social media

Boy, you can tell it's a Monday. We have a big batch of interesting bits to take a peak at today.

Here are today's Interesting Information Security Bits from around the web.

  1. This is a long post, but a great recap of the 2009 CSAW-CTF competition. Good stuff in there. You can even try some of the challenges yourself.
    Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas
    Tags: ( challenge )
  2. I don't usual point to recap posts, but Rich has a very good thought in the introduction to last week's Friday summary. Something I am dealing with myself.
    Securosis Blog | Friday Summary: January 22, 2010
    Tags: ( general )
  3. It isn't only credit card, SSNs and bank account details that are being traded by the fraudsters anymore.
    Zscaler Research: Watch out Bill Gates...
    Tags: ( social-media fraudsters )
  4. If you use any of these passwords anywhere, I strongly suggest you go change it right now.
    Top 20 website passwords you shouldn't be using | Graham Cluley's blog
    Tags: ( passwords )
  5. The latest pass at the old 'is certification worth a pickle?' question. Actually, a good article with some good advice. The comments are of value too.
    Securosis Blog | The Certification Myth
    Tags: ( certification )
  6. Dave peels back a couple layers of the security mind and peeks at what's inside.
    ShackF00 >> A Glimpse Into the Security Mindset
    Tags: ( security mindset )
  7. Ax0n digs into a new lock. Nifty stuff.
    HiR Information Report: Review: Master 1500iD "Speed Dial" lock
    Tags: ( locks )
  8. Hoff offers some sage advice on compliance and cloud computing.
    Cloud: Security Doesn't Matter (Or, In Cloud, Nobody Can Hear You Scream) | Rational Survivability
    Tags: ( cloud compliance )
  9. Brian has a neat little exploration of a browser exploit kit.
    A Peek Inside the 'Eleonore' Browser Exploit Kit -- Krebs on Security
    Tags: ( exploit browser )
  10. This time we learn a little more about Wim, a very good on-line friend of mine. We haven't met in person yet, but I know that will happen some day.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Wim Remes
    Tags: ( interview d-list )
  11. Oops. Looks like Google forgot their 'Do no evil' motto again.
    Sunbelt Blog: Google Toolbar tracks searches after it's disabled.
    Tags: ( google-toolbar data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A very good article on an issue that we need to think about as those who are very social media focused are working in our organizations.
    Lifestyle Hackers - CSO Online - Security and Risk
    Tags: ( social-media )
  2. You know you've been wanting to try it.
    Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR
    Tags: ( passwords cloud cracking )
  3. Wonder what the latest changes to MA 201 CMR 17.00 are? Jack does us all a wonderful service by showing us the differences.
    Uncommon Sense Security: diff MA 201 CMR 17.00
    Tags: ( ma-201-cmr-17 )
  4. Part two of SynJunkie's latest story is up.
    Syn: Bobs Double Penetration Adventure - Part 2
    Tags: ( story wifi pentest )
  5. The latest version of Microsoft's Security Intelligence Report is available.
    Download details: Microsoft Security Intelligence Report volume 7 (January - June 2009)
    Tags: ( intelligence report microsoft )
  6. This post points out that we really need to be able to communicate with non-technical audiences. It then points to a new SANS short course that helps us learn how to do that more effectively. Looks very interesting.
    Keys to Professional Communication | Courses, Training | Enclave Forensics
    Tags: ( presenting speaking writing )
  7. This page contains links to a wealth of information on psychology and information security. Fascinating stuff that will keep you busy for quite some time.
    Hat tip: Adam @ The New School of Information Security Blog
    Psychology and Security Resource Page
    Tags: ( psychology )
  8. Here is the third and final part of SpyLogic's Enterprise Open Source Intelligence Gathering series. It focuses on monitoring and social media policies.
    Enterprise Open Source Intelligence Gathering - Part 3 Monitoring and Social Media Policies -- spylogic.net
    Tags: ( gathering intelligence )
  9. This is a nicely detailed post on using OWASP ESAPI for output validation. You are validating your output, right? It is actual the second in a series. The first part on input validation is linked to at the beginning and is also worthy of a gander.
    Output Validation using the OWASP ESAPI << Security Ninja
    Tags: ( output-validation owasp esapi )
  10. Anton posits that FUD is good sometimes. Interesting perspective. The New School Security blog has an interseted reponse too: http://newschoolsecurity.com/2009/10/just-say-no-to-fud/
    A Treatise on FUD - fudsec.com
    Tags: ( iis fud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A new site is being launched that looks very nice. Check it out for social media specific security information.
    Launching: SocialMediaSecurity.com -- spylogic.net
    Tags: ( social-media )
  2. The Infosec Cynic interviews Kai Roer, the most positive individual in information security 🙂
    Kai Roer stuck in the lift with the Cynic | The Infosec Cynic
    Tags: ( interview )
  3. Wanna save some cash getting into Defcon? Give this a try 🙂
    Just because it's defcon17 | The Edge of I-Hacked
    Tags: ( defcon17 )
  4. This isn't good. Hope they figure out how to do this more securely.
    Researchers find insecure BIOS 'rootkit' pre-loaded in laptops | Zero Day | ZDNet.com
    Tags: ( bios rootkit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I find this a little alarming. Particularly with the number of recent Facebook worms that have cropped up.
    Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr | Danger Room | Wired.com
    Tags: ( social-media army )
  2. More on database encryption. Good stuff.
    Securosis Blog | Database Encryption, Part 2: Selection Process Overview
    Tags: ( database encryption )
  3. Good stuff, but remember making the boss look stupid is a career limiting move 😉
    A chat with the boss | The Infosec Cynic
    Tags: ( general )
  4. Here is an output of Project Quant. The first phase of the patch management cycle. Rich is looking for feedback.
    Details: Monitor for Advisories
    Tags: ( patch-management )
  5. Like a pet rock, a pet risk doesn't really help you much. Check out Ron's suggestions below.
    Pet Risks - A New View of Risk Management : The Security Catalyst
    Tags: ( risk-management )
  6. Chris was looking for some incident response templates and hit the motherlode of suggestions. He put them all together in a blog post. A very good reference page.
    Dr. InfoSec: Incident Response Templates, Cheat Sheets, and more
    Tags: ( incident-response )
  7. A couple days ago I pointed to the crossword puzzle challenge/contest being put on by Sophos. Well, it's all done and there is a winner. The link below contains the answer sheet if you are interested.
    Solution to computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. You have (hopefully) an information security policy. You also have an (shame on you if you don't) acceptable use policy. How about a social media policy? Hat tip @agent0x0 who retweeted @koskim
    Should Your Company Have a Social Media Policy?
    Tags: ( policy social-media )
  2. Some nice tips on what to do and what not to do when you land that interview in today's difficult markets.
    10 Dos and Don'ts for Security Job Interviews - CSO Online - Security and Risk
    Tags: ( career interviewing )
  3. This is pretty nifty and a great way to maintain backwards compatibility with applications that require Windows XP to run when you move to Windows 7.
    Windows 7's XP Mode and Security
    Tags: ( windows-7 xp-mode )
  4. I don't own a Mac, so I have not read this article in depth. However, it certainly can't hurt to check it out and send it to those who do have Macs that might benefit from the information within.
    15 easy fixes for Mac security risks
    Tags: ( macosx securing )
  5. ENISA is conducting a security risk assessment of cloud computing. They are interested in your input. Go forth and opine on their survey.
    ENISA Cloud Risk Assessment: What Are Your Concerns about Cloud Computing? | Cloud Security
    Tags: ( cloud assessment enisa )
  6. Time to patch Firefox if you haven't already. For those running the beta, beta 4 is out also.
    Mozilla Updates Firefox, Now At Version 3.0.10
    Tags: ( vulnerability firefox patches )
  7. I attended part 1 and it was quite good. Check it out.
    The Ethical Hacker Network - Webcast: Modern Social Engineering Part II - Top 5 Ways to Manipulate Humans Over the Wire
    Tags: ( webcasts social-engineering )
  8. Chris's thoughts on the Verizon Breach report.
    2009 Verizon Breach Report << Risktical Ramblings
    Tags: ( verizon dbir )
  9. John talks about an interesting report that takes a look at the cost of a lost laptop. Not as obvious as you might think.
    The Real Costs Of Laptop Loss - Evil Bytes Blog - Dark Reading
    Tags: ( laptops )
  10. Dan's list of 10 add-ons that information security professionals might find helpful. I use several of them.
    10 Essential Firefox Plugins for the Infosec Professional | dmiessler.com
    Tags: ( firefox add-ons )
  11. Some nifty updates and changes in the Jeriko project. Check it out.
    Jeriko Group and Source Code Repository | GNUCITIZEN
    Tags: ( pentest jeriko )
  12. Time to patch your Chrome installations.
    Google Releases Chrome Browser Security Fix
    Tags: ( google chrome )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }