121008-the-seven-deadly-sins-of.html
    Tags: ( program )
  2. Looks like there is another 0-day out.
    Microsoft looking into WordPad zero-day flaw | Security - CNET News
    Tags: ( vulnerability microsoft wordpad )
  3. Shrdlu offers some good suggestions on preparing for next year.
    Layer 8: Out with the old, in with the new.
    Tags: ( general )
  4. Nifty. Five security related distributions in one.
    Ask and you shall receive - SumoLinux - Room362.com
    Tags: ( tools linux distro )
  5. Rich puts to paper (work with me) the same thoughts I had when I read about the direction China is thinking of taking in regards to technical information of products entering China.
    A Good (Potential) Risk Management IQ Test For Management | securosis.com
    Tags: ( general )
  6. Google gives a nifty resource.
    Google's Browser Security Handbook | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( security browser google books )
  7. Part 5 of this great series is now available. If you haven't read the previous parts, they are linked in the first paragraph.
    Building a Web Application Security Program, Part 5: Secure Development | securosis.com
    Tags: ( webappsec program )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }