Interesting Information Security Bits for 09/30/2008

September 30, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. *nux Live Acquisition Techniques
    Cutaway gives us a nice walk-through of how he dealt with some issues when trying to acquire drive images during a recent incident response.
  2. Fiction Versus Function: Three Unspoken Annoynaces of Cisco & VMware’s Virtualization “Partnership”
    Beaker pens another interesting missive about VMWare and Cisco getting together and what that might mean for both server admins and network admins.
  3. Impact of the Economic Crisis on Security
    Rich has a great post up with some insightful observations about what effect the current financial situation may have on our industry and our jobs. You should go read it.
  4. FAQ: Clickjacking — should you be worried?
    A very good explanation for what Clickjacking is.
    Hat tip: @jeremiahg
  5. Dark Reading – New DOS Attack Is a Killer – Snake Bytes
    Some interesting stuff coming out of Sweden, interesting as in the sky is falling.
  6. Sex, death and Gartner IT security summits
    David give’s us an overview of the opening day of the Gartner IT Security Summit in London. Interesting stuff being talked about there.
  7. FOXNews.com – For Sale: Used Spy Camera With Top Secret Terror Records – Science News | Science & Technology | Technology News
    When things like this happen, you just want smack yourself in the forehead and ask how can people not get it to this degree?

    Hat tip: @cre8tn

  8. Andrew Hay >> Blog Archive >> Secure Life Ep 1
    Neat cartoon that really gets to the point.

That’s it for today. Have fun!
Kevin

Advertisements

It’s quicker, but don’t forget to fix it…

September 30, 2008

Good morning/afternoon/evening everybody.

Hope your day was/is/will be great! 🙂

Lori MacVittie over at DevCentral, who you should all read, wrote Which security strategy takes more time: configuration or coding? recently. It’s a good article with some very valid points, but it made me think of something else we need to be aware of when we make “time trade-off” choices.

I agree that WAFs, ACLs, black holing traffic, etc. are all good and
effective methods of mitigating risk and protecting against known
threats and in some case unknown threats. For example, how often have you whipped up a solution to a problem and slapped it into place?  You know it is not an appropriate long term solution, but you say to yourself, “I’ll come back and do that better when I have time.”

Fast forward 3 years and your quick fix is still in production causing all sorts of grief because it was never intended to be a long term solution and/or nobody knows what this things is doing and they remove it, again, causing all kinds of grief.

Maybe I’m stating the obvious, but we need to make sure we have effective policies and procedures in place to ensure that we are addressing things in an appropriate manner, independent of the “this is quicker” mentality. Again, I am not saying that quicker shouldn’t be used.  It has it’s place and often is the best short term choice.  I just want to remind everybody that we need to keep that long term horizon in sight also.

Agree, disagree, think I’m looney?  Leave me a note in the comments with your thoughts.

Kevin

Image courtsey of jakeliefer


Interesting Information Security Bits for 09/29/2008

September 29, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. Indirect iPhone Forensics << SANS Computer Forensics, Investigation, and Response
    Um, folks, large portions of the data on your iPhone or Ipod devices are likely on your computer too. Check out John’s writeup on how to read said info.
  2. Security Ripcord >> Blog Archive >> Dumping Files Names from MS Windows Directory
    Nifty batch file to get a list of files in a directory. Very nice when hooked up to the context sensitive menu as suggested in the article. Slight modification to write to new media would make it handy for forensics too.
  3. HiR Information Report: Introduction to Proximity Cards
    An interesting introduction to proximity cards. Very detailed but understandable.
  4. StillSecure, After All These Years: Do you need a free vulnerability management solution?
    Free tool available from StillSecure. Looks interesting. Will have to play with it later.
  5. Security School: Getting the most out of your SIM deployment
    Adrean Lane’s Integration of Networking and Security School on SearchSecurity.com.
  6. Data loss prevention: Data Protection Security School: Security Schools: SearchSecurity.com
    Rich Mogulls SearchSecurity Data Protection Security School.
  7. Protecting your Cookies
    Dan has an interesting post up that discusses his progression from single browser to multiple browsers to browsers with SSBs and finally to two browsers in the attempt keep his sensitive data segregated with browsing the evil internets. Go look.
  8. New version of Helix Forensics LiveCD released
    Title says it all.
  9. Maltego 2 and beyond – Part 2
    Mubix has part 2 up of a series of posts that walk us through using Maltego.
  10. Why Blog?
    Not directly related to InfoSec, but a very good post on reasons to blog has been posted by Richard. Give it a read and see if it doesn’t help you either take that step to blog or better focus the blogging you do.
  11. Friday Summary
    Rich as posted some pointers to some things he and Adrian have been doing lately. The DLP and SIM security schools over at TechTarget look very interesting.
  12. Quickpost: Stored User Names and Passwords
    Didier gives us some interesting info about where Windows keeps stored passwords. He also points us to some tools to work with them.

That’s it for today. Have fun!
Kevin


Interesting Information Security Bits for 09/26/2008

September 26, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. PaulDotCom: Archives
    Larry has a good post up about watching where your data is, particularly in this day of an ever increasingly mobile workforce.
  2. Net pariah Intercage back among the dead * The Register
    Read the article for the details, but title pretty much explains it.
  3. /dev/random >> Blog Archive >> Workstation (Un)locking Using Bluetooth
    Interesting idea, but I agree with the reviewer, needs a little more that just the presence of a phone or bluetooth device to unlock. Besides which, what if you leave your phone at your desk…oops.
  4. Wigle.net: The 411 on Wireless Access Points – Security Fix
    See if your AP is known to the world. While my neighborhood is on the map with some APs, mine isn’t there.
  5. The Security Shoggoth: Malware Analysis Contest
    The Security Shoggoth (Tyler) announced that a malware analysis contest will be starting on October 1st. Go check it out. Could be a lot of fun.
    Hat Tip: Tom at Spylogic
  6. IT Security: Can We Be Compliant and Yet Insecure?
    Bill Sieglein asks in an article on CSOOnline, “Can we be Compliant and Yet Insecure?” Um…yup. However, Bill doesn’t just ask the question and answer it. He also provides some good advice on how to avoid getting trapped in “Just get through the audit” land.
  7. Memory exhaustion DoS vulnerability hits Google’s Chrome | Zero Day | ZDNet.com
    Dancho shares with us that there has been another vulnerability found in Google’s Chrome browser. He talks with the group who found it. Interesting read.
  8. Myths, Misconceptions, Half-Truths and Lies about Virtualization << Amrit Williams Blog
    A great post by Amrit discussing virtualization and many of the challenges associated with it that people tend to overlook.

That’s it for today. Have fun!
Kevin


Headed to RSA Europe 2008

September 26, 2008

Cool news folks.  I am now an accredited press/analyst for RSA Europe 2008.  Even better, I’m going. Hotel reservations have been made and flights booked.  I am looking forward to attending.  This will be my first RSA and looking at the agenda, it appears that there will be plenty of interesting talks to sit in on.

More importantly though, I am looking forward to meeting and talking with other information security professionals.  I already know that several of the @SecurityTwits are going to be there.  Please drop me a note or leave a comment if you are going to be there.  I’m thinking a meetup might be in order if enough are interested.  If not, lunches and hallways are always available for meeting and greeting.

I look forward to hearing from you all.

Kevin


Interesting Information Security Bits for 09/25/2008

September 25, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. (IN)SECURE Magazine
    Issue 18 is out.
  2. Dailydave: “ClickJacking”
    A good description of clickjacking.
    Hat tip: @lmacvittie
  3. BSQL Hacker – Automated SQL Injection Framework | Darknet – The Darkside
    Title defines it pretty well.
  4. Tenable Network Security: Nessus Virtual Appliance
    Nessus has released a virtual appliance image for Nessus 3. Pretty cool.
  5. Dark Reading – Outside Insight – Snake Bytes
    RSnake reminds us to not forget yesterday’s issues.
  6. HubLog: Logout/Login CSRF
    Wow. Not a good thing at all. You really need to check this out. Remember to check who you are logged in as periodically.
    Hat tip: @geekgrrl
  7. HttpFox :: Firefox Add-ons
    Nifty plugin to explore what is happening during http communications.
    Hat tip: @lmacvittie

That’s it for today. Have fun!
Kevin


Interesting Information Security Bits for 09/24/2008

September 24, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. Raise user security awareness with a free training kit | IT Security | TechRepublic.com
    Chad Perrin has the first of a series of articles that will explore using the free materials that area available from Microsoft for Security Awareness training.
  2. samsclass.info: Sam Bowne Class Information
    This site is referred to by on of the other posts mentioned today, but I thought it deserved its own mention. Good resource for free training materials if you are so inclined.
  3. ‘Profiler’ Hacks Global Hacker Culture – Desktop Security News Analysis – Dark Reading
    An interesting article by Kelly Jackson Higgins about profiling hackers and one man’s efforts to do so.
  4. Certification still pays for CISSPs, CISMs
    Carolyn Gibnet has some info gleaned from the Foote Partners IT Salary Survey about how the CISSP and CISM certifications affects your salary.
  5. Researchers discover PDF exploit packs | Zero Day | ZDNet.com
    There is an exploit pack that targets PDFs running around. Ryan gives us more info.
  6. India’s government: At last, we’ve cracked Blackberry’s encryption | Zero Day | ZDNet.com
    Dancho relays a report that the Indian government claims to have cracked Blackberry’s encryption, kind of.
  7. Graham Cluley’s blog
    Sophos has a new release that contains “enhanced malware protection.” Probably worth playing with.
  8. Dirty dozen: Firefox ships patch for 12 security flaws | Zero Day | ZDNet.com
    Time to patch Firefox. Ryan breaks down what the latest update fixes.
  9. Coding Horror: Cross-Site Request Forgeries and You
    Jeff explains very clearly how csrf attacks work.
  10. Dismantling an XML-Bomb << Didier Stevens
    Didier walks us through how easy it is to create an XML bomb and then gives us some suggestions on how to defend against them. Very cool stuff.
  11. Teaching Hacking at College by Sam Bowne(Hacking Illustrated Series InfoSec Tutorial Videos)
    Irongeek points out Sam Bowne’s DefCon 15 talk about teaching hacking at college. Good stuff.

That’s it for today. Have fun!
Kevin