Phishing

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Check out this article for some hints and tips on stopping phishing.
    Stop Phishing: A simple guide - Michael M. Knight
    Tags: ( phishing )
  2. Chris offers some thoughts on working with external data sources in a narrowly scoped desire to build a "loss model." This series looks to be very interesting.
    Working With External Data (Part 1 of X) << Risktical Ramblings
    Tags: ( general )
  3. BSOFH! Enough said.
    BSOFH: Catering to a niche market.
    Tags: ( humor )
  4. Didier brings us another interesting utility that lets you start a process and select who its parent process is. This creates a problem. Read Didier's post to find out what that problem is.
    Quickpost: SelectMyParent or Playing With the Windows Process Tree << Didier Stevens
    Tags: ( windows )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Check out your ability to get off the hook in a phishing attack. 🙂
    Network Security Blog >> How's your phishing savvy?
    Tags: ( phishing )
  2. If by chance you didn't get your WordPress installation patched in time and ended up comprised, here are a couple references for cleaning up that situation. Granted, a scorched earth policy is probably best, but it may just not work for you.
    How to clean up a hacked WordPress installation - The HP Security Laboratory Blog -
    Tags: ( wordpress tips )
  3. Good stuff from James on establishing/writing/rewriting your information security policies.
    Policies don't have to be painful : The Security Catalyst
    Tags: ( policy )
  4. This is a must see. (Hat tip to @aneel)
    Nerd Venn Diagram [PIC]
    Tags: ( humor )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. eBay/Paypal is being particularly bothersome. See why in this post.
    EBay / Paypal Reports Security Blog To FBI For Phish Screenshot - SpywareGuide Greynets Blog
    Tags: ( phishing )
  2. This has nothing to do with information security. I have read several books about Dr. Feynan and his biography. He was a fascinating man and scientist. These classic videos will be fun to watch. Note: You have to have Silverlight 3.0 installed to watch them. Sorry.
    The Messenger Series - Microsoft Research - Richard Feynman
    Tags: ( general )
  3. Richard has followed up his "$1 millon dollar/yer Black Hat Team" post with one for the whitehats. It is not near as easy for the whilehats.
    TaoSecurity: White Hat Budgeting
    Tags: ( general )
  4. Get'em while they're hot. Rainbow tables for WPA.
    SecuriTeam Blogs >> Offensive-Security WPA Rainbow Tables
    Tags: ( rainbow-tables wpa )
  5. Adriane brings up something that we should keep in mind when we are pitching a product to our customers or business units. It is very important. They don't really care about the "How cool is that?" argument.
    Securosis Blog | Technology vs. Practicality
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A Romanian man is the first foreigner to be sentenced to a prison sentence in the U.S.
    U.S. sentences first foreigner for phishing
    Tags: ( phishing )
  2. Happy birthday to Security Fix. 4 Years and counting.
    Happy 4th Birthday, Security Fix - Security Fix
    Tags: ( general )
  3. Didier keeps churning out nifty stuff for us. This new tools helps us know if a pdf has the capability to potentially do us harm. It doesn't scan for intent, just for the possibility.
    PDFiD << Didier Stevens
    Tags: ( pdf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

In today's Bits post we take a look browser bugs, Blackberry Server bugs, fun with hardware hacking, defining effectiveness, the Source Boston schedule, Incident Response Management, and Downadup.

  1. Oh look, it's a browser bug. How novel. (yes, that was sarcasm and this appears to be pretty nasty)
    Browser bug could allow phishing without e-mail - Network World
    Tags: ( vulnerability browser javascript phishing )
  2. Time to patch your Blackberry Servers.
    RIM issues security patches for BlackBerry | Security - CNET News
    Tags: ( pdf vulnerability blackberry patches rim )
  3. Didier's been playing with some hardware. Nifty stuff.
    A Hardware Tip for Fuzzing Embedded Devices << Didier Stevens
    Tags: ( hardware hacking embedded devices phidgets )
  4. Read this post. Also read the comments. Some good device and a very workable definition of effectiveness and where efficiency and optimization come into play.
    Verizon Business Security Blog >> Blog Archive >> What is an "effective" Control?
    Tags: ( control effectiveness )
  5. The Source Boston 2009 sessions have all been solidified and the schedule is up and ready for you perusal. Have fun. I so wish I was going to be there.
    Source Boston - Sessions
    Tags: ( source conferences )
  6. A nice article about Incident Response Management from Kees.
    Incident Response Management - Kees Leune Information Security Blog
    Tags: ( management incident response )
  7. Wow. Take look at what F-Secure is doing and what they have found out. This botnet appears to be huge.
    How Big is Downadup? Very Big. - F-Secure Weblog : News from the Lab
    Tags: ( )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

Another day of great content. Enjoy.

Here are today's Interesting Information Security Bits from around the web.

  1. VeriSign has stepped up and offered replacement SSL certs free of change to all customers with MD5-based certs. They have also implemented SHA-1 for all certs now. Should have happened much earlier, but at least they were quick in there response.
    VeriSign addresses MD5 flaw
    Tags: ( vulnerability ssl general cert )
  2. Good guidance for us all and some suggestions on how to go about doing it.
    Know your network to keep it secure :: SearchNetworking.com.au
    Tags: ( network )
  3. Forrester is indicating that security spending may be taking a bigger chunk of IT spending in 2009.
    Despite Economy, Security Spending To Increase In 2009 - security industry/Management - DarkReading
    Tags: ( general spending 2009 )
  4. Oops. Trusted Execution Technology might not deserve to be trusted as much as we were lead to believe.
    Researchers hack into Intel's vPro - Network World
    Tags: ( txt )
  5. This is nifty. A nice visualization of botnet IRC channel joins.
    Flashy botnet is Flashy - F-Secure Weblog : News from the Lab
    Tags: ( botnet visualization )
  6. Erik has part 1 of a series that will address securing our Linux hosts.
    Art of Information Security >> Secure Your Linux Host - Part 1: Foundations...
    Tags: ( linux securing )
  7. Donald points us to a paper written by Brett Shavers about virtual machines and forensics analysis. I just added it to my stack of stuff to read.
    Forensic reading - Malta Info Security
    Tags: ( forensics virtualization vmware )
  8. A very good read. Well written and has a good point.
    Could the Titanic have changed course? | The Guerilla CISO
    Tags: ( general compliance checklists )
  9. I have pointed to all the previous parts of the this series of posts. The first paragraph has links to them also. I really like how they have brought all the previous posts together by showing some use cases. Well done.
    Building a Web Application Security Program, Part 8: Putting It All Together | securosis.com
    Tags: ( webappsec program )
  10. Adam points us to Maine's Data Breach Study. He points out some interesting tidbits. Enough that I have grabbed the study for reading later.
    Emergent Chaos: Maine Breach Study
    Tags: ( data breach study maine )
  11. Damon has a very nice guest post up on Jennifer Leggio's Feeds blog. It reaches beyond the issues that Twitter was dealing with this weekend.
    The inevitable rise (and fall?) of 'twishing' | Feeds | ZDNet.com
    Tags: ( twitter phishing social-networks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Lots of interesting things to take a gander at today. I had a great break and am rested and recharged and ready to tackle my workload. How about you?

Here are today's Interesting Information Security Bits from around the web.

  1. The Network World Salary Survey results for 2009 are up.
    Salary Survey - Network World
    Tags: ( survey salary )
  2. Packetlife's next contest is up and running. These are always a great way to learn something new or practice what you already know.
    January contest - PacketLife.net
    Tags: ( contest )
  3. David points to a great resource for getting up to speed on Digital Investigations and Evidence. It's not a short read, but looks really interesting. Is going on my to-be-read pile.
    Computer forensics - a subject every executive should understand (David Lacey's IT Security Blog)
    Tags: ( forensics guide )
  4. When good enough isn't really good enough. A nice post and point made.
    SecuriTeam Blogs >> Snow and security
    Tags: ( general )
  5. The combination of Twitter notification, allowed usernames and and automatic linkification of text by your email client introduces a possible phishing vector. Again, always be careful when clicking on links.
    Twitter Phishing Scam Update (Follow Notification Email Vulnerability)
    Tags: ( malware twitter phishing )
  6. I watched this happen live over the weekend. As always, be careful when clicking on links in emails/DMs/IMs etc.
    spylogic.net - First Twitter Phishing Attack of 2009
    Tags: ( twitter phishing )
  7. A nice post my Mathew talking about a presentation given at 25C3. Be careful on those fancy DECT telephones folks 🙂
    MatthewNeely.com - Security Second Thoughts - New Attack Against DECT Could Allow Attackers to Monitor Encrypted Headsets
    Tags: ( encryption dect mitm )
  8. Part 1 of Synjunkie's latest story. These are always fun.
    Syn: The Story of a Newbie Hax0r - Part 1
    Tags: ( stories )
  9. Send this to your family. They have several videos that help folks set there systems up more securely and educate them on safely using the Internet.
    The Academy Home
    Tags: ( education video home configuration )
  10. Benny's day 4 recap of 25C3.
    #25C3 Day 4 Overview: Picking up the pieces | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( conferences 25c3 recap )
  11. I've talked about privacy several time here. Here is another instance where your privacy can possible be invaded without you ever knowing. And another thought. What are the odds that no damage will be done to your system or data if it is "legally hacked?"
    (Hat Tip: http://carnal0wnage.blogspot.com/2009/01/uk-to-allow-warrantless-remote.html)
    Police set to step up hacking of home PCs - Times Online
    Tags: ( privacy hacking surveillance police )
  12. I posted about this previously. Help Mike and Lee out by completing the survey. It doesn't ask for your social security number or your bank account number. I promise.
    Calling all security pros | Episteme
    Tags: ( general )
  13. Richard has a nice little walk-through on getting IPv6 working on you Windows XP box. On a side note, I hope you are watching and filtering for IPv6 at your perimeter and hosts. This type of configuration can punch holes right through to the chewy center if you are not careful.
    TaoSecurity: IPv6 Tunnel on Windows XP Using Freenet6
    Tags: ( ipv6 tunnel )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 2 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a bummer. It's sad to see this organization close down.
    CastleCops Shuts Down - DarkReading
    Tags: ( phishing spam )
  2. The winner is revealed and a walk-through available for the Daemon contest.
    The Ethical Hacker Network - Daemon - A Contest Revealed
    Tags: ( challenge )
  3. An interesting tool by Cutaway. Looks like something worth playing with.
    Security Ripcord >> Blog Archive >> Scalp External XML Reporter (SEXR)
    Tags: ( apache detection logs parser )
  4. Ryan has a nice write-up of the new certificate issue.
    SSL broken! Hackers create rogue CA certificate using MD5 collisions | Zero Day | ZDNet.com
    Tags: ( exploit ssl md5 cert )
  5. Richard has a nice post up with a few lessons learned from 2008. Worth a read.
    2008 Security lessons learned | NetworkWorld.com Community
    Tags: ( general )
  6. As usual, JJ helps make a very technical topic quite understandable.
    Security Uncorked >> A Layman's Explanation of the CA Certificate Vulnerability
    Tags: ( exploit ssl md5 cert )
  7. I wouldn't go so far to say that the cert hack doesn't matter and Shrdlu doesn't really either. That being said, Shrdlu makes some very good points regarding the level of risk introduced by this issue.
    Why the MD5 cert hack doesn't matter.
    Tags: ( vulnerability exploit ssl md5 )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }