ssl

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a quick list of things to try when pen testing a Citrix installation
    Narkolayev Shlomi: Hacking Citrix and Terminal Server Techniques
    Tags: ( citrix pentesting )
  2. Good article on the data cleanup portion of identity management.
    Data Cleanup Part 1: Primary UserIDs : The Security Catalyst
    Tags: ( identity-management )
  3. Neat website on SSL.
    SSL Labs
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Hoff points to an interesting project that addresses the distributed authentication issue in web based systems.
    MashSSL - An Excellent Idea You've Probably Never Heard Of... | Rational Survivability
    Tags: ( authentication ssl web )
  2. Get your Security Threat Report 2010 while it's hot!
    Sophos Security Threat Report 2010 | Graham Cluley's blog
    Tags: ( threats reports )
  3. Jennifer is involved in a few talks at Security BSides San Fran. Vote for her!
    Security Uncorked >> The Skinny on Security BSides San Francisco
    Tags: ( conferences bsides )
  4. The finalists for the Social Security Blogger Awards 2010 have been selected.
    The Ashimmy Blog: Envelope please, and the winners are . . .
    Tags: ( awards )
  5. Very cool. Encrypt your logs before sending them across the wire.
    Immutable Security >> Using OSSEC for Encrypted Log Transport
    Tags: ( logging encryption ossec )
  6. Similar to the Amazon EC2 experiment last year, this time it is done with Microsoft's Azure.
    Breaking Password Based Encryption with Azure - Gotham Digital Science
    Tags: ( passwords cracking cloud )
  7. Looks like status quo for the PCI DSS this year.
    Security.exe - Powered by The CISO Group >> Blog Archive >> No major changes to PCI DSS in 2010, but watch for chip and pin in the future
    Tags: ( pci )
  8. Graham points out something those who use twitter should be aware of. Lists as spamming tools.
    Twitter list spam
    Tags: ( lists )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Syn: What Bob Did. What Alice Saw - Part 1
    Tags: ( s story bob )
  2. Branden Williams's Security Convergence Blog >> The Power of Service
    Tags: ( general )
  3. IETF Completes Vulnerability Fix For SSL Renegotiation Bug | Darknet - The Darkside
    Tags: ( ssl )
  4. >> 5th Edition of the Worldwide Infrastructure Security Report * Security to the Core | Arbor Networks Security
    Tags: ( reports data )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

To those in the U.S., welcome back to work unless, of course, you are reading this when it was posted 🙂

Here are some Interesting Information Security Bits from around the web.

  1. Sounds like Paul and I have the same pet peeve. If you are accepting credentials on a page, serve the whole page over SSL, not just the form submission part.
    Not just plain old http | Paul Ducklin's blog
    Tags: ( https integrity )
  2. Are you wondering what is a public network and what is not from a PCI perspective? If so, check out Branden's post.
    Branden Williams's Security Convergence Blog >> The Gobble-Gobble of Public Networks
    Tags: ( pci public )
  3. The call for papers for HITB 2010 Dubai is now open.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Hack In The Box (HITB) Security Conference 2010 Dubai
    Tags: ( conferences cfp hack-in-the-box )
  4. Some interesting data about usernames and passwords used during brute force attacks. It was collected by Microsoft.
    Microsoft Malware Protection Center : Do and don'ts for p@$$w0rd$
    Tags: ( passwords )
  5. The Notocon videos are available now.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Notacon 2009 video files are now online
    Tags: ( conferences notocon videos )
  6. Ever beat your head against the wall because you can't figure out why that stupid program keeps running every time you restart your computer? This fine list will help track down that pesky critter.
    Immutable Security >> Windows Startup Locations
    Tags: ( windows startup )
  7. This is very very cool. How about being able to ssh to your host on port 80, even when it has a fully functional Apache server running on the same port? Like I said, that is seriously cool.
    Creating Ghost Services with Single Packet Authorization
    Tags: ( access-control tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Xavier decided to fuzz his car. Good thing he didn't do it when he was driving down the road.
    /dev/random >> Fuzzing a Car Multimedia System?
    Tags: ( fuzzing )
  2. Want to some help on learning how to write windows stack-based exploits? Here you go. A whole mess of tutorials.
    The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - Links/tutorials on writing windows (stack based) exploits
    Tags: ( exploit-writing )
  3. An interesting exploration of the three-way TCP handshake process. Particularly, since it can be a four-way handshake. Very cool. It will be interesting to see what comes out of the research about to happen.
    TCP Portals: The Handshake's a Lie! -- BreakingPoint
    Tags: ( networking tcp-handshake )
  4. There is a new vulnerability in Flash and Mike does a great job of explaining it.
    Skeptikal.org: Flash Origin Attack FAQ
    Tags: ( adobe flash vulnerability )
  5. Thierry ZOLLER has put together a very nice document that describes and demonstrates the recent SSL/TLS vunerability. (Direct link to pdf)
    TLS and SSLv3 vulnerabilitys explained (PDF)
    Tags: ( ssl )
  6. Jack makes some good points about customer data, where it came from and where it is going.
    Uncommon Sense Security: Whose customers are they?
    Tags: ( data-leakage )
  7. Here is another resource to do some free monitoring of your websites.
    HolisticInfoSec.org: Sucuri NBIM: website integrity monitoring for free
    Tags: ( monitoring )
  8. (IN)Secure Magazine issue 23 is out. (Link goes directly to pdf)
    INSECURE-Mag-23.pdf (application/pdf Object)
    Tags: ( magazine insecure )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. There is some truth in this post. A corollary is the mommy/daddy principle. I'll ask mommy and if I don't get the answer I want I'll ask daddy.
    Network Security Blog >> I'll do anything! Absolutely anything!
    Tags: ( general )
  2. The CFP for Metricon is open.
    Mini Metricon 4.5 Call For Participation << The New School of Information Security
    Tags: ( conferences cfp metricon )
  3. This is a must see.
    YouTube - Marcus J. Ranum on Cloud Computing Security
    Tags: ( cloud humor )
  4. Here is the mother lode of cheat sheets. Focused on developers, but there are a few that are security related.
    Cheat Sheet and Quick Reference Card Directory | devcheatsheet.com - Cheat Sheets for Developers.
    Tags: ( cheatsheet )
  5. This is the author's page regarding the SSL/TLS vulnerability just announced. It was a bit more reader friendly and promises to be so again, but the information is still there.
    extendedsubset.com
    Tags: ( tls ssl vulnerability )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Wow, this has been a crazy busy week.

My apologies for not taking the time to get the daily bits posts out the door. However, don't despair. I have a bumper crop for you today because I have been keeping my eye on things.

Unfortunately you will have to do without my pithy (or so I'd like to believe) comments today. 🙂

Also, RSA Europe 2009, where I'll be speaking, is right around the corner along with some vacation time, so you will see fewer bits posts over the next couple weeks and they will probably be like this one.   I will be back in full gear after the conference. I will blog when I can on what I see at RSA though.

Anywho, here are today's (this weeks) Interesting Information Security Bits from around the web.

  1. Immutable Security >> Low and Slow SSH Brute Force Attacks
    Tags: ( ssh )
  2. Real World Stories: How Pen Tests Complement Vulnerability Scans << Core Security Technologies
    Tags: ( wepappsec pentest )
  3. Visa Announces New Data Encryption Practices
    Tags: ( pci )
  4. 'What's wrong with Smelly Widgets?' - Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  5. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - FRHACK01 copy of presentations
    Tags: ( conference presentations )
  6. Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft | Hackers Center Blogs
    Tags: ( passwords )
  7. AVG Stepping Up Consumer Anti-Virus Offerings | Darknet - The Darkside
    Tags: ( anti-virus avg )
  8. Man banished from PayPal for showing how to hack PayPal * The Register
    Tags: ( paypal )
  9. Book Review: The Rootkit Arsenal << McGrew Security Blog
    Tags: ( books reviews )
  10. Jeremiah Grossman: All about Website Password Policies
    Tags: ( infosce passwords )
  11. Digital Soapbox - Preaching Security to the Digital Masses: Things I Learned at SecTor 2009
    Tags: ( conference toorcon recap )
  12. TaoSecurity: Technical Visibility Levels
    Tags: ( avialability monitoring )
  13. SSL Still Mostly Misunderstood - DarkReading
    Tags: ( ssl )
  14. Anton Chuvakin Blog - "Security Warrior": Compliance != Security, Does Security = Compliance?
    Tags: ( compliance security )
  15. A Page from Singapore's Cybersecurity Playbook | Optimal Security: The Lumension Blog
    Tags: ( general )
  16. You Can't Always Be Proactive - Hacked Off - Dark Reading
    Tags: ( general )
  17. Security Uncorked >> Good, Bad and Ugly: On SecTor's Wall of Shame
    Tags: ( passwords wireless )
  18. CSS History Hack Used To Ban Torrent Users ha.ckers.org web application security lab
    Tags: ( css )
  19. Yahoo Best Jobs in America ranks infosec professional #8
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dre is reading a lot of the same people as I am when it comes to security programs. This post has some good stuff in it along with some great additional reading for us.
    What makes a solid security program? | tssci security
    Tags: ( security-program )
  2. Another day, another case of people handing over credentials to anybody who asks.
    Another Twitter Scam: Twitviewer -- spylogic.net
    Tags: ( twitter )
  3. Looks like there is a nasty BIND vulnerability being actively exploited. Time to update.
    BIND 9 Issue
    Tags: ( bind dns )
  4. Very nice. I like the way he approached this.
    Tactical Web Application Security: Lessons Learned From Casino Surveillance
    Tags: ( general )
  5. Wim is getting into FAIR. Very cool stuff.
    all is FAIR in love and war. << The Security Kitchen
    Tags: ( fair )
  6. An interesting case of what you read on the internet isn't always true 🙂
    Fake Retweets Lead To Spam - SpywareGuide Greynets Blog
    Tags: ( twitter )
  7. Sometimes high availability doesn't make your life easier. Check out Shrdlu's post and think about your situation a little.
    When 'high availability' isn't good enough.
    Tags: ( general )
  8. If you are an information security professional or want to be, I strongly recommend you carve out the time to attend Mike and Lee's talk at Defcon. They know what they are talking about and you should too!
    Effective Information Security Career Planning at DefCon | Information Security Leaders
    Tags: ( career )
  9. No big surprise here for me.
    Study says SSL-certficate warnings are as good as useless - News - The H Security: News and features
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Beware of visiting sites that contain sensitive information on public networks. SSLStrip makes it even easier for the bad guys to get you.
    Hacker pokes new hole in secure sockets layer * The Register
    Tags: ( ssl mitm )
  2. Yup, another vulnerability in Adobe Reader. This one has active exploits and won't be patched until mid-March. Be careful out there.
    New in-the-wild attack targets fully-patched Adobe Reader * The Register
    Tags: ( exploit vulnerability adobe reader )
  3. Kees talks to us about some issues we need to be aware of when thinking about access to sensitive information.
    Handling sensitive information - Kees Leune Information Security Blog
    Tags: ( access control )
  4. Don tells us to ask why. Good stuff in here.
    Security Ripcord >> Blog Archive >> Incident Response Lessons Learned
    Tags: ( incident response )
  5. Some good questions to consider when you are selecting you next vendor for a pen test.
    How to choose a Pen Tester << Steven Branigan's Blog
    Tags: ( pentesting )
  6. It's coming up. If you are in the heartland, this is a good option, particularly if cost is an issue.
    Carnal0wnage Blog: ChicagoCon 2009s is coming up!
    Tags: ( conference chicagocon )
  7. An interesting paper about Banking Trojans.
    Bank details uncovered - PandaLabs
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's interesting bits in information security.

  1. This is an interesting story of the DarkMarket sting.
    Three years undercover with the identity thieves
    Tags: ( general )
  2. Just because the website you are visiting is a popular, well-known site doesn't mean that it is complete safe. Conversely, just because a site is declared to host malware, doesn't mean they whole site is malicious.
    70 Of Top 100 Web Sites Spread Malware -- Malware -- InformationWeek
    Tags: ( malware )
  3. Want to get some personally identifiable information on somebody. Find out where they get the dry cleaning done and get a job. Wow.
    9,000 USBs left in Laundrettes : Security Watch - Internet Security News: IT security, Business security, Computer security, Network security, and more
    Tags: ( data gathering breach usb )
  4. Time to patch Quicktime.
    QuickTime 7.6 Fixes First 7 Bugs of 2009 - Security Watch
    Tags: ( vulnerability patches quicktime )
  5. I pointed this out recently. Looks like Seagate users are going to need to patch again.
    Seagate Offers Second Fix For Hard-Drive Firmware -- Storage Security -- InformationWeek
    Tags: ( availability )
  6. This is very cool. I use OpenDNS at home and have never been happier.
    New Security Services Land In Home Routers - DarkReading
    Tags: ( home-networking )
  7. Gonna be a meetup for podcasters at ShmooCon. Looks like a lot of fun.
    Podcasters Meetup at ShmooCon - Room362.com
    Tags: ( conferences meetup shmoocon )
  8. A very nice article about why we need to keep identity and authentication as separate and distinct.
    Hat tip: http://www.schneier.com/blog/archives/2009/01/identity_authen.html
    It's Me, and Here's My Proof: Why Identity and Authentication Must Remain Distinct
    Tags: ( identity authentication access-control )
  9. A new blog talking about SSL and some of the pitfalls one can come across in various implementations.
    Introducing SSLFail.com | tssci security
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }