Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.
- WASC Web Application Security Statistics Project 2007 published | Security4all – Dedicated to digital security, enterprise 2.0 and presentation skills
Security4all points out that the WASC (Web Application Security) Statistics Project 2007 has published their results. Worth peaknig at.
- Tenable Network Security: Detecting Manually Compiled Network Daemons
A nifty plugin for Nessus that scans for services that are not an integral part of the operating system or known package. These types of services, while not neccessarily bad, often deserve a closer look.
- PaulDotCom: Archives – September Late-Breaking Computer Attack Vectors
Pauldotcom.com’s September attack vectors update is on September 24th at 2:00pm EDT (GMT -4:00).
- Lawyers Can Help You Document << SANS Computer Forensics, Investigation, and Response
J. Michael Butler writes that it is important to document things during a forensic invesitigation, but maybe even more importantly, it is important to be very careful how we document due to the new e-discovery rules. Great article with some addtional resources worth reading mentioned.
- IBM Rational Application Security Insider: Winamp NowPlaying Unspecified Vulnerability: The Details
Yair Amit discusses a vulnerability in WinAmp that has since been resolved. An interesting read.
That’s it for today. Have fun!