Howdy folks. Here are some worthy reading items for today.
This was actually posted last month by Don Weber, but I just came across it and thought it worth pointing out. He has written and provided to us all an incident response information collection script that uses only built-in Windows operating systems resources. Nifty!
Danny McPherson provides a classic article published in 1928 by J.B.S Haldane titled “On Being the Right Size.” He observes that it is still applicable today in wide variety of topics. Worth a gander.
Rafal Los provides some compelling evidence that while static code analysis can provide value, it does not guarantee that the compiled code will be secure.
Anton Chuvakin writes about “reverse compliance” or purposefully not logging information so that you won’t know what is going on. Drazen Drazic posted about not logging to avoid PCI fines last month. Obviously, neither is promoting this type of behavior, but there it is. “Don’t ask, Don’t Tell” in Information Security :)
Dre put up a post that talks about a cross-browser, multi-os browser vulnerability that may not be closed for quite some time.
The folks over at Wouter Veugelen Blog have been putting up a few posts about interesting tools and one of them is call AOSS. It is a bootable CD that will detect and remove deeply embedded malware on windows systems. I haven’t played with it yet, but it looks neat. They also point out UBCD4Win, the Ultimate Boot CD for Windows that is useful for repairing broken windows systems.
Finally, Darknet points out that rtpbreak 1.3a has been released. It is an RTP analysis and hacking tool. Again, haven’t played with it yet, but will be soon.
Have a great rest of your day!