pci

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read this. Nao!
    Nao and Zen: Security Koans for Everybody
    Tags: ( general )
  2. Here is an interesting post from Hoff offering a suggestion for the problem of providing compliance information for things in the cloud, not to mention, security management.
    Rational Survivability >> Extending the Concept: A Security API for Cloud Stacks
    Tags: ( cloud )
  3. Here are a few tips from Mr. McGrew on preparing your mobile device for Blackhat/DefCon.
    Loading up your portable device for Vegas << McGrew Security Blog
    Tags: ( defcon )
  4. This could be a problem for a fair number of organizations.
    Society of Payment Security Professionals - Compliance Demystified >> Blog Archive >> 150 Transactions + 1 = QSA assessment: End of Level 4 Merchants
    Tags: ( pci )
  5. Looks like Mastercard will start fining folks who are non-compliant with PCI.
    Branden Williams' Security Convergence Blog: MasterCard to Fine Merchants for Non Compliance
    Tags: ( pci )
  6. A nice post that smashes a few myths that are often touted regarding cloud computing.
    Cloud Myths Dispelled | Eucalyptus Systems Inc
    Tags: ( cloud )
  7. A nice list of things to do to secure your SSH servers.
    Top 20 OpenSSH Server Best Security Practices
    Tags: ( ssh )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Sorry for missing yesterday. I had a brutally busy day and then we had a power outage at home to boot.

Here are today's Interesting Information Security Bits from around the web.

  1. A new packet challenge is up at I Smell Packets.
    Packet Challenge - Name that Exploit << I Smell Packets
    Tags: ( challenge packet-capture )
  2. This is an interesting post with some thoughts that can be extended well beyond virtualization.
    View Yonder >> Free the Gladiators!
    Tags: ( virtualization )
  3. This time a peak at php and sessions.
    AppSec Street Fighter - SANS Institute >> Session Attacks and PHP
    Tags: ( session )
  4. Anton opines on the contents of the letter sent to the PCI council by the National Retail Federation and other retail associations.
    On "PCI Letter"
    Tags: ( pci letter )
  5. Mozilla has been at work to come up with a method of getting rid of XSS problems. They believe they have it with Content Security Policy.
    Shutting Down XSS with Content Security Policy at Mozilla Security Blog
    Tags: ( csp mozilla )
  6. Christofer has a nice couple of graphics that help describe cloud computing from a high level perspective.
    Rational Survivability >> Incomplete Thought - Cloudanatomy: Infrastructure, Metastructure & Infostructure
    Tags: ( cloud )
  7. The ISC diary points out some ways to protect your webserver from being DOSed by the tool released by Rsnake recently.
    Apache HTTP DoS tool mitigation
    Tags: ( apache dos )
  8. RSnake take a look at detecting man-in-the-middle proxies.
    Detecting MITM/Hacking Proxies Via SSL ha.ckers.org web application security lab
    Tags: ( mitm )
  9. Lori offers some thoughts on IPv6 that you should also be thinking about.
    You are the new number 3ffe:1900:4545:3:200:f8ff:fe21:67cf
    Tags: ( ipv6 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This really is not good from an enterprise security perspective.
    Opera Unite: A Great idea or horrible security risk? - Security
    Tags: ( browser opera )
  2. As Martin says, Level 2 merchants are now faced with a little bit higher bar to get over.
    Network Security Blog >> Level 2 merchants are going to have to get serious about PCI
    Tags: ( pci )
  3. Andrew has started a series on SIEM. Check it out for some good advice.
    Andrew Hay >> Blog Archive >> A SIEM Solution is Like a Garden
    Tags: ( siem )
  4. Rafal talks about a nifty looking tool that I'll be checking out.
    Digital Soapbox - Preaching Security to the Digital Masses: Watcher - Web Vulnerabilities Served Up Passively
    Tags: ( tools webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Shrdlu points out that knowledge bias is a problem we need to be aware. I'll leave it to Shrdlu to explain what knowledge bias (my term) is 🙂
    "Security is dead" must DIE.
    Tags: ( bias )
  2. Jack offers some good advice on cutting through the flack being fed to us when we are trying to get to the bottom of an issue.
    Uncommon Sense Security: It isn't magic
    Tags: ( pci general )
  3. If you haven't figured out the best and easiest ways to lose data, Nick is here to help you out. Check out his list of 21 ways to lose data.
    Some of the Best Ways to Lose Your System Data
    Tags: ( humor )
  4. Time to patch up your Oracle Linux installations.
    Weekend Patching: Oracle Linux Security Updates
    Tags: ( oracle linux vulnerability patches )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The 5 year clock is about to start on Windows XP and Office 2003. They both are going into extended support status.
    Windows XP and Office 2003 Enter a New Phase of Support
    Tags: ( patches winxp office-2003 )
  2. If you want to continue to get updated DCERPC related detection capabilities with snort you are going to have to upgrade soon. Details inside.
    VRT: Snort 2.8.4 is nigh
    Tags: ( ids snort )
  3. Alex has put up his first blog post for Verizon Business. In it, he argues that PCI is not broken. I agree. I have never viewed PCI and a panacea for "securing" card data. Saying that PCI makes card data safe, is like saying that a seat belt makes a car safe. It helps, but doesn't guarantee anything.
    He also points us to another resource that looks interesting, the "Information Security Management Maturity Model "
    Verizon Business Security Blog >> Blog Archive >> There's nothing wrong with the PCI DSS
    Tags: ( pci )
  4. First: This post has a really nice graphical representation of the operational Internet DNS framework (attack surfaces). Second: The final report was released from the The Global DNS Security, Stability and Resiliency Symposium. It is now on my reading pile.
    >> DNS Attack Surface * Security to the Core | Arbor Networks Security
    Tags: ( dns )
  5. You have a couple patches to install if you manage a VMWare ESX installation.
    VMWare Announces New, Critical Security Updates
    Tags: ( vulnerability vmware patches )
  6. A nice list of targets you can use to test your hacking skills. There are more in the comments.
    Hacking Without All the Jailtime ha.ckers.org web application security lab
    Tags: ( hacking targets )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You may have already heard, but Heartland and RBS are having some PCI issues.
    Visa yanks creds for payment card processing pair * The Register
    Tags: ( pci )
  2. Good tips and suggestions here.
    Gaining and Maintaining Professional Momentum During Difficult Times : The Security Catalyst
    Tags: ( career )
  3. Nifty information on digging into what information Firefox keeps as you peruse the internet.
    Firefox 3.X Forensics: Using F3e << SANS Computer Forensics, Investigation, and Response
    Tags: ( forensics firefox )
  4. A nice source for lots of HIPAA information. (Via @privacyprof)
    FAQ: What is the impact of HIPAA on IT operations?
    Tags: ( hipaa )
  5. Yup. Part 3 of Synjunkie's "Abusing Citrix" series is up. Again, good stuff.
    Syn: Abusing Citrix - Part 3
    Tags: ( hacking citrix )
  6. Jeff has a great post about first solutions and thoughts. Good stuff.
    How to Catch a Balloon : The Security Catalyst
    Tags: ( general )
  7. Chris has a real good primer/reminder on performing an effective and complete application security risk assessment. Good stuff. I hope he gets permission to share more details.
    Application Security Risk Assessments << Risktical Ramblings
    Tags: ( risk assessment application )
  8. Bill has a slide show up from his trip to Boston for SOURCEBoston.
    CSO Online - Security and Risk - Slideshow - SOURCE Boston Security Conference - Slide 1
    Tags: ( source conferences )
  9. Wow. Just wow. (via @brianhonan)
    Drunken BOFH wreaks $1.2m in Oz damage * The Register
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Larry walks us through how he built his shmoocannon for 2009.
    Building of the 2009 Shmooball Cannon
    Tags: ( hacking shmoocon )
  2. Synjunkie as being mean to his Citrix server in this series.
    Syn: Abusing Citrix - Part 1
    Tags: ( citrix )
  3. An interesting article about where Richard thinks the majority of security jobs will be in the future.
    TaoSecurity: Thoughts on Technology Careers for the Next Generation
    Tags: ( career )
  4. There's a little more help available now for getting compliant with PCI requirements.
    Befuddled companies get checklist for complying with PCI security standard
    Tags: ( pci )
  5. There may be some new guidance coming for disclosure in California.
    California bill spells out what companies have to say about data breaches
    Tags: ( privacy disclosure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The call for speakers is open for RSA Europe 2009. I'll be wracking my brain trying to come up with something. Why don't you join me.
    RSA Conference Europe 2009: Call for Speakers
    Tags: ( cfp rsa-europe-2009 )
  2. Part two of this interesting two part series is available.
    Ascension Blog >> Don't let what Happened to Heartland Happen to You - Part Two
    Tags: ( pci breach )
  3. Christofer has some thoughts on security and the Kindle. Things we need to think about.
    Rational Survivability: Amazon's Kindle: Some Interesting Security Thoughts
    Tags: ( kindle )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Interesting tool available from Microsoft. Could be useful for those that use IIS.
    Microsoft releases beta tool for fighting DoS attacks - Ars Technica
    Tags: ( dos )
  2. SANS and DSHIELD (a great project) have another cool thing going on. And it's free.
    SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
    Tags: ( honeypot )
  3. Good stuff here as usual.
    Everything I know about security, I learned from Ghostbusters... | The Guerilla CISO
    Tags: ( general )
  4. An interesting post by Martin that looks at an interesting question.
    Network Security Blog >> Are credit cards worth the risk?
    Tags: ( pci )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I agree completely with George on this one. Arguing that PCI DSS is a failure because two organization that were compliant experienced breaches is like saying door locks are a failure because somebody broke into your house.
    The Death of PCI DSS? Don't Be Silly - Security Blog - InformationWeek
    Tags: ( pci breach )
  2. This is a good article to pass on to your family and friends. The tips are very good and will raise the awareness level of any who reads the article.
    12 tips for managing your information footprint
    Tags: ( privacy )
  3. The next in the series.
    The Business Justification For Data Security: Data Valuation | securosis.com
    Tags: ( risk-management )
  4. The third post in the series.
    The Business Justification for Data Security: Information Valuation Examples | securosis.com
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 1 comment }