Daily Digs – 08.05.2009
Hello humpday! Hopefully anyone reading this has hit the high point in the week and is set to slide on through Friday. As always, lots to talk about today so let's get into the digs!
Everything is connected to the network these days, and PoS is no such exception. Except one doesn't expect to run into a PCI sort of failure when you're at the drive-through of your local fast food joint! That is indeed, however, what happened to Rick Lawhorn in Richmond, VA. Network World is running the story on the link.
[Fast Food FAIL]
Going to court? Need to know the tangibility and admissibility of instant messages? There's a good read over on CYB3RCRIM3 on just the topic.
[Instant Messages - Evidentiary Issues]
Love your Java (not the coffee type)? Sun, today, released Java 6 update 15 which addresses a few issues including a pretty nasty bug that allows an untrusted applet access to the system. Read all about it over on the big H.
[Java 6 Update 15]
I think Deb Shinder is on crack. Her article, entitled "Death of VPN" makes some absurd assumptions around how DirectAccess (Microsofts new VPN solution that podges old technology together). Why the title is blatantly wrong: 1) it's completely and utterly M$ centric - FAIL 2) "always on" technologies are not always a "good thing" especially when we're dealing with remote access wherein most IT shops already have enough problems guarding the crown jewels and 3) IPv6 is required bringing more complexity and unknowns into shops that are having enough difficulty wrangling IPv4 'sploits. Think it through Deb -- IPsec, in it's native form, will be around for a long time coming.
[Death of VPN]
If you haven't already started the deep reading NIST has recently released the final version of 800-53. While, not everyone is on board, I find it to be better than what a lot of PCI advocates are preaching off their soap boxes.
[NIST Releases 800-53]
There's a great article up on The New School of Information Security blog that you should, well, just read. Alex makes a great point about measuring everything but how much we suck.
[Quantitative Analysis of Web Application Usefulness]
The Office of Inadequete Security had some great light reading today. Oddly enough mortgage documentation was found in a dumpster outside a Holiday Inn. "Relax -- it's Holiday Inn".
[Mortage Records Found in KS Dumpster]
If you haven't already noticed Wes McGrew will be glad to tell you: some of the talks from BH2009 have started to trickle in to the site for download. Check out the link through Wes' site - he's got other great content besides.
[Black Hat 2009 Media Available]
Apparently the security "biz" is recession proof according to new numbers out. From what I can tell I'll go along with it as there seems to be more job opportunity lately than last year this time!
[Security Job Security]
That's the round up for this evening! Hopefully you enjoyed the post (that I tunneled via a "borrowed" Starbucks WiFi connection), and as always feel free to comment. I'll leave you with today's grab bag...
--windexh8er
[Mac 10.5.8]
[Scientists Boot One Million Linux Kernels]
[XML Library Flaw]
[Blue Screen Scareware]
[World's Worst Car Wash - Daily Funny]
Tags
Random Musings
Twitter: windexh8er
- Zoom whitening - more painful than expected but white white teeth!
- Inception in VIP at Showplace Icon FTW to celebrate resignation! Wooo hooo!
- Coke has hybrid electric delivery trucks, interesting. http://twitpic.com/27usw6
- Mog vs Rdio, the battle for my $10/month... (Mog is now on Android)
- Wow... TrueCrypt 7 benchmarks at 1GB/sec encrypt and decrypt on the i7 in the MBP. Too bad FileVault doesn't use AES-NI. :(