social networking

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. OT, but very cool. Make your own QR code temporary tatoos.
    QR Code Temporary Tattoos Howto | The Guerilla CISO
    Tags: ( general )
  2. I think I pointed to something about this a bit ago, but here is more on chip and pin having issues.
    Light Blue Touchpaper >> Blog Archive >> Chip and PIN is broken
    Tags: ( chip-and-pin )
  3. Fun stuff here. Using WCF to scan inside the perimeter.
    Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
    Tags: ( scanning )
  4. Dave opines about 5 reasons your security program may be struggling.
    ShackF00 >> 5 Reasons Your Security Program is a Failure
    Tags: ( general security-program )
  5. Just in case you were not aware of it, OWASP has a broken web application project. It's a VM with vulnerable apps.
    owaspbwa - Project Hosting on Google Code
    Tags: ( webappsec education )
  6. Join the rant against the term "best practice." Drives me nuts, just like it does Adam.
    Best Practices for Defeating the term "Best Practices" << The New School of Information Security
    Tags: ( general )
  7. Josh has some good point about social networking and its use are work.
    Josh More - Starmind Blog >> Should we allow our employees to engage in social networking?
    Tags: ( social-networking )
  8. Check it out if you are in Europe or have a really big travel budget.
    Pimping the Security Non-Cons: Troopers 2010 | Rational Survivability
    Tags: ( conferences )
  9. Some cool and interesting stuff going on in the A6 world. Check out Chris's post about A6 and CloudAudit.
    The Automated Audit, Assertion, Assessment, and Assurance API (A6) Becomes: CloudAudit | Rational Survivability
    Tags: ( cloud a6 cloudaudit )
  10. Fun with social engineering and Metasploit.
    Social-Engineering Toolkit (SET)
    Tags: ( social-engineering metasploit )
  11. .:[ Layered Security ]:.: 802.11n card that works with BackTrack 4 - woohoo!
    Tags: ( backtrack tools wireless )
  12. Security-Shell: NoMore AND 1=1 - Web Application Testing Tool released
    Tags: ( webappsec sql-injection )
  13. 7 Things Every Information Security Professional Should Know -- My Information Security Job
    Tags: ( careers )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. You've probably already seen this, but if you haven't, Kaspersky had a little problem this weekend. They did get it corrected quickly.
    Kaspersky database exposed | Security and the Net
    Tags: ( vulnerability sql )
  2. Folks, as Graham says, secret is secret. Don't chatter about stuff on Facebook, Twitter, etc. that should be secret. Seems obvious, but apparently, some people are quite adept at missing the elephant standing in the room.
    Congressman Twitters secret trip to Iraq | Graham Cluley's blog
    Tags: ( privacy socialnetworking confidentiality )
  3. If you use OpenDNS as your name resolution provider, which I heartily recommend, you will have some additional protection in place this week.
    OpenDNS to step up fight against Conficker worm
    Tags: ( malware opendns conficker worms )
  4. A nice primer on DLP.
    What You Really Need To Know About Data Loss Prevention - insider threats/Management - DarkReading
    Tags: ( dlp )
  5. A nice post with some good recommendations.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: People Hacking 101: How to Infiltrate a Credit Agency
    Tags: ( data-leakage )
  6. The 2008 SANS Salary Survey is available.
    salary_survey_2008.pdf (application/pdf Object)
    Tags: ( salary )
  7. The latest Ethical Hacker Network challenge is up. Go get'em!
    The Ethical Hacker Network - Brady Bunch Boondoggle
    Tags: ( challenge )
  8. A new man-in-the-middle tool is available. It was released a Schmoo Con this weekend. Mubix has a copy for us if you are interested in playing with it.
    The Middler gets released at ShmooCon! - Room362.com
    Tags: ( pentest mitm )
  9. New version available of Samurai.
    Samurai LiveCD version 0.4 released | Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills
    Tags: ( tools samarai )
  10. Something to think about. BTW - You might want to think about leaving your garage door opener in your vehicle. Or locking the door from the garage to the house if you do.
    Digital Soapbox - Information Security, Risk & Data Protection Blog: Your GPS is evil
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }

And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.

Kevin

Technorati Tags: , , , , , , , , , ,

{ 0 comments }