webappsec

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The latest edition of the CWE/SANS Top 25 is available now.
    CWE - 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
    Tags: ( webappsec )
  2. Who doesn't like stickers? Check out this survey.
    Answer Survey, Get Stickers - F-Secure Weblog : News from the Lab
    Tags: ( survey )
  3. This is pretty nifty. Importing Secunia Advisories into a SIEM/OSSEC.
    /dev/random >> Importing Secunia Advisories into a SIEM/OSSEC
    Tags: ( ossec logging )
  4. Rich and crew have released their latest whitepaper. Check it out.
    Securosis Blog | New Release: Understanding and Selecting a Database Assessment Solution
    Tags: ( database assessment )
  5. Congratulations to Kees for being designated as a SANS Thought Leader! Read his interview here.
    SANS: Security Thought Leaders - Kees Leune
    Tags: ( interview )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts. For even more links, check out the blog's twitter feed: @InfoSecRamblins.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Robert has a nice exploration of Intel's new processor named Nehalem.
    Errata Security: Nehalem vs. IDS
    Tags: ( hardware intel cpu )
  2. Andy speaks some truth about the user's responsibility in the security equation.
    Are we being irresponsible? >> Andy ITGuy
    Tags: ( awareness )
  3. The start of what looks to be a neat series. lsof is an awesome tool.
    Black Fist Security: *nix command of the day
    Tags: ( tools unix )
  4. Here is an interesting story about a different cyber-crime target. Still very lucrative.
    Hackers Steal Millions in Carbon Credits | Threat Level | Wired.com
    Tags: ( crime )
  5. This is a really good read.
    Jeremiah Grossman: The Web won't be safe, let alone secure, unless we break it
    Tags: ( wepabbsec )
  6. Securosis is looking for participants for some closed surveys. Check this out if you want to help.
    Securosis Blog | Need Brains. User Brains
    Tags: ( surveys )
  7. Want to setup and virtual network security testing lab? Check this out.
    In Lieu of... << Laz3rNet
    Tags: ( lab how-to )
  8. Windows 2008/7 offers new functionality that may help ease the pain of service accounts. (Hat tip: @grey_area)
    Service Accounts Step-by-Step Guide
    Tags: ( windows )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Some thoughts about the security job market and how to get into it. (Thanks Ron)
    E-Commerce News: Trends: Breaking Into the Security Job Market
    Tags: ( career )
  2. Anton has some comments about log context. Very important stuff.
    Anton Chuvakin Blog - "Security Warrior": On Log Context
    Tags: ( log-monitoring )
  3. This paper (pdf) takes a look at replacing session cookies with digest authentication.
    WeaningTheWebOffOfSessionCookies.pdf (application/pdf Object)
    Tags: ( session webappsec )
  4. Another really good reason for egress controls.
    Sunbelt Blog: Botnet C&C switching to http; away from IRC
    Tags: ( botnet )
  5. That's a lot of malware.
    Report: 48% of 22 million scanned computers infected with malware | Zero Day | ZDNet.com
    Tags: ( malware )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Jack Daniel
    Tags: ( interview d-list )
  2. Challenge 1 of the Forensic Challenge 2010 - pcap attack trace | The Honeynet Project
    Tags: ( challenge forensics )
  3. German Government: Don't use Internet Explorer | Graham Cluley's blog
    Tags: ( wepabbsec ie )
  4. Andrew Hay >> Blog Archive >> Get the Free Andrew Hay iTunes App
    Tags: ( general )
  5. /dev/random >> Adding Data Leakage Protection into Apache
    Tags: ( dlp apache )
  6. Metasploit: Reproducing the "Aurora" IE Exploit
    Tags: ( metasploit google aurora malware exploit )
  7. A checklist approach to security code reviews, part 4 << Security Ninja
    Tags: ( assessment wepappsec code-review )
  8. Would You Have Spotted the Fraud? -- Krebs on Security
    Tags: ( atm skimming )
  9. Andrew Hay >> Blog Archive >> Information Security D-List Interview: Benjamin Tomhave
    Tags: ( interview d-list )
  10. Roger's Security Blog : Leveraging Data Execution Prevention (DEP)
    Tags: ( system-hardening )
  11. Following Google's Lead on Security? Don't Forget to Encrypt Cookies
    Tags: ( webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Leave it to David to be able to use canning and mason jars as an analogy for security and secure coding. Very nice post. Go read it.
    Reusable Code: The Mason Jars of Security | threatpost
    Tags: ( programming general )
  2. Yes, we are the unsung heroes. BTW - you have to read this if for no other reason that the Y2K reference towards the end.
    Securosis Blog | Why Successful Risk Management is Still a Failure
    Tags: ( general risk-management )
  3. I love a good walk-through and Paul provides us one that shows a step-by-step how-to on reversing some Javascript shellcode. Good stuff!
    Paul Melson's Blog: Reversing JavaScript Shellcode: A Step By Step How-To
    Tags: ( reverse-engineering javascript shellcode )
  4. The Offensive Security Exploit archive is alive and kicking. It picks up where Milw0rm left off. Go check it out.
    Offensive Security Exploit Archive Goes live | Security Active Blog
    Tags: ( exploits milw0rm )
  5. This looks to be an interesting series. Adam will be exploring ways to help information security professionals build useful and productive relationships within their enterprises.
    Adam Cardinal: Building Relationships - Internal Audit Team - IANS Perspective
    Tags: ( general )
  6. Woot! Metasploit 3.3 is out. I am hearing good things about this. Go check it out.
    Metasploit: Metasploit Framework 3.3 Released!
    Tags: ( metasploit webappsec pentesting )
  7. Here is a quick how-to describing a method to decompile flash files.
    Carnal0wnage Blog: Decompiling Flash Files with SWFScan
    Tags: ( flash decompile webappsec )
  8. An interesting article that explores some real-life cross subdomain exploits.
    Real-Life Examples of Cross-Subdomain Issues | Social Hacking
    Tags: ( cross-subdomain webappsec )
  9. This is going to be a very cool project. Get involved.
    Securosis Blog | An Open Metrics Model for Database Security: Project Quant for Databases
    Tags: ( metrics databases )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. A few days ago I pointed out an article that discussed some issues with the default settings for UAC in Windows 7. This article shows that the criticism in the other article is well earned.
    Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog
    Tags: ( virus windows-7 )
  2. Interested in cross-subdomain cookie attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently.
    Skeptikal.org: Cross-subdomain Cookie Attacks
    Tags: ( webappsec exploits )
  3. Thinking about virtualizing your databases? Make sure you are doing so for any of the mythical reasons that Adriane addresses in this article.
    Securosis Blog | Myths Surrounding Databases in Virtual Environments
    Tags: ( virtualization database )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. I missed Blackhat and Defcon this year and I was bummed about it. The SecurityBSides event that I also missed just made it worse. 🙁
    SecurityBSides: The Best-Kept Vegas Secret - Hacked Off - Dark Reading
    Tags: ( securitybsides )
  2. The Infosec Cynic gets stuck in the lift with Rebecca Herold.
    Rebecca Herold - Stuck in the lift with the cynic | The Infosec Cynic
    Tags: ( interview )
  3. Here is a Google talk from Nate Lawson on common cryptology flaws.
    Google Tech Talk on common crypto flaws << root labs rdist
    Tags: ( cryptography )
  4. A new tool is available from GNUCITIZEN. Unfortunately, it is only available for Mac right now. Windows and Linux releases to come in the future.
    Free Web Application Security Testing Tool | GNUCITIZEN
    Tags: ( webappsec tools )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Raf interviews Andre Gironda.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
    Tags: ( interview )
  2. Here is the solution and winners of the third PandaLabs challenge.
    3rd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  3. Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
    Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
    Tags: ( webappsec )
  4. Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
    Project Quant Version 1.0 Report and Survey Results
    Tags: ( patching )
  5. Part 3 of Ax0n's recipe for evilness.
    HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
    Tags: ( wireless hacking )
  6. Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
    Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
    Tags: ( registry malware )
  7. Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
    Looking beyond the surface ... << The Security Kitchen
    Tags: ( data-leakage )
  8. Martin points out some basic truths you should be aware of.
    Incident Response Leadership: Basic Truths : The Security Catalyst
    Tags: ( incident-response )
  9. You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
    Uncommon Sense Security: A good primer on Social Networking and Security Risks
    Tags: ( social-networks )
  10. Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
    Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. This really is not good from an enterprise security perspective.
    Opera Unite: A Great idea or horrible security risk? - Security
    Tags: ( browser opera )
  2. As Martin says, Level 2 merchants are now faced with a little bit higher bar to get over.
    Network Security Blog >> Level 2 merchants are going to have to get serious about PCI
    Tags: ( pci )
  3. Andrew has started a series on SIEM. Check it out for some good advice.
    Andrew Hay >> Blog Archive >> A SIEM Solution is Like a Garden
    Tags: ( siem )
  4. Rafal talks about a nifty looking tool that I'll be checking out.
    Digital Soapbox - Preaching Security to the Digital Masses: Watcher - Web Vulnerabilities Served Up Passively
    Tags: ( tools webappsec )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Looks like it is going to be a busy week this week. Microsoft is issuing a pretty good sized batch of patches.
    Microsoft Patch Tuesday for April 2009: eight bulletins - Ars Technica
    Tags: ( microsoft patches vulnerability )
  2. This looks interesting. A virtual browser.
    Techworld.com - Startup puts web browsers 'in the cloud'
    Tags: ( browser )
  3. A nifty tip on how to get at the data your fat client is passing back and forth to the app server.
    PortSwigger.net - web application security: Intercepting thick client communications
    Tags: ( webappsec appsec )
  4. Kees brings us some interesting information that could be very helpful in developing and maintaining our awareness efforts.
    Why we sometimes think cheating is OK - Kees Leune Information Security Blog
    Tags: ( general )
  5. Damon has a nice description of one of the worms that hit Twitter this weekend.
    DCortesi . blog >> Twitter StalkDaily Worm Postmortem
    Tags: ( twitter worm )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }