ssh

Wow, this has been a crazy busy week.

My apologies for not taking the time to get the daily bits posts out the door. However, don't despair. I have a bumper crop for you today because I have been keeping my eye on things.

Unfortunately you will have to do without my pithy (or so I'd like to believe) comments today. 🙂

Also, RSA Europe 2009, where I'll be speaking, is right around the corner along with some vacation time, so you will see fewer bits posts over the next couple weeks and they will probably be like this one.   I will be back in full gear after the conference. I will blog when I can on what I see at RSA though.

Anywho, here are today's (this weeks) Interesting Information Security Bits from around the web.

  1. Immutable Security >> Low and Slow SSH Brute Force Attacks
    Tags: ( ssh )
  2. Real World Stories: How Pen Tests Complement Vulnerability Scans << Core Security Technologies
    Tags: ( wepappsec pentest )
  3. Visa Announces New Data Encryption Practices
    Tags: ( pci )
  4. 'What's wrong with Smelly Widgets?' - Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  5. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - FRHACK01 copy of presentations
    Tags: ( conference presentations )
  6. Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft | Hackers Center Blogs
    Tags: ( passwords )
  7. AVG Stepping Up Consumer Anti-Virus Offerings | Darknet - The Darkside
    Tags: ( anti-virus avg )
  8. Man banished from PayPal for showing how to hack PayPal * The Register
    Tags: ( paypal )
  9. Book Review: The Rootkit Arsenal << McGrew Security Blog
    Tags: ( books reviews )
  10. Jeremiah Grossman: All about Website Password Policies
    Tags: ( infosce passwords )
  11. Digital Soapbox - Preaching Security to the Digital Masses: Things I Learned at SecTor 2009
    Tags: ( conference toorcon recap )
  12. TaoSecurity: Technical Visibility Levels
    Tags: ( avialability monitoring )
  13. SSL Still Mostly Misunderstood - DarkReading
    Tags: ( ssl )
  14. Anton Chuvakin Blog - "Security Warrior": Compliance != Security, Does Security = Compliance?
    Tags: ( compliance security )
  15. A Page from Singapore's Cybersecurity Playbook | Optimal Security: The Lumension Blog
    Tags: ( general )
  16. You Can't Always Be Proactive - Hacked Off - Dark Reading
    Tags: ( general )
  17. Security Uncorked >> Good, Bad and Ugly: On SecTor's Wall of Shame
    Tags: ( passwords wireless )
  18. CSS History Hack Used To Ban Torrent Users ha.ckers.org web application security lab
    Tags: ( css )
  19. Yahoo Best Jobs in America ranks infosec professional #8
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go read this. Nao!
    Nao and Zen: Security Koans for Everybody
    Tags: ( general )
  2. Here is an interesting post from Hoff offering a suggestion for the problem of providing compliance information for things in the cloud, not to mention, security management.
    Rational Survivability >> Extending the Concept: A Security API for Cloud Stacks
    Tags: ( cloud )
  3. Here are a few tips from Mr. McGrew on preparing your mobile device for Blackhat/DefCon.
    Loading up your portable device for Vegas << McGrew Security Blog
    Tags: ( defcon )
  4. This could be a problem for a fair number of organizations.
    Society of Payment Security Professionals - Compliance Demystified >> Blog Archive >> 150 Transactions + 1 = QSA assessment: End of Level 4 Merchants
    Tags: ( pci )
  5. Looks like Mastercard will start fining folks who are non-compliant with PCI.
    Branden Williams' Security Convergence Blog: MasterCard to Fine Merchants for Non Compliance
    Tags: ( pci )
  6. A nice post that smashes a few myths that are often touted regarding cloud computing.
    Cloud Myths Dispelled | Eucalyptus Systems Inc
    Tags: ( cloud )
  7. A nice list of things to do to secure your SSH servers.
    Top 20 OpenSSH Server Best Security Practices
    Tags: ( ssh )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Just go look.
    Klingon Anti-Virus
    Tags: ( humor )
  2. Here's an interesting one-stop-shop for NIST documents related to their Risk Management Framework. It includes FIPS docs, NIST publications, FAQs, and other docs in a neat lifecycle like representation.
    NIST.gov - Computer Security Division - Computer Security Resource Center
    Tags: ( risk-management )
  3. Time to patch ssh. Don't want anybody seeing your secret bits 🙂
    OpenSSH chink bares encrypted data packets * The Register
    Tags: ( openssh vulnerability patches )
  4. Check out Andrew's answer to the question he poses. I agree with him.
    Andrew Hay >> Blog Archive >> Should the Helpdesk be a Mandatory Start for an IT Career?
    Tags: ( general )
  5. Things people say when faced with a web app vulnerability. I've heard most if not all of these at one time or another.
    But That's Impossible!
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }