wireless

Wow, this has been a crazy busy week.

My apologies for not taking the time to get the daily bits posts out the door. However, don't despair. I have a bumper crop for you today because I have been keeping my eye on things.

Unfortunately you will have to do without my pithy (or so I'd like to believe) comments today. 🙂

Also, RSA Europe 2009, where I'll be speaking, is right around the corner along with some vacation time, so you will see fewer bits posts over the next couple weeks and they will probably be like this one.   I will be back in full gear after the conference. I will blog when I can on what I see at RSA though.

Anywho, here are today's (this weeks) Interesting Information Security Bits from around the web.

  1. Immutable Security >> Low and Slow SSH Brute Force Attacks
    Tags: ( ssh )
  2. Real World Stories: How Pen Tests Complement Vulnerability Scans << Core Security Technologies
    Tags: ( wepappsec pentest )
  3. Visa Announces New Data Encryption Practices
    Tags: ( pci )
  4. 'What's wrong with Smelly Widgets?' - Packet Challenge << I Smell Packets
    Tags: ( challenge packet )
  5. The Professional Security Testers Warehouse for the CEH GPEN QISP Q/ISP OPST CPTS - FRHACK01 copy of presentations
    Tags: ( conference presentations )
  6. Avert Labs Paper: Inside the Password Stealing Business:the Who and How of Identity Theft | Hackers Center Blogs
    Tags: ( passwords )
  7. AVG Stepping Up Consumer Anti-Virus Offerings | Darknet - The Darkside
    Tags: ( anti-virus avg )
  8. Man banished from PayPal for showing how to hack PayPal * The Register
    Tags: ( paypal )
  9. Book Review: The Rootkit Arsenal << McGrew Security Blog
    Tags: ( books reviews )
  10. Jeremiah Grossman: All about Website Password Policies
    Tags: ( infosce passwords )
  11. Digital Soapbox - Preaching Security to the Digital Masses: Things I Learned at SecTor 2009
    Tags: ( conference toorcon recap )
  12. TaoSecurity: Technical Visibility Levels
    Tags: ( avialability monitoring )
  13. SSL Still Mostly Misunderstood - DarkReading
    Tags: ( ssl )
  14. Anton Chuvakin Blog - "Security Warrior": Compliance != Security, Does Security = Compliance?
    Tags: ( compliance security )
  15. A Page from Singapore's Cybersecurity Playbook | Optimal Security: The Lumension Blog
    Tags: ( general )
  16. You Can't Always Be Proactive - Hacked Off - Dark Reading
    Tags: ( general )
  17. Security Uncorked >> Good, Bad and Ugly: On SecTor's Wall of Shame
    Tags: ( passwords wireless )
  18. CSS History Hack Used To Ban Torrent Users ha.ckers.org web application security lab
    Tags: ( css )
  19. Yahoo Best Jobs in America ranks infosec professional #8
    Tags: ( career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a great example of a deeply flawed access control system.
    jon.oberheide.org - blog - panera gift card security
    Tags: ( access-control )
  2. Andy has some nice things to say about the HISPI certification. Worth checking out.
    HISP Training >> Andy ITGuy
    Tags: ( hispi certification )
  3. Rebecca points to some websites we should bookmark regarding HIPAA.
    8,918 HIPAA Violation Investigations Have Required Corrective Actions - Realtime IT Compliance
    Tags: ( hipaa )
  4. Looks like WPA with TKIP is about as functional for protecting your wireless network as WEP is. Time to move to WPA/AES or, even better, WPA2.
    Attack on WPA refined - News - The H Security: News and features
    Tags: ( wpa wireless )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Even something as simple as a route you use for your daily run can be a data leakage issue.
    Running into information << Techdulla
    Tags: ( data-leakage social-networking )
  2. If you have a wireless infrastructure based on Cisco APs, you will want to read this one.
    SkyJacking vulnerability discovered on Cisco APs - Security
    Tags: ( wireless cisco )
  3. Last year, for one of my Toastmasters speeches, I gave a quick 7 minute speech about data loss. For that talk, I used the on-line data loss db to grab a few numbers for a period of a week. During that time there were 8 or 9 incidents and several hundred thousand records lost. The majority of those incidents were caused not by malicious behavior, but by mistakes. That's what this article talks about too.
    IDC Report: Most Insider Leaks Happen By Accident - data leak prevention/Security - DarkReading
    Tags: ( data-leakage )
  4. Amazon has announced Virtual Private Clouds and the Hoff has some thoughts to share on the issue.
    Calling All Private Cloud Haters: Amazon Just Peed On Your Fire Hydrant... | Rational Survivability
    Tags: ( cloud private-cloud )
  5. Looks like a new open source project is going to be poking at GSM security.
    GSM to feel the heat from open source project - News - The H Security: News and features
    Tags: ( gsm mobile )
  6. Here are a couple of tips on implementing SharePoint with effective access control.
    Poor Microsoft SharePoint security permissions policies can derail deployments
    Tags: ( sharepoint )
  7. Rob Whiteley is looking for interesting stories about security shifts. Check out the article for what he is after.
    The Forrester Blog For Security & Risk Professionals
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Raf interviews Andre Gironda.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Andre Gironda
    Tags: ( interview )
  2. Here is the solution and winners of the third PandaLabs challenge.
    3rd Panda Challenge solution & winners - PandaLabs
    Tags: ( challenge )
  3. Forcing HTTPS sounds good. It will be interesting to see how this shakes out.
    Locking up the valuables: Opt-in security with ForceTLS at Mozilla Security Blog
    Tags: ( webappsec )
  4. Version 1.0 of Project Quant, a project to develop a patch management framework, has been released along with the survey results.
    Project Quant Version 1.0 Report and Survey Results
    Tags: ( patching )
  5. Part 3 of Ax0n's recipe for evilness.
    HiR Information Report: Evil Wifi Part 3: Hamster & Ferret
    Tags: ( wireless hacking )
  6. Cutaway has a very interesting post up about malware that resides in the registry. He points to a couple other posts that are worth reading too. This is very cool...scary...but very cool.
    Security Ripcord >> Blog Archive >> Malware IN Registry a.k.a If It Can't Be Done, Why Am I Looking At It?
    Tags: ( registry malware )
  7. Be careful what information you are sharing in something as basic as email headers. That stuff can be used against you.
    Looking beyond the surface ... << The Security Kitchen
    Tags: ( data-leakage )
  8. Martin points out some basic truths you should be aware of.
    Incident Response Leadership: Basic Truths : The Security Catalyst
    Tags: ( incident-response )
  9. You should do what Jack says. Go read the post he points you at and then send it to your friends and family.
    Uncommon Sense Security: A good primer on Social Networking and Security Risks
    Tags: ( social-networks )
  10. Folks, regardless of what the NYSE says, details about your infrastructure, patch levels, software versions, etc. is sensitive information.
    Data Detailing New York Stock Exchange Network Exposed on Unsecured Server | Threat Level | Wired.com
    Tags: ( data-leakage )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Heh. This looks like a fun project.
    War-walking case << Infosanity's Blog
    Tags: ( wireless hacking )
  2. The Sophos mid-year threat report is out.
    Download Sophos Security Threat report: Jan-July 2009 | Graham Cluley's blog
    Tags: ( report threat )
  3. Trey Ford is next up in Raf's interview series. I feel lucky that so far I have met and gotten to talk with, live and in person, three of the four interviewed so far.
    Digital Soapbox - Preaching Security to the Digital Masses: 31337 Spotlight: Trey Ford
    Tags: ( interview )
  4. Lee Kushner and Mike Murray did a survey asking questions about job satisfaction in information security. Here is a bit of what they found.
    Job Satisfaction in Security | Information Security Leaders
    Tags: ( career )
  5. Part 2 of Ax0n's evil how-to is up.
    HiR Information Report: Evil WiFi Part 2: Metasploit Framework Setup
    Tags: ( wireless hacking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. Ouch. Kinda glad I use wired keyboards and mice at this point 🙂
    Greg Martin's blog - InfoSecurity 2.0: Wireless Keyboard Sniffing
    Tags: ( wireless keyboard sniffing )
  2. EFF has a new tool that tracks the changes to the Terms of Service of some of the larger organization on the web like Facebook, Goggle, etc. Pretty cool.
    EFF Posts 'Terms of Service' Tracker | Threat Level | Wired.com
    Tags: ( eff )
  3. A nice article with some interesting ideas about putting things in your app that when accessed indicate you are under attack. I can think of a name for that, but it has a very unfortunate acronym, so will refrain from writing it here.
    AppSec Street Fighter - SANS Institute >> My Top 6 Honeytokens
    Tags: ( webappsec )
  4. Lori has a really good analogy for us. Take a few minutes to check it out.
    The Gluten-free Application Network
    Tags: ( webappsec )
  5. Your host isn't safe if you are using VMWare Workstation and haven't patched things like you ought to.
    Hacking Tool Lets A VM Break Out And Attack Its Host - DarkReading
    Tags: ( vmware exploit )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web.

  1. Rob has a really nice post up for those who are participating in cyber defense competitions as the defenders. Having just participated on the red team (hackers) this weekend for such a competition, I can say that some of the teams would have benefited greatly from this post 🙂
    Winning Hacker Competitions as Defenders - Room362.com
    Tags: ( cdc )
  2. Hoff has some really good points in this post. Rational Survivability: What People REALLY Mean When They Say "THE Cloud" Is More Secure...
    Tags: ( cloud saas )
  3. Synjunkie gives us the 10 steps he takes to secure his consumer grade wireless routes. It's a good list.
    Syn: 10 Steps to Securing a Wireless Router
    Tags: ( wireless tips )
  4. A nice little guide to finding "bad stuff" in a windows image.
    Windows Incident Response: Looking for "Bad Stuff", part I
    Tags: ( forensics )
  5. A nice article on change management and its importance.
    Black Fist Security: Change Management and some Misc stuff
    Tags: ( change-management )
  6. This should be a very interesting webcast.
    The Ethical Hacker Network - Webcast: Modern Social Engineering - A Vital Component of Pen Testing
    Tags: ( webcast social-engineering )
  7. From the post: "We just released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration."
    New Version of dnsmap out! | GNUCITIZEN
    Tags: ( tools dnsmap )

That's it for today.
Have fun!
Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Today's Bits has really big phone bills, blocking wi-fi signals, a new NIST publication about protecting PII, more storytelling by Synjunkie, generational differences and their impact on business's security, the winners of the latest Ethical Hacker challenge, HITB videos, and the Top 10 Hacking videos on YouTube.  Read on for details.

  1. Just like any networked device/system, make sure your phone systems are appropriately resistant to attack. Otherwise, you might be faced with some serious phone bills.
    Police investigate phone hacker spree : thewest.com.au
    Tags: ( pbx )
  2. This is interesting, but be careful. There may be laws that affect whether you can you this type of product.
    Techworld.com - New paint promises high-speed Wi-Fi shielding
    Tags: ( wireless blocking )
  3. Rebecca lets us know that NIST has a new publication ready for us, "Guide to Protecting the Confidentiality of Personally Identifiable Information" This should be a good read.
    New Guidelines for Safeguarding Personal Data - Realtime IT Compliance
    Tags: ( pii protection )
  4. Synjunkie has part 3 of the his Newbie Haxor storyline up.
    Syn: The Story of a Newbie Hax0r - Part 3. Lets Get Physical
    Tags: ( stories )
  5. This has been a topic I have been thinking about quite a bit as I get more involved in social networking. As indicated below, the generation just now entering the work force and the one right behind them communicate in a way that is completely different than any generation before them. We are going to have to learn how to accommodate this while maintaining security.
    IT Security's Next Big Threat: Young People - security trends/Vulnerabilities - DarkReading
    Tags: ( risk )
  6. The winners of the latest challenge at the Ethical Hacker Network are posted.
    The Ethical Hacker Network - Santa Claus is Hacking to Town - Answers and Winners
    Tags: ( challenge )
  7. Martin points out that the HITB Malaysia videos are available now.
    Network Security Blog >> HITB Videos available
    Tags: ( videos conferences hitb )
  8. Here ya go. Some hacking videos for you pleasure.
    Hat tip: http://www.stevegoodbarn.com
    Top 10 YouTube hacking videos | NetworkWorld.com Community
    Tags: ( videos hacking )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Reblog this post [with Zemanta]

{ 0 comments }