pentest

Hello there! Just wanted to let you know that this Bits post is the last one you will likely see this year. I am taking some time off from the day gig and decided I am also going to do the same here. You might see a post or two if something strikes my fancy, but the Bits posts will be on hiatus.

We'll  be picking back up on January 4th.

Here are today's Interesting Information Security Bits from around the web.

  1. Another great FUDSec article.
    FUD and Other Sales Errors - fudsec.com
    Tags: ( fud )
  2. Want to build a custom wordlist based on a website for password cracking? Look no further. Here is nice how-to on getting that setup.
    Will Hack For SUSHI >> Wordlist Generation - CeWL on Ubuntu
    Tags: ( wordlist password )
  3. George has put together a nice how-to on setting up a logging virtual machine using syslog-ng, splunk and vmware. Very good stuff.
    Building a logging VM - syslog-ng and Splunk | George Starcher
    Tags: ( loging splunk )
  4. Some good information on NTLM reflection.
    Reflecting on NTLM Reflection
    Tags: ( ntlm reflection )
  5. Here is a fun fictional story about a 'lost' laptop.
    The Confessions of a Chief Executive and his lost laptop | Infosec Cynic
    Tags: ( story laptop encryption )
  6. I always get a kick of walk-through/how-we-did-it stories. This is the beginning of a series about a physical pen test.
    Red Team Physical Security Penetration Test
    Tags: ( pentest )
  7. This is absolutely full of awesome sauce. Go check it out.
    'Twas the night before D-DoS << wirewatcher
    Tags: ( poem )
  8. If you are not familiar with SteadyState and are responsible or kiosks, labs, etc., you should check out this page.
    Maintain Shared Computers with the Free Windows SteadyState Tool
    Tags: ( kiosk )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

In today's bits post we see information on card readers, penentration testing tools, crypto challenges, NSAIG chapter meetings, reversing Blackberry apps, passwords, and a happy blog birthday. Read on for the details.

