Security Stallions Blog "Musings of all things infosec…"

Daily Digs – 08.04.2009

Good evening Tuesday!  Lots of link lovin' today - so is that a good, or bad day in security?  I'll leave you to ponder as we start the digs disclosure.

First up, and near to my heart in a past life, we have news of a government contractor repaying for a failure on performance.  This is definitely a rarity in this space as generally the government shells out more, not less.  Check out the Washington Post article for more.
[Contractor Returns Money to Pentagon]

iPhone, Android, where's the love for Pre exploits?  Step right up boys and girls, SecurityTracker has some PoC code for you!
[Palm WebOS Filtering Flaws]

So when 'show ip bgp 198.133.219.0/24' doesn't return anything from a router, oh say on any backbone router on bgp4.as Cisco's got some issues.  The #1 *cough* networking company in the world, and their AS goes away?  Check out the thread over on NANOG.
[BGP Debauchery]

Intel halted production on some SSDs today because of a data corruption bug that was found.  Sounds like Chipzilla's been having some BIOS bugginess as of late.
[Intel Confirms Data Corruption Bug]

Need the Canadian Counter-Insurgency Operations Manual?  I sure don't, but if you do -- check it out over on Wikileaks.
[Canadian Counter-Insurgency Operations Manual Leaked]

If you're all about the honeypots you'll be excited to know that the next phase of WASC's distributed open honeypot project is now underway.  CGISecurity has all the goods yonder.
[Next Phase of Honeypot Project]

I have to admit there has been a time or two I'd like to SE those punk kids who spend 23.5 hours a day honing XBox skills much to my dismay.  Now I have a golden opportunity as SpywareGuide is running an article on just how to get started pretending I'm a Microsoft employee.
[XBox Gamertag Exploit]

PenTestIT (really guys, give up on all the links -- great content, annoying site) has a brief blurb up about TitanEngine, the "swiss army knife for reverse engineers".  So if you're into packers, PSH and all that jazz this may be of interest.
[TitanEngine via PenTestIT]
[TitanEngine via ReversingLabs - no adspam]

Preserving and understanding timelines in forensics is life or death in the context of valid data.  The Windows Incident Response blog has a great post up that showcases the 'log2timeline' tool.
[More Work on Timeline Analysis]

Today, we'll leave our last comments with FISMA.    A great rant by Michal Smith (aka rybolov) via The Guerilla CISO on the good and the bad of it all.
[The FISMA Challenge]

And let's not forget today's grab bag -- filled with all kinds of uncommented linky goodness!
[Security Sells]
[Shaking That False Sense of Security]
[NH Inmate had Corrections Officer's Data]
[DoS Attack Downs Gawker]
[Feds and RFID Fun]
[SSL Rebinding Screencast]
[Taitz Loses it Live on MSNBC]

Happy trails to the rest of your Tuesday!

--windexh8er