mitm

Interesting Information Security Bits for 06/23/2009

by kriggins on June 23, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

A new packet challenge is up at I Smell Packets.
Packet Challenge - Name that Exploit << I Smell Packets
Tags: ( challenge packet-capture )
This is an interesting post with some thoughts that can be extended well beyond virtualization.
View Yonder >> Free the Gladiators!
Tags: ( virtualization )
This time a peak at php and sessions.
AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
Tags: ( session )
Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
On "PCI Letter"
Tags: ( pci letter )
Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
Shutting Down XSS with Content Security Policy at Mozilla Security Blog
Tags: ( csp mozilla )
Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
Tags: ( cloud )
The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
Apache HTTP DoS tool mitigation
Tags: ( apache dos )
RSnake take a look at detecting man-in-the-middle proxies.
Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
Tags: ( mitm )
Lori offers some thoughts on IPv6 that you should also be thinking about.
You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Interesting Information Security Bits for 02/20/2009

by kriggins on February 20, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

Beware of visiting sites that contain sensitive information on public networks. SSLStrip makes it even easier for the bad guys to get you.
Hacker pokes new hole in secure sockets layer * The Register
Tags: ( ssl mitm )
Yup, another vulnerability in Adobe Reader. This one has active exploits and won't be patched until mid-March. Be careful out there.
New in-the-wild attack targets fully-patched Adobe Reader * The Register
Tags: ( exploit vulnerability adobe reader )
Kees talks to us about some issues we need to be aware of when thinking about access to sensitive information.
Handling sensitive information - Kees Leune Information Security Blog
Tags: ( access control )
Don tells us to ask why. Good stuff in here.
Security Ripcord >> Blog Archive >> Incident Response Lessons Learned
Tags: ( incident response )
Some good questions to consider when you are selecting you next vendor for a pen test.
How to choose a Pen Tester << Steven Branigan's Blog
Tags: ( pentesting )
It's coming up. If you are in the heartland, this is a good option, particularly if cost is an issue.
Carnal0wnage Blog: ChicagoCon 2009s is coming up!
Tags: ( conference chicagocon )
An interesting paper about Banking Trojans.
Bank details uncovered - PandaLabs
Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Interesting Information Security Bits for 02/09/2009

by kriggins on February 9, 2009

in Interesting Bits

Here are today's Interesting Information Security Bits from around the web.

You've probably already seen this, but if you haven't, Kaspersky had a little problem this weekend. They did get it corrected quickly.
Kaspersky database exposed | Security and the Net
Tags: ( vulnerability sql )
Folks, as Graham says, secret is secret. Don't chatter about stuff on Facebook, Twitter, etc. that should be secret. Seems obvious, but apparently, some people are quite adept at missing the elephant standing in the room.
Congressman Twitters secret trip to Iraq | Graham Cluley's blog
Tags: ( privacy socialnetworking confidentiality )
If you use OpenDNS as your name resolution provider, which I heartily recommend, you will have some additional protection in place this week.
OpenDNS to step up fight against Conficker worm
Tags: ( malware opendns conficker worms )
A nice primer on DLP.
What You Really Need To Know About Data Loss Prevention - insider threats/Management - DarkReading
Tags: ( dlp )
A nice post with some good recommendations.
Digital Soapbox - Information Security, Risk & Data Protection Blog: People Hacking 101: How to Infiltrate a Credit Agency
Tags: ( data-leakage )
The 2008 SANS Salary Survey is available.
salary_survey_2008.pdf (application/pdf Object)
Tags: ( salary )
The latest Ethical Hacker Network challenge is up. Go get'em!
The Ethical Hacker Network - Brady Bunch Boondoggle
Tags: ( challenge )
A new man-in-the-middle tool is available. It was released a Schmoo Con this weekend. Mubix has a copy for us if you are interested in playing with it.
The Middler gets released at ShmooCon! - Room362.com
Tags: ( pentest mitm )
New version available of Samurai.
Samurai LiveCD version 0.4 released | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
Tags: ( tools samarai )
Something to think about. BTW - You might want to think about leaving your garage door opener in your vehicle. Or locking the door from the garage to the house if you do.
Digital Soapbox - Information Security, Risk & Data Protection Blog: Your GPS is evil
Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]