  1. Um, now you don't need to make you own card skimmer.
    Pocket Credit Card Reader Takes Transactions on the Go - Network World
    Tags: ( scanner creditcard )
  2. Set your reminders and mark it on you calendars. January 13th at 2:00 p.m. EST. Details inside.
    Best Of Webcast Series - Part I - Best Of Network Penetration Testing Tools
    Tags: ( tools pentest webcast pauldotcom )
  3. The answers and winners to the latest crypto challenge from the Ethical Hacker site are posted. Bonus - My first name is involved 😉
    The Ethical Hacker Network - Scooby Doo and the Crypto Caper - Answers and Winners
    Tags: ( challenge crypto answer )
  4. For those in Altanta or within a reasonable driving distance, the next meeting of NAISG is scheduled for the 14th of January. Check the post for details.
    Andy, ITGuy: Atlanta NAISG Meeting #2
    Tags: ( naisg atlanta meeting )
  5. Most of this is over my head :), but those of you into reversing might find it of interest.
    Don't Stuff Beans Up Your Nose! >> Disassembling Version 6 BlackBerry apps
    Tags: ( blackberry java reversing )
  6. Jeff has a nice post up which talks about a way to deal with brute-force dictionary passwords attacks.
    Coding Horror: Dictionary Attacks 101
    Tags: ( password twitter brute-force )
  7. Six years is a good run. Happy B-Day TaoSecurity. Keep it up.
    TaoSecurity: Happy 6th Birthday TaoSecurity Blog
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Lavasoft has jumped into the anti-virus market. We'll have to keep an eye on this one.
    Ad-Aware gets an antivirus cousin | The Download Blog - Download.com
    Tags: ( free anti-virus )
  2. Some interesting situation that lead to a need for data recovery. Hat tip to Xavier at /dev/random (blog.rotshell.be)
    Kroll Ontrack Top Ten Data Mishaps and Recoveries - Press Release
    Tags: ( amusing general )
  3. The workarounds section for the recent 0-day for IE has been updated. This blog post goes into some further detail about the workarounds.
    Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory
    Tags: ( exploit vulnerability microsoft ie workarounds )
  4. Part 2 of SynJunky's fictional story about detection of and incident response to an insider attack.
    Syn: The Story of an Insider - Part 2. The Sys Admins Story
    Tags: ( insider )
  5. This is a nifty way to get the job done.
    Writing a web services fuzzer in 5 minutes to SQL injection | tssci security
    Tags: ( webappsec injection sql )
  6. Woot! Version 1.2 of Burp Suite has been released.
    PortSwigger.net - web application security: Burp Suite v1.2 released
    Tags: ( webappsec burp )
  7. Just go read it. You won't regret it.
    Rational Survivability: GigaOm's Alistair Croll on Cloud Security: The Sky Is Falling!...and So Is My Tolerance For Absurdity
    Tags: ( cloud )
  8. Rory is writing a series of posts on penetration testing. The first is up.
    Rory.Blog: What is Penetration Testing?
    Tags: ( pentest )
  9. Here is a very cool idea for a low/no cost way to implement DLP.
    /dev/random >> Blog Archive >> Simple DLP with Ngrep
    Tags: ( dlp ngrep )
  10. Looks like nifty tool to add to the arsenal.
    Jeremy's Computer Security Blog: JPEG Fuzzer has ARRIVED
    Tags: ( fuzzer jpeg )
  11. Watch out folks, SkyNet is just around the corner.
    Schneier on Security: Killing Robot Being Tested by Lockheed Martin
    Tags: ( skynet )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I mentioned this white paper when I did my RSA Europe recap back in October. It is worth a read. * the link goes directly to the PDF
    Web 2.0 Security and Privacy
    Tags: ( privacy enisa )
  2. Here are some things you can do to protect yourself against the 0-day exploit that works against IE7.
    Microsoft talks up countermeasures to fend off new IE attacks
    Tags: ( vulnerability microsoft ie7 )
  3. Adding to the growing pile of recent 0-day exploits for Microsoft products, there appears to be one for SQL Server.
    Security pros groan as zero-day hits Microsoft's SQL Server * The Register
    Tags: ( exploit vulnerability 0day sqlserver micrsoft )
  4. Some good general guidance for how to react in the event you have a data breach. I would offer that it is good advice for everybody involved and not just the CIO.
    How a CIO should deal with aftermath of a data breach
    Tags: ( data breach )
  5. looks like Cisco is in for a legal fight.
    Cisco sued by Free Software Foundation for copyright infringement - Network World
    Tags: ( general )
  6. Innismir weighs in on the recent meme of penetration testing being dead. He, like most of us involved in the discussion, doesn't think its dead either.
    innismir.net -- Pentration Testing - Not Quite Dead Yet
    Tags: ( pentest )
  7. Rich brings up some good points. Worth reading and thinking about.
    How The Cloud Destroys Everything I Love (About Web App Security) | securosis.com
    Tags: ( cloud webappsec )
  8. WhiteHat Security's quarterly report on website security statistics is available for download. This is the sixth one they have put out. Good stuff in there.
    Jeremiah Grossman: Sixth Quarterly Website Security Statistics Report
    Tags: ( general reports )
  9. Jeremiah offers some really good guidance for justifying your budget for web application security spending.
    Jeremiah Grossman: Budgeting for Web Application Security
    Tags: ( webappsec )
  10. Here's a framework for SAP pen testing.
    sapyto v0.98 Released - SAP Penetration Testing Framework Tool | Darknet - The Darkside
    Tags: ( pentest sap )
  11. You can't make this stuff up. Remember folks, you have to make sure that all data is removed form devices before you get rid of them.
    Liquidmatrix Security Digest >> McCain Campaign Sells Off... Data?
    Tags: ( data leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Here we go.

CG points out that Brett Moore of Insomnia Security has released a Putty Hijack tool. Could be useful.

The IT Security Guy gives a heads up about a CIO magazine article about software security. Worth a gander.

All security professionals, at one time or another, will need to give presentations. Security4all has some good pointers on this topic frequently. Today's pointers refer to your physical presence on the stage. Good stuff.

What out for GIFARS. Not good people, not good at all.

As was probably expected by us all, Twitter is being used to distribute malware. Ryan over at Zero Day has a post up discussing the issue.

Last, but definitely not last, Wesley (not "Wes"), is talking a little about a press release which is about a vulnerability he found in some SCADA software. Looking forward to hearing more about this in the future.

That's it for today.

Kevin

{ 0 comments }

Here ya go.

From the Blogoshpere

0x000000 has the first of a series of pieces that cover Mozilla malware, how to write it and how to detect it, posted. Interesting stuff.

CG has a post up about a tool called Metagoofil and how it can be used to develop an email list. Very interesting stuff. I haven't played with it yet, but will be soon.

Tenable has setup a way for charities and classrooms that provide information security training to get a full professional feed for free. Way to go Tenable.

Have a good one.

Kevin

Technorati Tags: , , ,

{ 0 comments }