Interesting Information Security bits for May 19th, 2008

May 19, 2008
Good afternoon everybody. Here are few things worth taking a gander.

Dave Lewis over at Liquidmatrix points us to an service that appears to be very helpful. It is a service offered by Jane’s that tracks terrorism and insurgent activities around the globe. As Dave states, it’s a bit pricey for an individual, but probably well worth it for corporations that have global exposure.

Richard’s latest Snort Report is up. He helps us Justify Snort. Good reading.

Paul Melson has a list of Malware Analysis tools you can use to dig into the guts of those pesky malicious files.

@dacort twitted a pointer to an article on Sun’s site that talks about five areas that must be addressed to keep Web scale deployments safe from attack.

In a follow-up post to a previous missive about the static code analysis shortcomings, Rafal Los brings us a solution, Hybrid Analysis. Good stuff.

That’s it for now. Have a great day.

Kevin


How to become a hacker…

May 16, 2008

You may have all seen this already, but I just came across it. It’s been around for a while, but I thought it was interesting. How to Become a Hacker by Eric Steven Raymond.


Interesting Information Security Bits for May 16th, 2008

May 16, 2008

Howdy, here are some things to take a look at for today.

Dave Aitel writes about automatic exploit generation from patches. According to Dave, it isn’t as easy as it sounds. I agree with him. Go give it a read.

GNUCITIZEN has another good post up that takes a look at resident scripts and cross-domain issues using javascript.

Kees, as usual, has a thought provoking post up which points out that Perception IS Reality (emphasis added). Go read it.

Later folks. Have a great day.

Kevin


Hey Nessus, do you do sudo?

May 16, 2008

We all know and love Nessus. Well today, Tenable made it even better. Nessus now fully supports su and sudo for audit and patch compliance checks. This is very cool.

Next, in response to the ssh key bruhaha this week, there are now a couple of plugins that will check for weak keys in SSH and SSL protected webservers.

Caveat: It appears that you need to be Direct Feed/Professional subscriber to use these features.

Kevin


Interesting Information Security bits for May 15th, 2008

May 15, 2008

Man, I just keep falling farther and farther behind on these posts. Anyway, here we go:

Jeremiah has a nifty post up about crossdomain.xml.

Jeff Jones has a short paper available that compares Windows Vista vulnerabilities compared to Windows XP SP2 vulnerabilities in 2007.

Patrick Romero discusses Electronic Medical Records over on Security Catalyst.

Nitesh has an interesting article posted about some issues in Safari and Apple’s response.

Innismir has posted a helpful guide on how to created new ssh system keys for those of us who are susceptible to the openssl issue on Debian based linux distros.

That’s it for today. Have a good one.

Kevin


Interesting Information Security Bits for May 14th, 2008

May 14, 2008

Hi folks. Good afternoon. Here are a few things to look at today.

There is a post on the nCircle blog about some interesting issues regarding some IPv6 issues we need to be aware of.

Sam Ryder has an interesting post up on alert blogic about SaaS and its impact on the channel.

The May issue of “IT Compliance in Realtime” is available from Rebecca. Go here for a teaser 🙂

Frank Cassano has a post up at bloginfosec about building out a framework to structure your information security program around. I have only skimmed it so far, but looks interesting.

As other have noted, there does not appear to be a fee (that’s a link to a pdf) any longer for real-time vulnerability updates for Nessus any longer for home and non-commercial users.

Have great rest of your day!

Kevin


Interesting Information Security bits for May 13th, 2008

May 13, 2008

Hi folks. Here are some things to take a look at.

Dave Whiteleggg has written a tutorial for Appscan.

Jeremiah points out three good reads on web application security.

Jeff Jones points us to a missive penned by Dr. Crispin Cowan about User Access Control and whether it is a convenience feature or a security feature. I won’t spoil to suprise. Go give it a gander.

Techdulla has post up about a new hire and there are some tidbits in there that are very good.

Jack has a list of some good Information Security based podcasts that you should check out.

There ya go. Have a great one.

Kevin