nmap

Last week I made a decision to stop the Interesting Information Security Bits posts. I was both surprised and humbled by the comments, emails and tweets I received that expressed understanding and support for that decision, but also expressed how much the bits posts were appreciated.

That got me to thinking.

Is there a way to provide some pointers to content that supports my desire to refocus my attention without requiring me to wade through so much material?

I think there is and we are going to give it a try. This is the first post in what we will call 'Things I Learned Last Week.'

These posts are basically going to be a journal type thing that I will post every Sunday night/Monday morning. I am just going to start a draft post and plop things in here that I feel taught me something during the week.

Probably won't be restricted to purely Infosec related stuff, but I will try to separate things a bit 🙂

These posts may be long, they may be short or they may be non-existent.

Things are a little light for this innaugural post. I didn't get started until late last week.

Anyhoo, here we go!

Infosec Stuffs

Droidmap: network scanner in your pocket.

Want to have a handy wireless port scanner with you where ever you go? Check out Droidmap. From the application description:

This is an android application for root users that implements some functions of NMAP in a GUI in android. This program comes with installer scripts for the installation of the required NMAP application that must be run to install the program to your phone. Please note that the installation process requires a Linux environment running the Android developer tools from the SDK (this program requires adb for installation).

So far I have only tested this program on the Motorola Droid A855 so YMMV on other Android devices.

I haven't tested it on my Droid X yet, but it's on the list of things to try. I'll report back after I have given it a go.

Smartphones: Information security risks, opportunities and recommendations for users

The European Network and Information Security Agency (ENISA) has released a new paper on smartphone use. Their work is always worth a gander. From the release notice:

The objective of this report is to allow an informed assessment of the information security and privacy risks of using smartphones. Most importantly, we make practical recommendations on how to address these risks. We assess and rank the most important information security risks and opportunities for smartphone users and give prioritised recommendations on how to address them. The report analyses 10 information security risks for smartphone users and 7 information security opportunities. It makes 20 recommendations to address the risks.

This is a report put out by ENISA that you might find interesting. Not as assessment specifically of their use in corporate environments, but applicable. Reading the executive summary is highly recommended.

You can read the paper here.

Non-Infosec Stuffs

Drupal: Podcasting and content segregation using taxonomy

I have been working on the new website for the Society of Information Risk Analysts and we have a few things we want to support. We want to have three blogs; a general blog for risk stuff, a news/announcement bog, and a podcasting blog. Figuring out how to do that took a good bit of my Saturday and I am not done yet, but I have the bones figured out.

You can use a vocabulary in your site taxonomy and then point menu items/links to the path specific vocabulary terms to build 'blogs.' It's pretty cool. I will provide more detail in next week's TILLW post if anybody is interested.

There is a module called filefield podcaster that helps you build the rss feed for itunes and other readers quite easily. Again, I'll post more detail next week if anybody is interested.

Thoughts

Last week seemed like a very busy week. Of course, they all seem that way, particularly at this time of year. Don't let the busyness of the season get in the way of those relationships that are most important to you. Take a few minutes to connect/reconnect with your loved ones.

Until next week, signing off.

As usual, if you have comments or questions, feel free to leave them below or email me at kriggins@infosecramblings.com.

-Kevin

{ 4 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier has a script you can use with nmap to scan for IIS FTP servers that may be susceptible to the recent 0-day.
    /dev/random >> Detecting Vulnerable IIS-FTP Hosts Using Nmap
    Tags: ( nmap ftp iis )
  2. Chapter 2 of Michael's excellent book "Into the Breach" is now available for free in audio format.
    Into the Breach - Audio Series - Chapter 2 (People Just Want to Do Their Jobs) : The Security Catalyst
    Tags: ( books audio )
  3. Issue 22 is out of (IN)Secure. Good stuff inside. Direct link to PDF.
    INSECURE-Mag-22.pdf (application/pdf Object)
    Tags: ( magazine )
  4. I read the Farhad Manjoo piece that Ben is referencing and was amazed. Ben does a great job of speaking to the points that Farhad tried to make.
    innismir.net -- Why corporate IT chains your computers
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up.
    Where in the World is Chris? - Packet Challenge << I Smell Packets
  2. A new course if being offered by Offensive Security on Metasploit. The proceeds go to help support Hackers for Charity, a very good cause.
    BackTrack Information Security Distribution >> Metasploit Unleashed - Mastering the Framework
  3. Nmap 5.0 is out. Go get some.
    Nmap 5.00 Release Notes
    Tags: ( nmap )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A nice tutorial on starting to use scripting with nmap. Good stuff.
    /dev/random >> Blog Archive >> Introduction to Nmap Scripting
    Tags: ( nmap scripting )
  2. Need some ammunition to justify the cost of that DLP solution? Take a peak at this article. Seriously, some good usable information.
    Data Breaches More Costly Than Ever - Security Fix
    Tags: ( data breach cost )
  3. Some interesting tidbits in there. Nothing to deep since it is a quick slide show, but worth clicking through.
    10 Things You Need to Know NOW About ... Laptop Security
    Tags: ( general )
  4. Looks like there may be a standard for integrated hard drive encryption.
    Drive Makers Agree on TCG Encryption Standard - Network World
    Tags: ( encryption harddrive )
  5. I wonder if we are going to start seeing more of this type of thing. Banks and financial institutions are definitely the largest targets. One note, make sure you read the licensing agreements carefully. Don't give away your rights just for some free software.
    Barclays offers free mobile banking security : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( general banking )
  6. Yup. Google was saying that the entire internet was hosting malicious software last Saturday morning. Oops.
    Google mistakes entire web for malware * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }