twitter

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Like the title below says, a new version of the SANS Consensus Audit Guidelines has been published.
    New Version of SANS 20 Critical Security Controls is Available << Security is Golden
    Tags: ( sans )
  2. Chet offers up some tips on being a safer Twitter user in 2010.
    12 tips of Christmas - A safer Twitter for 2010 | Chester Wisniewski's Blog
    Tags: ( twitter safety )
  3. Surprise, surprise. Another adobe reader o-day vulnerability.
    New Adobe 0-day
    Tags: ( adobe vulnerability 0day )
  4. If you are concerned about your privacy as you surf the internet you should read this article. It provides some guidance on doing so in a more anonymous manner.
    How to surf anonymously without a trace
    Tags: ( privacy internet )
  5. Wow. Andrew is really cranking out the interviews. This time it is another good friend, Michael Santarcangelo.
    Andrew Hay >> Blog Archive >> Information Security D-List Interview: Michael Santarcangelo
    Tags: ( interviews )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. How to Become a Computer Forensics Investigator | Forensics, How To | Enclave Forensics
    Tags: ( forensics career )
  2. How to Cyberstalk Jobs / Cyberstalking Potential Employers
    Tags: ( surveillance privacy screening )
  3. Transparency: I Do Not Think That Means What You Think That Means... | Rational Survivability
    Tags: ( cloud amazon )
  4. Uncommon Sense Security: Hot off the [virtual] presses
    Tags: ( nist )
  5. waiting for patches to release to wsus... (terminal23)
    Tags: ( wsus patching microsoft )
  6. Twitter starts to get serious about spammers | Social Business | ZDNet.com
    Tags: ( twitter spam )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. NSS Labs has published their third quarter Browser Security Test.
    Comparative Browser Security Testing - Phishing & Socially Engineered Malware - nsslabs.com
    Tags: ( browser )
  2. The Call for Speakers for RSA USA 2010 has been extended a week. Deadline is now August 21st.
    Call for Speakers
    Tags: ( rsa cfp )
  3. Brian talks about hype in the information security market.
    Hyper Security - fudsec.com
    Tags: ( fud )
  4. It has been talked about quite a bit over the last year or more. Can a cloud based solution be PCI compliant? Looks like the answer to that question has been given and by one of the larger cloud providers.
    Network Security Blog >> Cannot achieve PCI compliance with Amazon EC2/S3
    Tags: ( pci cloud )
  5. This is interesting. A botnet being controlled via Twitter.
    >> Twitter-based Botnet Command Channel * Security to the Core | Arbor Networks Security
    Tags: ( twitter botnet )
  6. Is your cell phone telling tales on you? Looks like the Palm Pre might be.
    Is Your Palm Pre Watching You? : Liquidmatrix Security Digest
    Tags: ( surveillance )
  7. Dave offers up a tutorial on encrypting your data backups on the cheap.
    IT Security Expert: Secure Encrypted Data Backup on a Budget Tutorial
    Tags: ( backup encryption )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This is pretty nifty. Going to have to play with this one.
    Security Research & Defense : Announcing OffVis 1.0 Beta
    Tags: ( office microsoft )
  2. The inaugural episode of the Cloud Security Podcast is available. Christofer and Craig are looking for feedback. Take a listen and let them know what you think.
    Introducing the Cloud Security Podcast... | Cloud Security
    Tags: ( cloud podcast )
  3. It can't be said often enough. The Riv during Defcon is a dangerous place to be from an information security perspective.
    Malicious ATM Catches Hackers | Threat Level | Wired.com
    Tags: ( defcon )
  4. This is just cool.
    Uncommon Sense Security: Announcing the Warzone Project
    Tags: ( ctf labs )
  5. Twitter is now stopping tweets with malicious urls. Someone mentioned that url shortner services can cause this control to fail, I'm not positive that is the case. Would be interesting to find out though.
    Twitter Now Filtering Malicious URLs - F-Secure Weblog : News from the Lab
    Tags: ( twitter )
  6. A good post with some tips on make your internal router and switch fabric not quite so hack worthy.
    Switch hardening on your network
    Tags: ( network-security )
  7. A new packet challenge is up.
    The Crypto Kitchen - Packet Challenge << I Smell Packets
    Tags: ( challenge )
  8. This is a bit scary. Who needs TEMPEST or other remote methods of reading keyboard actions with this type of thing.
    Hacker demos persistent Mac keyboard attack | Zero Day | ZDNet.com
    Tags: ( malware )
  9. Part of being a successful professional, information security focused or not, is the ability to be an effective presenter. You should look at this.
    Make: Online : Tips on "unpresenting"
    Tags: ( presenting )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Testing Twitter Tools Again

by kriggins on August 2, 2009

in General

This is a another test. I am testing a plugin that tweets for me as opposed to using an external service.

-Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Dre is reading a lot of the same people as I am when it comes to security programs. This post has some good stuff in it along with some great additional reading for us.
    What makes a solid security program? | tssci security
    Tags: ( security-program )
  2. Another day, another case of people handing over credentials to anybody who asks.
    Another Twitter Scam: Twitviewer -- spylogic.net
    Tags: ( twitter )
  3. Looks like there is a nasty BIND vulnerability being actively exploited. Time to update.
    BIND 9 Issue
    Tags: ( bind dns )
  4. Very nice. I like the way he approached this.
    Tactical Web Application Security: Lessons Learned From Casino Surveillance
    Tags: ( general )
  5. Wim is getting into FAIR. Very cool stuff.
    all is FAIR in love and war. << The Security Kitchen
    Tags: ( fair )
  6. An interesting case of what you read on the internet isn't always true 🙂
    Fake Retweets Lead To Spam - SpywareGuide Greynets Blog
    Tags: ( twitter )
  7. Sometimes high availability doesn't make your life easier. Check out Shrdlu's post and think about your situation a little.
    When 'high availability' isn't good enough.
    Tags: ( general )
  8. If you are an information security professional or want to be, I strongly recommend you carve out the time to attend Mike and Lee's talk at Defcon. They know what they are talking about and you should too!
    Effective Information Security Career Planning at DefCon | Information Security Leaders
    Tags: ( career )
  9. No big surprise here for me.
    Study says SSL-certficate warnings are as good as useless - News - The H Security: News and features
    Tags: ( ssl )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Sorry for the missing Bits posts on Friday and yesterday. I took Friday off and just didn't get it done yesterday. Therefore, we have quite a crop today.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is an interesting article on how Mozilla finds bugs that crash their products.
    How Mozilla finds crash bugs at Mozilla Security Blog
    Tags: ( mozilla )
  2. Here is a handy list of on-line malware scanners.
    List of Online Malware Scanners | PenTestIT
    Tags: ( tools malware scanners )
  3. The last of the three Panda challenges is up. I understand some answers have already been submitted, but you never know, they could be wrong.
    Panda Challenge: Hard Level - PandaLabs
    Tags: ( challenge )
  4. Wow. Just wow.
    I Can Has UR .htaccess File
    Tags: ( twitter )
  5. Raf's next interview. This time he talks to Mike "mckt" Bailey.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: "mckt"
    Tags: ( interviews )
  6. RSnake finds some interesting things you can do with/to wget.
    wget DNS-rebinding and Weak Intranet Port Scanning ha.ckers.org web application security lab
    Tags: ( wget )
  7. Here some information for you if you are interested in hacking your Defcon 17 badge.
    DC17 Badge Pre-Release Information - Defcon Forums
    Tags: ( defcon17 )
  8. Answers to the 2nd Panda Challenge.
    2nd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  9. Raf interviewed Mubix for the first of a series of interviews of security folk.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Mubix
    Tags: ( interview )
  10. An interesting article which brings up some good points. I would add password age to this type of consideration also, provided compensating controls are in place like lockouts as presented in the paper.
    Do Strong Web Passwords Accomplish Anything? (PDF)
    Tags: ( passwords )
  11. Inferno put together a couple things and came up with a fairly scaring attack on CRSF tokens.
    Hacking CSRF Tokens using CSS History Hack | SecureThoughts.com
    Tags: ( hacking crsf )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The solution to the latest packet challenge from I Smell Packets.
    Solution to the Name That Exploit Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  2. Rich is tackling costs associated with a data breach. He is approaching it from a hard vs. soft costs perspective. Those familiar with FAIR will recognize these as primary and secondary loss factors.
    Securosis Blog | Creating a Standard for Data Breach Costs
    Tags: ( breach costs )
  3. It wouldn't be Blackhat/DefCon season without at least one cease and desist order. The first one this year stops a talk about hacking ATMs.
    ATM Vendor Halts Researcher's Talk on Vulnerability | Threat Level | Wired.com
    Tags: ( atm blackhat )
  4. Thus declareth @hevnsnt. Change your Twitter password on July 1st. Actually a good idea for several reasons which he shares in this blog post.
    July 1st is #twittersec Day | The Edge of I-Hacked
    Tags: ( twitter )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Microsoft has had a threat modeling guide and some tooling for software development for a bit now. Today a guide was released for infrastructure. This could be very nice. I will be checking it out.
    HolisticInfoSec.org: IT Infrastructure Threat Modeling Guide now available
    Tags: ( threat-modeling )
  2. Andrew sat down and did something that each of us should be doing on a regular basis. He wrote a development plan. He didn't call it that, but that is what he did. Remember folks, your career is your responsibility, not your employers.
    Andrew Hay >> Blog Archive >> Training That I Would Like...
    Tags: ( career )
  3. Keep you eyes on this one. Could be some interesting stuff coming next month in regards to third-party twitter services.
    Coming in July: Month of Twitter Bugs | Zero Day | ZDNet.com
    Tags: ( twitter )
  4. Some interesting data collected on infosec professionals and why they move about. The full report is linked to in the post.
    Why do infosec consultants move jobs? | The Infosec Cynic
    Tags: ( career )
  5. OSSEC is a neat tool. If you want to get the low down, read Wim's post.
    OSSEC in a nutshell << The Security Kitchen
    Tags: ( hids ossec )
  6. You've probably seen plenty of warnings about url shorteners and how they present a security problem. Here is some solid proof that you should be careful with them. I'm not saying don't use them, I use them myself. Just be careful when clicking on the that url.
    Cligs short url service hacked, millions redirected | Graham Cluley's blog
    Tags: ( url-shorteners hacked )
  7. Craig has a great post up that I need to read a couple more times. Worth taking a look at. While you are at it, why not get engaged in the conversation.
    Stop the Madness! Cloud Onboarding Audits - An Open Question... | Cloud Security
    Tags: ( cloud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }