vmware

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some good stuff for you to read by Rsnake.
    RFC1918 Blues ha.ckers.org web application security lab
    Tags: ( networking security )
  2. Want some Sophos swag? All you have to do is successfully complete this crossword puzzle, then be picked out of a hat.
    Computer security cryptic crossword | Graham Cluley's blog
    Tags: ( challenge puzzle )
  3. Over the last couple of days there has been a lot of news and blog traffic about an alleged 0wning of T-Mobile. I was reluctant to mention anything about it until it was more certain that it was true. Looks like it is.
    T-Mobile data on Full Disclosure is real | threatpost
    Tags: ( t-mobile breach )
  4. My dad was a doctor. This post reminds me of things he used to say. Read along as Rich re-interprets emergency medicine tenets as information security ones 🙂
    Securosis Blog | The Laws of Emergency Medicine--Security Style
    Tags: ( general )
  5. A nice post about using VMWare and NFS together. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual NFS customers using VMware
    Tags: ( nfs vmware )
  6. This is a very good article about using VMWare and iSCSI together. It was published in January of this year. (Hat tip to Aneel's tumblr blog http://irg.tubmblr.com)
    Virtual Geek: A Multivendor Post to help our mutual iSCSI customers using VMware
    Tags: ( vmware iscsi )
  7. I have skimmed the first part of the paper referenced here. It looks very interesting.
    New paper by Amit Klein (Trusteer) - Temporary user tracking in major browsers and Cross-domain information leakage and attacks
    Tags: ( paper privacy )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Ouch. Kinda glad I use wired keyboards and mice at this point 🙂
    Greg Martin's blog - InfoSecurity 2.0: Wireless Keyboard Sniffing
    Tags: ( wireless keyboard sniffing )
  2. EFF has a new tool that tracks the changes to the Terms of Service of some of the larger organization on the web like Facebook, Goggle, etc. Pretty cool.
    EFF Posts 'Terms of Service' Tracker | Threat Level | Wired.com
    Tags: ( eff )
  3. A nice article with some interesting ideas about putting things in your app that when accessed indicate you are under attack. I can think of a name for that, but it has a very unfortunate acronym, so will refrain from writing it here.
    AppSec Street Fighter - SANS Institute >> My Top 6 Honeytokens
    Tags: ( webappsec )
  4. Lori has a really good analogy for us. Take a few minutes to check it out.
    The Gluten-free Application Network
    Tags: ( webappsec )
  5. Your host isn't safe if you are using VMWare Workstation and haven't patched things like you ought to.
    Hacking Tool Lets A VM Break Out And Attack Its Host - DarkReading
    Tags: ( vmware exploit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The 5 year clock is about to start on Windows XP and Office 2003. They both are going into extended support status.
    Windows XP and Office 2003 Enter a New Phase of Support
    Tags: ( patches winxp office-2003 )
  2. If you want to continue to get updated DCERPC related detection capabilities with snort you are going to have to upgrade soon. Details inside.
    VRT: Snort 2.8.4 is nigh
    Tags: ( ids snort )
  3. Alex has put up his first blog post for Verizon Business. In it, he argues that PCI is not broken. I agree. I have never viewed PCI and a panacea for "securing" card data. Saying that PCI makes card data safe, is like saying that a seat belt makes a car safe. It helps, but doesn't guarantee anything.
    He also points us to another resource that looks interesting, the "Information Security Management Maturity Model "
    Verizon Business Security Blog >> Blog Archive >> There's nothing wrong with the PCI DSS
    Tags: ( pci )
  4. First: This post has a really nice graphical representation of the operational Internet DNS framework (attack surfaces). Second: The final report was released from the The Global DNS Security, Stability and Resiliency Symposium. It is now on my reading pile.
    >> DNS Attack Surface * Security to the Core | Arbor Networks Security
    Tags: ( dns )
  5. You have a couple patches to install if you manage a VMWare ESX installation.
    VMWare Announces New, Critical Security Updates
    Tags: ( vulnerability vmware patches )
  6. A nice list of targets you can use to test your hacking skills. There are more in the comments.
    Hacking Without All the Jailtime ha.ckers.org web application security lab
    Tags: ( hacking targets )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Another day of great content. Enjoy.

Here are today's Interesting Information Security Bits from around the web.

  1. VeriSign has stepped up and offered replacement SSL certs free of change to all customers with MD5-based certs. They have also implemented SHA-1 for all certs now. Should have happened much earlier, but at least they were quick in there response.
    VeriSign addresses MD5 flaw
    Tags: ( vulnerability ssl general cert )
  2. Good guidance for us all and some suggestions on how to go about doing it.
    Know your network to keep it secure :: SearchNetworking.com.au
    Tags: ( network )
  3. Forrester is indicating that security spending may be taking a bigger chunk of IT spending in 2009.
    Despite Economy, Security Spending To Increase In 2009 - security industry/Management - DarkReading
    Tags: ( general spending 2009 )
  4. Oops. Trusted Execution Technology might not deserve to be trusted as much as we were lead to believe.
    Researchers hack into Intel's vPro - Network World
    Tags: ( txt )
  5. This is nifty. A nice visualization of botnet IRC channel joins.
    Flashy botnet is Flashy - F-Secure Weblog : News from the Lab
    Tags: ( botnet visualization )
  6. Erik has part 1 of a series that will address securing our Linux hosts.
    Art of Information Security >> Secure Your Linux Host - Part 1: Foundations...
    Tags: ( linux securing )
  7. Donald points us to a paper written by Brett Shavers about virtual machines and forensics analysis. I just added it to my stack of stuff to read.
    Forensic reading - Malta Info Security
    Tags: ( forensics virtualization vmware )
  8. A very good read. Well written and has a good point.
    Could the Titanic have changed course? | The Guerilla CISO
    Tags: ( general compliance checklists )
  9. I have pointed to all the previous parts of the this series of posts. The first paragraph has links to them also. I really like how they have brought all the previous posts together by showing some use cases. Well done.
    Building a Web Application Security Program, Part 8: Putting It All Together | securosis.com
    Tags: ( webappsec program )
  10. Adam points us to Maine's Data Breach Study. He points out some interesting tidbits. Enough that I have grabbed the study for reading later.
    Emergent Chaos: Maine Breach Study
    Tags: ( data breach study maine )
  11. Damon has a very nice guest post up on Jennifer Leggio's Feeds blog. It reaches beyond the issues that Twitter was dealing with this weekend.
    The inevitable rise (and fall?) of 'twishing' | Feeds | ZDNet.com
    Tags: ( twitter phishing social-networks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hello all. I apologize for the lack of posts over the last couple of weeks. Life and death have taken up all my time. Things should be back to normal now. So without further ado, here's are some things to take a look at today.

From the Blogosphere

Wesley over at McGrewSecurity has collected a bunch of links and embedded a bunch of videos of Dan Kaminsky talks. Very cool.

Craig at SecurityWannabe gives us a link to a video of Lee Kushner and Mike Murry's talk about a career in Information Security. I attended their session at Defcon 15 and the informal Q&A after. Really good stuff. Go watch the video or even better attend their session at this year's Defcon.

Rich Mogull writes on Securosis that he will be giving a webcast entitled Using Data Leakage Prevention and Database Activity Monitoring for Data Protection on July 29th. Register here. I'll be watching. You should too.

Via security4all, VMWare has released an updated paper on hardening ESX 3.5 and VirtualCenter 2.5. It can be found here.

From the Newsosphere

Via Dark Reading, Half of Financial Firms Don't Investigate. That's not good.

Via Tech Republic, When your network admin hijacks your system. Talks about the San Fransisco situation you have already heard about.

Via Search Security, Blackberry server faced with critical zero-day. There is a flaw in the PDF handling function of the BlackBerrty Attachement Service. Bad stuff.

Via Dark Reading, MessageLabs Reveals Most Spammed States. Illinois apparently has the largest bulls eye painted on its forehead.

Via Information Week, Gmail Privacy Hole Shows User Names. Be careful with Google calendar.

That's it for today's bits. Have a great day.

Kevin

{ 0 comments }