patches

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch your OpenView installations.
    HP patches critical OpenView flaws
    Tags: ( vulnerability patches hp openview )
  2. A nice list of some free tools. I was not aware of a couple.
    8 Great Free Security Tools - Network World
    Tags: ( tools )
  3. A good walk-through on setting up a lab for testing VoIP stuff.
    How to set up a VoIP lab (on a shoe string) << EnableSecurity
    Tags: ( voip testing lab )
  4. You must look at this. Absolutely hilarious.
    Bringing You Only the Best in Security Network Diagrams | The Guerilla CISO
    Tags: ( humor general )
  5. Some good thoughts on setting up a penetration testing security lab.
    DIY Pentesting Lab - Evil Bytes Blog - Dark Reading
    Tags: ( security testing lab )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's interesting bits in information security.

  1. This is an interesting story of the DarkMarket sting.
    Three years undercover with the identity thieves
    Tags: ( general )
  2. Just because the website you are visiting is a popular, well-known site doesn't mean that it is complete safe. Conversely, just because a site is declared to host malware, doesn't mean they whole site is malicious.
    70 Of Top 100 Web Sites Spread Malware -- Malware -- InformationWeek
    Tags: ( malware )
  3. Want to get some personally identifiable information on somebody. Find out where they get the dry cleaning done and get a job. Wow.
    9,000 USBs left in Laundrettes : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( data gathering breach usb )
  4. Time to patch Quicktime.
    QuickTime 7.6 Fixes First 7 Bugs of 2009 - Security Watch
    Tags: ( vulnerability patches quicktime )
  5. I pointed this out recently. Looks like Seagate users are going to need to patch again.
    Seagate Offers Second Fix For Hard-Drive Firmware -- Storage Security -- InformationWeek
    Tags: ( availability )
  6. This is very cool. I use OpenDNS at home and have never been happier.
    New Security Services Land In Home Routers - DarkReading
    Tags: ( home-networking )
  7. Gonna be a meetup for podcasters at ShmooCon. Looks like a lot of fun.
    Podcasters Meetup at ShmooCon - Room362.com
    Tags: ( conferences meetup shmoocon )
  8. A very nice article about why we need to keep identity and authentication as separate and distinct.
    Hat tip: http://www.schneier.com/blog/archives/2009/01/identity_authen.html
    It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct
    Tags: ( identity authentication access-control )
  9. A new blog talking about SSL and some of the pitfalls one can come across in various implementations.
    Introducing SSLFail.com | tssci security
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

In today's crop of Bits we have more FAIR analysis, a couple articles about surveillance in the US, a patch for Win 7 Beta and other Microsoft products, a great visualization of application security relationships, virtualization security info and some helpful data recovery advice.

  1. Part 2 is up. The more I read about and see FAIR (Factor Analysis of Information Risk) in action, the more I like it.
    Risk Scenario - Hidden Field / Sensitive Information (Part 2 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  2. A new project over at Electronic Freedom Foundation. Very interesting information.
    The SSD Project | EFF Surveillance Self-Defense Project
    Tags: ( privacy surveillance eff )
  3. This article contains links to some really interesting information. If you are concerned or curious about surveillance in the U.S., you should give it a gander.
    Report: U.S. Surveillance Society Running Rampant | Threat Level from Wired.com
    Tags: ( surveillance )
  4. The first patch is out of Windows 7 Beta. Be warned that it does not address the SMB issue which does exist for Windows 7 Beta. Read the article for the details.
    Microsoft issues first Windows 7 beta patch
    Tags: ( vulnerability microsoft patches )
  5. Some good information about Microsoft's January patches.
    Inside the MSRC: Microsoft describes Server Message Block update
    Tags: ( vulnerability microsoft patches )
  6. I'm going to print this out and hand it on my wall. Great visualization of application security and how the different pieces relate and interact.
    Jeremiah Grossman: The World of Web Security
    Tags: ( appsec webappsec taxonomy )
  7. Continuing a series on virtualization security, Ryan points out some of the risks inherent in server virtualization.
    Virtualization Security Part 2 - PandaLabs
    Tags: ( virtualization )
  8. A nice post with some really good advice on being prepared for hard drives which are having problems.
    Data Recovery from Dead Drives | Forensics, Security, Auditing | Enclave Forensics
    Tags: ( data recovery )
  9. Another tool that builds a focused word list for brute force password attacks.
    The Associative Word List Generator (AWLG) - Create Related Wordlists for Password Cracking | Darknet - The Darkside
    Tags: ( password wordlists )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is interesting. I would say some of the guidance appears a bit more tactical that I would expect for a CSO, but still worth a gander.
    ASIS releases standards detailing CSO role @ The Latest for Security Executives SecurityInfoWatch.com
    Tags: ( cso )
  2. This is a good article to put in front of anybody that thinks that cross-site scripting vulnerabilities are minor and don't really need to be worried about.
    SecuriTeam Blogs >> Cross Site Scripting can cause your stock to tank
    Tags: ( xss )
  3. A very nice article about the recent patching of a flaw in the SimpleDB api.
    What's New in the Amazon Cloud?: Security Vulnerability in Amazon EC2 and SimpleDB Fixed (7.5 Months After Notification) | Cloud Security
    Tags: ( vulnerability patches amazon simpledb )
  4. Martin has a post asking us what we are doing to keep our skills current. Several, including me, have offered some input. There is some good stuff there. Go check it out and add your own ideas.
    Network Security Blog >> Investing in my career
    Tags: ( career education )
  5. Nifty tip on how to mount a filesystem using the alternate superblock when it won't mount normally. Of course, this is from a forensic perspective, but useful from a general perspective also.
    Mounting Images Using Alternate Superblocks << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics mount superblock )
  6. The bad guys are not in this for fun and games. There is value in the data they are taking from you.
    Hundreds of Stolen Data Dumps Found - Security Fix
    Tags: ( data breach )
  7. Looks like there might be some clarification coming regarding PCI and virtualization in 2009. Keep you eyes open.
    http://www.networkworld.com/news/2008/121808-crystal-ball-pci.html
    Tags: ( pci virtualization )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is nice to see.
    Yahoo to anonymize user data after 90 days | Security - CNET News
    Tags: ( privacy )
  2. Time to update Flash Player on Linux.
    Critical Flaw in Flash Player...For Linux! - Security Watch
    Tags: ( flash linux )
  3. Part 3 of SynJunkies' tale is ready for your perusal.
    Syn: The Story of an Insider - Part 3. Playing at CSI
    Tags: ( incident-response stories )
  4. New version. Haven't played with this one yet. Going to have to check it out.
    /dev/random >> Blog Archive >> OpenVAS 2.0.0. is out
    Tags: ( vulnerability openvas )
  5. Mike is getting involved it what appears to be a great new effort in training for penetration testers.
    Getting Information Security Training Right | Episteme
    Tags: ( training pentesting )
  6. Nifty new features.
    New Zenmap adds feature that does topology mapping | SecViz
    Tags: ( nmap zenmap )
  7. Done't forget folks. Firefox 2 is at end-of-life with 2.0.19 and you lost your safe-browsing capabilities too.
    Firefox 2 Users Will Get No More Security Updates - Security Fix
    Tags: ( firefox patches )
  8. I just like this post and Kees's approach.
    Making the world a little better - Kees Leune Information Security Blog
    Tags: ( awareness education )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Time to patch Apple owners.
    21 OS X Vulnerabilities Patched By Apple - Security Watch
    Tags: ( patches apple vulnerabilities )
  2. Even Google can get taken in by ad-based malware.
    Google sponsored links caught punting malware * The Register
    Tags: ( malware google ads )
  3. Be careful on Facebook. Well, you should always be careful on Facebook, but there are a few specific reasons you should be until they get them fixed.
    Four XSS flaws hit Facebook | Zero Day | ZDNet.com
    Tags: ( exploit vulnerability xss facebook )
  4. Andy points to an article by Rebecca Herold about the importance of vetting your 3rd party service providers information security stance. He then offers his opinion which agrees with Becky's and mine for that manner.
    3rd Party Security
    Tags: ( security vendor review )
  5. Look out folks. It appears that India is being targeted by Chinese hackers. With significant out sourcing going to India, we need to be very aware of this situation.
    The Dark Visitor >> Chinese hackers stealing Indian InfoTech data
    Tags: ( breach india )
  6. The invitations for the RSA Security Blogger's Meet-up. Better get your RSVP in soon. Only 200 will get to attend.
    Network Security Blog >> Look for your invite
    Tags: ( rsa meetup )
  7. This is just nifty.
    ITSec Non-Hypocritical Oath
    Tags: ( creed )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }