Interesting Information Security Bits for 11/07/2008

November 7, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. Virtualization: How to Isolate Application Traffic
    Lori has penned a nice article pointing out how we can use VLANs to isolate application traffic. She makes and excellent point in the article, “we’ve grown to use VLANs as an architectural tool rather than a security tool, and often don’t consider how valuable such a simple, existing technology can easily be applied to more emerging, cutting edge concepts.”
  2. Typical Injection Points in a Web Application | Startup Security
    Damon fills us in on some good spots to check for vulnerabilities in web applications.
  3. Discovering Rogue Access Points With Nmap
    Nifty way to detect rogue wireless APs from the wireside.
  4. Researcher: Android may not need antivirus software
    Now I’m not saying you have to have anti-virus software for your mobile device, but I sure don’t agree with several of the statements made in this article.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

Advertisements

Interesting Information Security Bits for 11/06/2008

November 6, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. TaoSecurity: Defining Security Event Correlation
    Richard has a good post up on defining security event correlation. Go check it out.
  2. Why use Firefox << Techdulla
    Techdulla tells us why he uses Firefox for his browser. I agree with everything he says and will add that putting the AdBlock add-on into place makes it even better.
  3. HiR Information Report: Xorg.conf for OpenBSD MacBook / Parallels
    Ax0n is here to help you get Xorg running on your Mac using Parallels.
  4. Android-Powered G1 Gets Antivirus Software — Google Android — InformationWeek
    Looks like you can get Anti-virus software for your G1 phone.
  5. Once thought safe, WPA Wi-Fi encryption is cracked
    Oops. Time to upgrade to WPA2. Okay, you don’t have to run out right now and do it, but it looks like some researchers have found a method of getting the TKIP key in a short time frame.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin


Interesting Information Security Bits for 11/05/2008

November 5, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. CSI Stick – So who has a copy of your phone? << SANS Computer Forensics, Investigation, and Response
    This is both very cool and very scary. Tool that allows you to quickly and easily suck the data out of a cell phone or smart phone. So much for locking the keyboards on those puppies.
  2. Assuming the breach: What is good pen-testing?
    Planet Heidi has some good guidance for effective pen testing. You should go read it if do them and, more importantly, if you get the results.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin


Interesting Information Security Bits for 11/04/2008

November 4, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. /dev/random >> Blog Archive >> Critical dns2tcp Vulnerability!
    Looks like dns2tcp has a vulnerability that needs to be taken care of. Time to upgrade.
  2. TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux – Documentation
    A new version of Truecrypt is out. Version 6.1 was released on October 31st, 2008.

    Hat tip: Xavier at http://blog.rootshell.be

  3. Research Blog – Research – SecureWorks
    A very nice description and review of the worm that is trying to take advantage of MS08-067.
  4. PCI Blog – Compliance Demystified >> Blog Archive >> Cloud computing security and PCI
    Another good article about PCI and cloud computing.
  5. Tenable Network Security: Log Correlation Engine 3.0 Released
    Like the title says, Tenable has released a new version of their Correlation engine.
  6. Man cops to $1m phony bar code shoplifting scheme * The Register
    Real life shopping cart hacking 🙂
  7. Security at the point of sale
    An interesting article about the different ways that thiefs are exploiting retail checkout systems.
  8. Core Security finds critical Adobe Reader hole | Latest Security News – CNET News
    Looks like it’s time to patch Adobe Reader again.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin


Interesting Information Security Bits for 11/03/2008

November 3, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. Microsoft: Trojans are huge and China is tops in browser exploits | Latest Security News – CNET News
    An interesting report has been put out by Microsoft that is worth a gander.
  2. Google patches Android security flaw | Latest Security News – CNET News
    There is a patch available for your G1 phone. Better go get it done if you haven’t already.
  3. Cloud Computing: It’s the destination, not the journey that is important
    Lori has a very good point here. You should go read her article because it applies to all of us.
  4. PortSwigger.net – web application security: [MoBP] Filtering and deleting content
    Interesting things going on with the Burp Suite. New features and a major release just around the corner.
  5. PortSwigger.net – web application security: [MoBP] The new target site map
    More cool stuff.
  6. ToorCon X Presentations | Infosec Events
    Yup, more reading.
  7. OWASP NYC AppSec 2008 Video | Infosec Events
    and watching.
  8. Network Security Blog >> PCI Compliance in the Cloud: Get it in writing!
    Martin has written a article that you should read if you have any responsibility for PCI.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin


Interesting Information Security Bits for 11/01/2008

November 1, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. PortSwigger.net – web application security: The Month of Burp Pr0n
    Looks like a major release of the Burp suite is just around the corner. Keep your eyes open.
  2. I-Hacked.com Taking Advantage Of Technology – RJ45 Ethernet Loopback Cuff link/Keychain
    Ax0n has an neat little project posted on i-hacked that shows you how to create an ethernet loopback tester. Bonus: They can be used as cuff links or easily carried on your key chain.
  3. Blackhat Webinar: Clickjacking and Browser Security
    The next Blackhat Webinar has been announced. Jeremiah Grossman will be talking about Clickjacking. Date: November 20th, 2008 Time: 4:00 pm ET/1:00 pm PT

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin


Interesting Information Security Bits for 10/31/2008

October 31, 2008

Good afternoon everybody! I hope your day is going well.

Here are today’s Interesting Information Security Bits from around the web.

  1. spylogic.net – Facebook Privacy & Security Guide Released
    Tom has released his Facebook Security & Privacy Guide. You really should take a look if you have a Facebook account.
  2. Tips for getting started in information security – Kees Leune
    Kees gives those interested in entering the information security profession some really good things to think about and offers up some practical guidance that is will realy help new entrants focus on getting where they want to go.
  3. Freeform Comment: View from the defence: seven reasons for security as a service
    An article by Jon Collins summarizing the panel he hosted on SaaS at RSA Europe. Some good points are made in its favor.

That’s it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin