wepappsec

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. The Security Baselines for Windows 7 and IE 8 are now available.
    Now Available: Security Baselines for Windows 7 and Internet Explorer 8 - Springboard Series Blog - The Windows Blog
    Tags: ( windows-7 ie8 )
  2. The call for submissions for Peer2Peer sessions at RSA 2010 has opened. Have a topic you want to explore with others in your industry/field/profession? Go ahead and suggest it.
    Peer2Peer Sessions
    Tags: ( rsa-2010 cfp )
  3. Xavier's first day recap of Hack.lu is up.
    /dev/random >> hack.lu Day #1
    Tags: ( conferences hacklu )
  4. Jeremiah offers some interesting thoughts on black box vs white box software testing.
    Jeremiah Grossman: Black Box vs White Box. You are doing it wrong.
    Tags: ( webappsec )
  5. Another good article on methods and tools to monitor/gather intelligence about your company that might be mentioned on-line. This one focuses on blogs, message boards, and metadata.
    Enterprise Open Source Intelligence Gathering - Part 2 Blogs, Message Boards and Metadata -- spylogic.net
    Tags: ( monitoring )
  6. This is scary.
    hype-free: Why network neutrality is a big deal
    Tags: ( general )
  7. Anton's notes from the day he spent at NIST's SCAP conference.
    Anton Chuvakin Blog - "Security Warrior": Notes from NIST SCAP 5th Security Automation Conference
    Tags: ( conference nist-scap )
  8. Alex has posted a nice exploration of impact vs asset valuation. This is a very FAIResque treatment of the issue if you ask me, which is a good thing in my opinion.
    Verizon Business Security Blog >> Blog Archive >> The curious case of asset Valuation.
    Tags: ( risk-analysis asses-valuation )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Nessus 4.0.1 has been released. I will be updating the Backtrack how-to sometime this week to reflect this.
    Tenable Network Security: Nessus 4.0.1 Released
    Tags: ( nessus )
  2. Service Pack 2 for Vista Server 2008 is ready for you to start testing. You do test before deploying, right?
    SP2 For Vista, Windows Server 2008 Available For Download - Security Watch
    Tags: ( vista patches )
  3. Just the thing for that UNIX geek that is so difficult to buy for. Of course, he's going to have to have a pretty good sized cube to hang it in. (via The Register)
    Eric Levenezs' Gorgeous Unix Diagram
    Tags: ( general )
  4. Here is what looks to be a very nice paper on the Kraken bot. I have ready the beginning and look forward to finishing it.
    SecSci Social Scene: Dissecting the Kraken
    Tags: ( botnet kraken analysis )
  5. Paul has posted some slides on using Nessus during a web application assessment.
    Tenable Network Security: Presentation "Using Nessus In Web Application Assessments"
    Tags: ( webappsec nessus )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Another day of great content. Enjoy.

Here are today's Interesting Information Security Bits from around the web.

  1. VeriSign has stepped up and offered replacement SSL certs free of change to all customers with MD5-based certs. They have also implemented SHA-1 for all certs now. Should have happened much earlier, but at least they were quick in there response.
    VeriSign addresses MD5 flaw
    Tags: ( vulnerability ssl general cert )
  2. Good guidance for us all and some suggestions on how to go about doing it.
    Know your network to keep it secure :: SearchNetworking.com.au
    Tags: ( network )
  3. Forrester is indicating that security spending may be taking a bigger chunk of IT spending in 2009.
    Despite Economy, Security Spending To Increase In 2009 - security industry/Management - DarkReading
    Tags: ( general spending 2009 )
  4. Oops. Trusted Execution Technology might not deserve to be trusted as much as we were lead to believe.
    Researchers hack into Intel's vPro - Network World
    Tags: ( txt )
  5. This is nifty. A nice visualization of botnet IRC channel joins.
    Flashy botnet is Flashy - F-Secure Weblog : News from the Lab
    Tags: ( botnet visualization )
  6. Erik has part 1 of a series that will address securing our Linux hosts.
    Art of Information Security >> Secure Your Linux Host - Part 1: Foundations...
    Tags: ( linux securing )
  7. Donald points us to a paper written by Brett Shavers about virtual machines and forensics analysis. I just added it to my stack of stuff to read.
    Forensic reading - Malta Info Security
    Tags: ( forensics virtualization vmware )
  8. A very good read. Well written and has a good point.
    Could the Titanic have changed course? | The Guerilla CISO
    Tags: ( general compliance checklists )
  9. I have pointed to all the previous parts of the this series of posts. The first paragraph has links to them also. I really like how they have brought all the previous posts together by showing some use cases. Well done.
    Building a Web Application Security Program, Part 8: Putting It All Together | securosis.com
    Tags: ( webappsec program )
  10. Adam points us to Maine's Data Breach Study. He points out some interesting tidbits. Enough that I have grabbed the study for reading later.
    Emergent Chaos: Maine Breach Study
    Tags: ( data breach study maine )
  11. Damon has a very nice guest post up on Jennifer Leggio's Feeds blog. It reaches beyond the issues that Twitter was dealing with this weekend.
    The inevitable rise (and fall?) of 'twishing' | Feeds | ZDNet.com
    Tags: ( twitter phishing social-networks )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }