malware

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Shhh. It's a secret, but here are some items that evil hacker types won't tell you.
    13 Things a Web Application Attacker Won't Tell You - denimgroup's posterous
    Tags: ( webappsec )
  2. Kees points us to some free training on Incident Command Systems offered by FEMA. Worth checking out.
    Incident Response and the Incident Command System - Kees Leune
    Tags: ( incident-response )
  3. David Meier's first Securosis post is live and its a good one.
    Securosis Blog | Realistic Security
    Tags: ( security-program )
  4. Those cute little snort pigs don't make very good rockets. The VRT team proves it.
    VRT: of Pigs and Rockets
    Tags: ( humor )
  5. This malware not only steals your money, it modifies your statement so you don't know you've been stolen from. Wow.
    New Malware Re-Writes Online Bank Statements to Cover Fraud | Threat Level | Wired.com
    Tags: ( malware )
  6. Looks like Microsoft's Security Essentials does a pretty good job.
    Security Fix - Stress Testing Microsoft's Free Anti-virus Offering
    Tags: ( anti-virus anti-malware microsoft )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adrian takes a look at a few database encryption myths.
    Securosis Blog | Database Encryption Misconceptions
    Tags: ( database encryption )
  2. The Infosec Cynic interviews Anton Chuvakin.
    Anton Chuvakin - Stuck In the Lift With The Cynic | The Infosec Cynic
    Tags: ( interview )
  3. A new free encryption tool is available. This one is provided by Sophos. That's pretty cool.
    Guest blog: Sophos Free Encryption | Graham Cluley's blog
    Tags: ( encryption tools sophos )
  4. Mark points out that Federal CIO Council's Information Security and Identity Management Committee released a document titled "Guidelines for Secure Use of Social Media by Federal Departments and Agencies." This is good stuff even if you aren't in the public sector.
    New Social Media "Guidelines" - Securing GovSpace
    Tags: ( social-networking guidelines )
  5. This is worth a read and a watch. It is the talk given by Matsano and Nate McFetters at last year's C4 conference. It is some guidance for independent Apple software developers. It also applies to non-apple developers too.
    Matasano Security LLC - Chargen - Indie Software Security: A ~12 Step Program
    Tags: ( sdl )
  6. Jack gives his perspective of the recent Massachusetts 201 CMR 17.00 public hearing. He was not impressed.
    Uncommon Sense Security: Making sausage, one hearing at a time
    Tags: ( law policy )
  7. The BruCon videos are up on the wiki and Xavier is also hosting a local copy.
    /dev/random >> BruCON Talks Video Mirror
    Tags: ( brucon videos )
  8. If you are having some issues with sqlninja and metasploit, take a look at this post.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Sqlninja & Metasploit
    Tags: ( sqlninja metasploit )
  9. Malware, like all software, tends to have common traits. This article talks about what some of them are.
    Categories of Common Malware Traits
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Justin has posted the slides from a talk he gave at an OWASP meeting on JavaScript exploits. Good stuff.
    Developing Security: Crossing the Border - JavaScript Exploits
    Tags: ( javascript )
  2. A nice article by Dancho talking about scareware.
    The ultimate guide to scareware protection | Zero Day | ZDNet.com
    Tags: ( malware )
  3. This is a fun article from Rsnake comparing current security practices with those observed in Star Trek. 🙂
    What Star Trek Predicts About The Future of Information Security ha.ckers.org web application security lab
    Tags: ( general )
  4. Dave Mortman is taking on Identity Management for his first project with Securosis. This should result in some good stuff. I'm looking forward to seeing what he comes up with.
    Securosis Blog | Incomplete Thought: Why Is Identity and Access Management Hard?
    Tags: ( identity-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The title says it all. SAINT 7 has been released.
    SAINT 7 released
    Tags: ( saint scanner tools )
  2. Anue Systems interviews Jack Daniel.
    Security Pros on Twitter (SPoT): Jack Daniel/@Jack_Daniel - The Network View
    Tags: ( infoec interview )
  3. Lenney Zeltser, who teaches a popular malware analysis course for SANS, has made one of his slide decks available online. The cool part, the speaker notes are included. Note: You can also watch the recorded webcast.
    Introduction to Malware Analysis - Free Webcast by Lenny Zeltser
    Tags: ( malware analysis )
  4. The T2'09 challenge is up.
    T2'09 Challenge - F-Secure Weblog : News from the Lab
    Tags: ( challenge )
  5. This is the second half of a post pointed to recently. Interesting stuff.
    >> The Internet After Dark (Part 2) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  6. So, um, all those wonderful security cameras...basically worth bupkiss in stopping or solving crime. There goes that argument for why Big Brother is your friend.
    Schneier on Security: On London's Surveillance Cameras
    Tags: ( surveillance privacy cameras )
  7. An interesting exploration of free security products.
    Plausible Deniability >> Freegan-ism: how free product might upset the anti malware space
    Tags: ( anti-virus anti-malware opinion )
  8. If you are running an FTP server on top of IIS 5 or 6 on Windows 2000, you will want to check this out and put in some extra logging if you can't turn that puppy off.
    IIS5&6 FTP Stack Overflow Zeroday : Liquidmatrix Security Digest
    Tags: ( iis ftp win2k )
  9. The author has a very good point. Worth a read.
    stop the alert(); - The HP Security Laboratory Blog | HP Web Application Security -
    Tags: ( xss )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great post with a fine collection of education resources for the security professional who wants to learn new stuff or just wants to sharpen the iron.
    System Advancements at the Monastery >> Blog Archive >> Learning By Doing: Challenges, Data Sets, and Practice Sites
    Tags: ( challenges education )
  2. Sometimes the only thing you can do is fire the cannon. Read more to understand what that means and how true it is.
    Uncommon Sense Security: Another Episode of Security Anecdote Theater
    Tags: ( general )
  3. An interesting look at internet traffic patterns for North America.
    >> The Internet After Dark (Part 1) * Security to the Core | Arbor Networks Security
    Tags: ( general )
  4. Watch out folks. Looks like SubSeven is back.
    VRT: SubSeven is back after hiatus
    Tags: ( subseven malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is pretty nifty. Going to have to play with this one.
    Security Research & Defense : Announcing OffVis 1.0 Beta
    Tags: ( office microsoft )
  2. The inaugural episode of the Cloud Security Podcast is available. Christofer and Craig are looking for feedback. Take a listen and let them know what you think.
    Introducing the Cloud Security Podcast... | Cloud Security
    Tags: ( cloud podcast )
  3. It can't be said often enough. The Riv during Defcon is a dangerous place to be from an information security perspective.
    Malicious ATM Catches Hackers | Threat Level | Wired.com
    Tags: ( defcon )
  4. This is just cool.
    Uncommon Sense Security: Announcing the Warzone Project
    Tags: ( ctf labs )
  5. Twitter is now stopping tweets with malicious urls. Someone mentioned that url shortner services can cause this control to fail, I'm not positive that is the case. Would be interesting to find out though.
    Twitter Now Filtering Malicious URLs - F-Secure Weblog : News from the Lab
    Tags: ( twitter )
  6. A good post with some tips on make your internal router and switch fabric not quite so hack worthy.
    Switch hardening on your network
    Tags: ( network-security )
  7. A new packet challenge is up.
    The Crypto Kitchen - Packet Challenge << I Smell Packets
    Tags: ( challenge )
  8. This is a bit scary. Who needs TEMPEST or other remote methods of reading keyboard actions with this type of thing.
    Hacker demos persistent Mac keyboard attack | Zero Day | ZDNet.com
    Tags: ( malware )
  9. Part of being a successful professional, information security focused or not, is the ability to be an effective presenter. You should look at this.
    Make: Online : Tips on "unpresenting"
    Tags: ( presenting )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Raf interviews Andre Gironda.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
    Tags: ( interview )
  2. Here is the solution and winners of the third PandaLabs challenge.
    3rd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  3. Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
    Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
    Tags: ( webappsec )
  4. Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
    Project Quant Version 1.0 Report and Survey Results
    Tags: ( patching )
  5. Part 3 of Ax0n's recipe for evilness.
    HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
    Tags: ( wireless hacking )
  6. Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
    Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
    Tags: ( registry malware )
  7. Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
    Looking beyond the surface ... << The Security Kitchen
    Tags: ( data-leakage )
  8. Martin points out some basic truths you should be aware of.
    Incident Response Leadership: Basic Truths : The Security Catalyst
    Tags: ( incident-response )
  9. You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
    Uncommon Sense Security: A good primer on Social Networking and Security Risks
    Tags: ( social-networks )
  10. Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
    Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. ISC has a nifty services file that also includes a bunch of ports on which different trojans and malware listen.
    http://isc.sans.org/services.html
    Tags: ( ports malware )
  2. Here's a little something to play with in your reversing lab, the Kindle machine readable source code.
    Amazon.com: Help > Digital Products Help > Amazon Kindle Wireless Reading Device > Amazon Kindle Terms, Warranties, & Notices > Source Code Notice
    Tags: ( kindle )
  3. Amusing.
    YouTube - 50 Ways to Inject Your SQL
    Tags: ( humor sql )
  4. The entire Penetration Testing and Vulnerability Analysis course at Polytechnic Institute of New York University is now available on the web for free. Very cool.
    Penetration Testing and Vulnerability Analysis - Home
    Tags: ( education )
  5. The start of what looks to be an interesting series on session attacks against ASP.NET.
    AppSec Street Fighter - SANS Institute >> Session Attacks and ASP.NET - Part 1
    Tags: ( asp.net session )
  6. Opera release version 10 of its browser yesterday and it contains something new called Unite. It should scare you if you are responsible for protecting your enterprises data assets. Any user can now quickly and, supposedly, easily setup a web server/service.
    Boaz Gelbord: Opera Invites You to Join the Cloud
    Tags: ( opera browser )
  7. A new version of Wireshark has been released. Wireshark is an awesome open source network sniffer that is very robust and full of functionality.
    Wireshark 1.2.0 released
    Tags: ( wireshark packet-capture sniffer tools )
  8. Interesting. Low bandwidth denial of service on a web server without affecting other services and easily started and stopped.
    Slowloris HTTP DoS ha.ckers.org web application security lab
    Tags: ( dos http apache )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. It will be worth keeping an eye on what happens in the future as the council goes forward.
    Hacker named to Homeland Security Advisory Council | Security - CNET News
    Tags: ( government )
  2. Looks like the spammers are up to a new trick that appears to be working at the moment.
    RTF File Spam Makes Its Way Through Filters - Security Watch
    Tags: ( spam )
  3. Nifty. Another tool to freely scan files for malware.
    Paretologic Released a New Free Online Malware Scan
    Tags: ( malware scanning )
  4. Here is an interesting way to keep some or all robots from crawling your website.
    Security - The Global Perspective: How to block robots.. before they hit robots.txt - ala: mod_security
    Tags: ( robots )
  5. Do you want to know more about DEP (Data Execution Prevention)? Check this out.
    Security Research & Defense : Understanding DEP as a mitigation technology part 1
    Tags: ( dep )
  6. A new packet challenge is up on Caesar's site.
    Caesar's Challenge << I Smell Packets
    Tags: ( challenge networking. )
  7. The Black Hat 2009 schedule is available now.
    Black Hat USA 2009 Schedule
    Tags: ( blackhat 2009 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }