Interesting Information Security Bits for 10/13/2008

October 13, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. Schneier on Security: Threat Modeling at Microsoft
    Schneier points us to a white paper by Adam Shostack on Microsoft’s threat modeling methodology. I have only read the first part, but it looks interesting.
  2. McGrew Security Blog >> Blog Archive >> Slides for a forensics class lecture on ext2/3
    Welsey has put up the slides for a talk he is giving about ext2/ext3 file system forensics. You should go check them out.
  3. Apocalyptic Vulnerability Percentages – FUD 101 web application security lab
    A good read from RSnake about just how vulnerable are we.
  4. PPT_VeriSign_Webcast_Brazil_20081008.pdf (application/pdf Object)
    Slides from a threat briefing on Brazil that was given by Brazil last week.
  5. Carnal0wnage Blog: OWASP APPSEC 2008 Conference Videos Online
    Videos are out from the OWASP AppSec 2008 conference.
  6. Matasano Chargen >> Blog Archive >> Detecting Anonymizing Proxies
    A good article on how to detect anonymizing proxies on you network.
  7. Matasano Chargen >> Blog Archive >> Owning Networks With Soldering Irons and Radio Shack Parts
    A great walk through of Stephen’s experience with a recent pen test that required him to do some hardware hacking.
  8. Dell Launches SingleClick Remote Access – Host security News Wire – Dark Reading
    Dell is now offering a “Go to my PC” like service.
  9. Over half of U.K. firms have lost data
    Ouch. On top of the pure mind boggling statistic that 55% of British companies have had a breach and that 49% have had more than one, is the finding that only 10% were considered to be the result of malicious entities. Go take look.
  10. U.S. proposes digital signing of DNS root zone file
    The U.S . department is looking for comments on how to implement DNSSEC for records in the root zone.
  11. Error puts data on 30 million German phone users on Internet (AFP) by AFP: Yahoo! Tech
    Not once, but twice now, the Deutsche Telekom has lost personal data. Lots of it.

    Hat tip: @mckeay

That’s it for today. Have fun!


Update: RSA Europe 2008 Blogger/SCC/SecurityTwits Meetup

October 13, 2008

Hello everyone.  RSA Europe 2008 is just around the corner!  Some of us have been talking about setting up a Security Blogger/Security Catalyst/SecurityTwits meetup and have settled on a date, time and location.  We will be getting together on Tuesday the 28th at 8:00 PM.  The Novotel London Excel bar is the location.  The hotel is part of the Excel conference center, so should be easy to track down, but just in case, here’s a map:

If you would like to join us or have a suggestion for a better location, please let me or Security4All know.  I can be contacted either by comments to this post or kriggins _at_ and Security4All can be contacted here.

Hope to see you there.

Update: I realized this morning that I was remiss in specifying who was paying for any food or drink you might have during this get together. Everybody will be responsible for their own tab for this event.

Update #2: Today’s the day! As indicated above, we will be in the Upper Deck Bar in the Novotel hotel.  We are going to do our best to carve out a corner to the right of the bar near the river.  Please see the About page to see a picture of me which may help you in picking out our group 🙂