Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- Exception, variance, these words are the bane of the information security professional. We all have to deal with them. Jarrod offers some thoughts on the topic. You will benefit from reading them.
/dev/null - ramblings of an infosec professional: Security Exemptions
Tags: ( policy )
- Ben shares his method for writing along with some thoughts on writing in general. It's a good read and I bet you can find some things in there that can be applied to your own writing.
The Writing Funnel (The Falcon's View)
Tags: ( general writing )
- A bit ago, a forensic contest was opened with the winner getting a free SANS course. That contest is now over. Here is the cool part, they took the finalist's answers and made a website out of them for the rest of us to learn from. Check it out.
Network Forensics Puzzle Contest
Tags: ( forensics contest answer )
- This boggles the mind. A judge has ordered that Google deactivate an account because the account holder received an email not intended for them. I seriously hope this gets challenged. Otherwise, we are in for a very rocky time.
Judge Orders Gmail Account Deactivated After Bank Screws Up | Threat Level | Wired.com
Tags: ( cloud privacy )
- Hoff has penned a post that, along with the attending comments, is something that you should read. Seriously, go read it.
Incomplete Thought: Virtual Machines Are the Problem, Not the Solution... | Rational Survivability
Tags: ( virtualization )
- Shrdlu offers some guidance on how to implement new policies. I have used this same method in the past.
The policy bootstrapping problem.
Tags: ( policy )
- Next month is Cyber Security Awareness month. The Internet Storm Center handler's diary will again be making deep dives into various security issues during the month. If you aren't a subscriber now, I suggest you rectify that lapse.
Cyber Security Awareness Month
Tags: ( awareness )
- Wade talks about the difference between Management Science methods of making decisions and engineering methods. He then ask the question "..how does your company make 'Should we do X, Y, or Z?' decisions?" (slightly paraphrased) He offers a few he has seen. Stop by and offer your input.
Verizon Business Security Blog >> Blog Archive >> Security Decisions - How do you make them?
Tags: ( risk-management )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin
I was looking at my checking account on-line a few days ago and saw something that sparked this blog post.
My bank has a very handy service where they scan the checks we write (yes, checks are still used in some cases :)) and you can view them online for a limited time. Very cool. Nothing wrong with that, right?
I didn't think so until recently.
We wrote a check to an individual recently and they cashed it at their bank. Somewhere along the line a fingerprint was put on the check, a very well done, clean, and clear fingerprint. I'm assuming that the fingerprint belongs to the individual who the check was written to, but I have not verified that.
First, why is the bank taking a finger print? Seems a bit extreme to me.
Second, why are they sticking it on a check that they know is going to be out of their control at some point?
This seems like a recipe for disaster to me. What do you think?
-Kevin
Good afternoon everybody! I hope your day is going well.
Here are today's Interesting Information Security Bits from around the web.
- Here is a great list of state and country links to privacy information. Via @PrivacyProf
Links to Privacy Laws
Tags: ( privacy regulation )
- Rsnake has updated his XSS cheat sheet.
XSS (Cross Site Scripting) Cheat Sheet
Tags: ( cheatsheet xss )
- Per ISC, PacketLife is updating their cheat sheets. Must have stuff.
Cheat Sheets - PacketLife.net
Tags: ( cheatsheet )
- Want to play around with CRSF? Here is a tool that lets you do so. Don't forget, only use it in your lab or on sites you have permission to test.
Neohaxor.org >> Blog Archive >> MonkeyFist Fu: The Intro
Tags: ( tools csrf )
- Here is the answer to the hard version of the recent I Smell Packets challenge.
Solution to The Crypto Kitchen Packet Challenge (Hard Version) << I Smell Packets
Tags: ( challenge answer )
- An interesting exploration of a possible way to detect encrypted sessions.
Detecting encrypted traffic with frequency analysis << wirewatcher
Tags: ( encryption detection )
- Bill Brenner had the opportunity to interview Robert Carr, the CEO of Heartland Payment Systems Inc., regarding the massive breach that occurred. Mr. Carr's responses have generated quite a bit of conversation. The I find most disturbing about Mr. Carr's responses is that someone is his position would take this approach to dealing with the situation. Seems like a lot of finger pointing and 'it wasn't me' language for an issue which is ultimately his responsibility. Please read the next few links after you read the interview to see what others, who are much more eloquent than I, have to say.
Heartland CEO on Data Breach: QSAs Let Us Down - CSO Online - Security and Risk
Tags: ( heartland )
- Rich's response to the Heartland CEO's comments.
Securosis Blog | An Open Letter to Robert Carr, CEO of Heartland Payment Systems
Tags: ( heartland )
- Alan's take on the Heartland issue.
StillSecure, After All These Years: Heartland CEO thought QSAs would make him compliant and secure
Tags: ( hearland )
- Mike's take on the Heartland issue.
One Man's View: Heartland CEO Must Accept Responsibility - CSO Online - Security and Risk
Tags: ( heartland )
- Andy's take on the Heartland issue.
Will the real leader please step forward >> Andy ITGuy
Tags: ( heartland )
- Jeff tells it like it is! Actually, he does, but read the whole article to know what I mean.
The Auditor's Prerogative : The Security Catalyst
Tags: ( audit )
- David may call it an incomplete thought, but I don't.
Incomplete Thought: Compliance, Governance, Audit and Risk aka GRC We're Doing It Wrong << The New School of Information Security
Tags: ( grc )
That's it for today. Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.
Kevin