mitm

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up at I Smell Packets.
    Packet Challenge - Name that Exploit << I Smell Packets
    Tags: ( challenge packet-capture )
  2. This is an interesting post with some thoughts that can be extended well beyond virtualization.
    View Yonder >> Free the Gladiators!
    Tags: ( virtualization )
  3. This time a peak at php and sessions.
    AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
    Tags: ( session )
  4. Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
    On "PCI Letter"
    Tags: ( pci letter )
  5. Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
    Shutting Down XSS with Content Security Policy at Mozilla Security Blog
    Tags: ( csp mozilla )
  6. Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
    Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
    Tags: ( cloud )
  7. The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
    Apache HTTP DoS tool mitigation
    Tags: ( apache dos )
  8. RSnake take a look at detecting man-in-the-middle proxies.
    Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
    Tags: ( mitm )
  9. Lori offers some thoughts on IPv6 that you should also be thinking about.
    You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
    Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Beware of visiting sites that contain sensitive information on public networks. SSLStrip makes it even easier for the bad guys to get you.
    Hacker pokes new hole in secure sockets layer * The Register
    Tags: ( ssl mitm )
  2. Yup, another vulnerability in Adobe Reader. This one has active exploits and won't be patched until mid-March. Be careful out there.
    New in-the-wild attack targets fully-patched Adobe Reader * The Register
    Tags: ( exploit vulnerability adobe reader )
  3. Kees talks to us about some issues we need to be aware of when thinking about access to sensitive information.
    Handling sensitive information - Kees Leune Information Security Blog
    Tags: ( access control )
  4. Don tells us to ask why. Good stuff in here.
    Security Ripcord >> Blog Archive >> Incident Response Lessons Learned
    Tags: ( incident response )
  5. Some good questions to consider when you are selecting you next vendor for a pen test.
    How to choose a Pen Tester << Steven Branigan's Blog
    Tags: ( pentesting )
  6. It's coming up. If you are in the heartland, this is a good option, particularly if cost is an issue.
    Carnal0wnage Blog: ChicagoCon 2009s is coming up!
    Tags: ( conference chicagocon )
  7. An interesting paper about Banking Trojans.
    Bank details uncovered - PandaLabs
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. You've probably already seen this, but if you haven't, Kaspersky had a little problem this weekend. They did get it corrected quickly.
    Kaspersky database exposed | Security and the Net
    Tags: ( vulnerability sql )
  2. Folks, as Graham says, secret is secret. Don't chatter about stuff on Facebook, Twitter, etc. that should be secret. Seems obvious, but apparently, some people are quite adept at missing the elephant standing in the room.
    Congressman Twitters secret trip to Iraq | Graham Cluley's blog
    Tags: ( privacy socialnetworking confidentiality )
  3. If you use OpenDNS as your name resolution provider, which I heartily recommend, you will have some additional protection in place this week.
    OpenDNS to step up fight against Conficker worm
    Tags: ( malware opendns conficker worms )
  4. A nice primer on DLP.
    What You Really Need To Know About Data Loss Prevention - insider threats/Management - DarkReading
    Tags: ( dlp )
  5. A nice post with some good recommendations.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: People Hacking 101: How to Infiltrate a Credit Agency
    Tags: ( data-leakage )
  6. The 2008 SANS Salary Survey is available.
    salary_survey_2008.pdf (application/pdf Object)
    Tags: ( salary )
  7. The latest Ethical Hacker Network challenge is up. Go get'em!
    The Ethical Hacker Network - Brady Bunch Boondoggle
    Tags: ( challenge )
  8. A new man-in-the-middle tool is available. It was released a Schmoo Con this weekend. Mubix has a copy for us if you are interested in playing with it.
    The Middler gets released at ShmooCon! - Room362.com
    Tags: ( pentest mitm )
  9. New version available of Samurai.
    Samurai LiveCD version 0.4 released | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( tools samarai )
  10. Something to think about. BTW - You might want to think about leaving your garage door opener in your vehicle. Or locking the door from the garage to the house if you do.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: Your GPS is evil
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }