policy

Interesting Information Security Bits for 12/07/2009

by kriggins on December 7, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Guest blog: Evil Maids on the rise | Graham Cluley's blog
    Tags: ( bitlocker tpm )
  2. Could a rubber duck steal your identity on Facebook? | Graham Cluley's blog
    Tags: ( facebook malware )
  3. AOL Ditches Security Tokens To Make Logging In Easier | Threat Level | Wired.com
    Tags: ( general )
  4. Can quantitative risk estimation serve as a guide for every-day policy decisions? << The New School of Information Security
    Tags: ( risk-management policy quantitative )
  5. Security Uncorked >> Four Options for Secure Wireless Authentication with 802.1X
    Tags: ( 80211x )
  6. Great InformationWeek/Dark Reading/Black Hat Cloud & Virtualization Security Virtual Panel on 12/9 | Rational Survivability
    Tags: ( webinar virtualization cloud )
  7. Digital Soapbox - The White Rabbit Commeth...: Exposing Malware - Part 2: Infestation
    Tags: ( malware )
  8. McAfee Gives Stats on the Riskiest Domains | CNET Security | danielmiessler.com
    Tags: ( general )
  9. Economic Recovery: Will Your IT Security Department Jump Ship? - CSO Online - Security and Risk
    Tags: ( career jobs )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/28/2009

by kriggins on September 28, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
    /dev/null - ramblings of an infosec professional: Security Exemptions
    Tags: ( policy )
  2. Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
    The Writing Funnel (The Falcon's View)
    Tags: ( general writing )
  3. A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
    Network Forensics Puzzle Contest
    Tags: ( forensics contest answer )
  4. This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
    Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
    Tags: ( cloud privacy )
  5. Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
    Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
    Tags: ( virtualization )
  6. Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
    The policy bootstrapping problem.
    Tags: ( policy )
  7. Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
    Cyber Security Awareness Month
    Tags: ( awareness )
  8. Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
    Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
    Tags: ( risk-management )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/25/2009

by kriggins on September 25, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Adrian takes a look at a few database encryption myths.
    Securosis Blog | Database Encryption Misconceptions
    Tags: ( database encryption )
  2. The Infosec Cynic interviews Anton Chuvakin.
    Anton Chuvakin - Stuck In the Lift With The Cynic | The Infosec Cynic
    Tags: ( interview )
  3. A new free encryption tool is available. This one is provided by Sophos. That's pretty cool.
    Guest blog: Sophos Free Encryption | Graham Cluley's blog
    Tags: ( encryption tools sophos )
  4. Mark points out that Federal CIO Council's Information Security and Identity Management Committee released a document titled "Guidelines for Secure Use of Social Media by Federal Departments and Agencies." This is good stuff even if you aren't in the public sector.
    New Social Media "Guidelines" - Securing GovSpace
    Tags: ( social-networking guidelines )
  5. This is worth a read and a watch. It is the talk given by Matsano and Nate McFetters at last year's C4 conference. It is some guidance for independent Apple software developers. It also applies to non-apple developers too.
    Matasano Security LLC - Chargen - Indie Software Security: A ~12 Step Program
    Tags: ( sdl )
  6. Jack gives his perspective of the recent Massachusetts 201 CMR 17.00 public hearing. He was not impressed.
    Uncommon Sense Security: Making sausage, one hearing at a time
    Tags: ( law policy )
  7. The BruCon videos are up on the wiki and Xavier is also hosting a local copy.
    /dev/random >> BruCON Talks Video Mirror
    Tags: ( brucon videos )
  8. If you are having some issues with sqlninja and metasploit, take a look at this post.
    RaDaJo (RAul, DAvid and JOrge) Security Blog: Sqlninja & Metasploit
    Tags: ( sqlninja metasploit )
  9. Malware, like all software, tends to have common traits. This article talks about what some of them are.
    Categories of Common Malware Traits
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 09/10/2009

by kriggins on September 10, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Check out your ability to get off the hook in a phishing attack. 🙂
    Network Security Blog >> How's your phishing savvy?
    Tags: ( phishing )
  2. If by chance you didn't get your WordPress installation patched in time and ended up comprised, here are a couple references for cleaning up that situation. Granted, a scorched earth policy is probably best, but it may just not work for you.
    How to clean up a hacked WordPress installation - The HP Security Laboratory Blog -
    Tags: ( wordpress tips )
  3. Good stuff from James on establishing/writing/rewriting your information security policies.
    Policies don't have to be painful : The Security Catalyst
    Tags: ( policy )
  4. This is a must see. (Hat tip to @aneel)
    Nerd Venn Diagram [PIC]
    Tags: ( humor )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Interesting Information Security Bits for 06/24/2009

by kriggins on June 24, 2009

in Interesting Bits

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There is some confusion about when the bi-hourly shutdowns for Windows 7 Beta start. They start July 1st, 2009.
    Clarification on the Date for Bi-hourly Shutdowns for the Windows 7 Beta - Windows 7 Team Blog - The Windows Blog
    Tags: ( windows-7 beta )
  2. More ASP.Net and session attacks. Good stuff.
    AppSec Street Fighter - SANS Institute >> Session Attacks and ASP.NET - Part 2
    Tags: ( asp.net session )
  3. Here's an interesting exploration of the validity of the election returns of the recent presidential election in Iran.
    The Devil Is in the Digits: Evidence That Iran's Election Was Rigged - washingtonpost.com
    Tags: ( election iran )
  4. A nice article on writing information security policies.
    How to Write an Information Security Policy
    Tags: ( policy )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }