It's Monday evening and time for another round of Daily Digs. We'll be back to our regularly scheduled Weekend Redux this weekend. Today I spent the afternoon at the Twin Cities OWASP mini-con and while it was generally pretty good only one of the three speakers were really that good and that was Pravir Chandra discussing OpenSAMM. I would highly recommend checking it out. That aside we're on to the digs...
The NYT Bits blog has some interesting insight into Clampi and real-time keystroke logging. There's been considerably more press on Clampi as of late but this article has some interesting tidbits and if you're not in the know it's a good place to start.
[How Hackers Snatch Real-Time Security ID Numbers]
Registration for the GNU Hackers Meeting November 11-13 in Sweden was announced recently. Brian Gough posted the info to the GNU forum.
[Registration Open for GNU Hackers Meeting]
Apple is shipping the next release of the OS X series this coming Friday (28th). Although the linked article doesn't mention it ZFS has all but disappeared from the documentation on Apple's site.
[Apple to Ship OS X Snow Leopard August 28th]
Need high quality random numbers? Then you need the Simtec Entropy Key. Product marketing aside understanding why and how the key can help is always good information to have under your belt.
[Simtec Entropy Key]
Cisco today released an active security advisory around BGP (specifically related to update functions). Not surprising though as Cisco has recently been pushing advisories that are quite similar in nature. I think you'll see more targeted attacks focusing on XR as it starts to finally gain more mainstream acceptance. The modularity in XR allows easier updates, but that doesn't mean lots-o (broken) legacy code didn't get carried over.
[Cisco IOS XR Software Border Gateway Protocol Vulnerabilities]
Jim Manico has a post up today about when it's a good time/place to use OWASPs AntiSamy.
[When to use OWASP AntiSamy]
Stoned Bootkit got some updates today with new code release along with some extra documentation.
[File System Drivers]
Failures can often times be funny, so this list of failures in terrorism has a few good laughs. My favorite line: "The bomb explodes, disintegrating Ahmed and showering his partner Sa'ad with retard bits". While not exactly PC, it's some good reading.
[The 5 Most Embarrassing Failures in Terrorism]
That's it for tonight boys and girls, we'll leave you with a grab bag of other good links.
[Teenage Hackers: Making a Better World]
[Updated Groklaw: Apple vs. Pystar]
[Exactly Why Data Breaches Happen]
[Microsoft, Google and VMware Redefine the OS]
[Windows Incident Response: Virtualization]
[Pirate Bay Down After ISP Cuts Connection]
[Mass Infection Turns Websites Into Exploit Launch Pads]
[SubSeven is Back]
[Google to be Used to Control Botnets]
[Sony Debuts HD Security Cameras]
[Canada Takes Lead Role in Facebook Privacy Issues]
Good evening ladies and gents to a belated round of digs. Apologies for the lack of a weekend and Monday post, but travels and an unexpected difficulty made posting rather hard. We're back to our weekly schedule with the exception that the screencast is being pushed back to next week and there may not be a weekend redux. We'll see how things pan out, but stay tuned regardless!
So what do you get when you cross rookie "cyber crime" law enforcement and some stolen passwords? Well, everyone seems to have had something to say about it today as law enforcement blew any chance of using underground leads they already had access to. Check out the nice write up over at the SpywareGuide blog.
[Law Enforcement Altered r00t-y0u]
The Windows Incident Response site has some got a write up around all sorts of tools you should have in your box with regards to forensically collecting information on images. NetworkMiner is mentioned at the very end and is something that I had, at one time, meant to check out but never got around to.
[Windows Incident Response - Tools and Links]
Only 130 million card numbers? Really, that's all Sevgec and crew came up with? Sure you caught the sarcasm but if not, and this trend continues, we're in for the fire storm sure to follow as consumers start to demand better protection in the cardholder space.
[Three Men Charged in 130 Million Credit Card Theft]
Need a good definition to describe insecure cookie handling to, possibly, misguided web devs? Cenzic has your answer over on their blog.
[Insecure Cookie Handling]
The US-CERT has some useful resources and the weekly security bulletin is definitely one of them. If you've never checked it out I'd recommend starting now. Although this of specific interest this is just one of the large volume of feeds we scour for daily insights.
[US-CERT Weekly Bulletins]
Windows 7 -- can it be the saving grace to the flop better known as Vista? I think surely Microsoft has a decent chance with this revision of their, once, flagship product. Problem is that the OS is still too big for it's britches and legacy support will be the bane of it's security problems well into the next 5 years. XP mode is definitely going to be one of the most difficult areas of 7 to swallow because, in essence, one will now have to maintain security patches of two operating systems moving forward and as we all know most people have problems just dealing with one.
[Windows 7's Achilles' Heel]
SANS has an interesting article up entitled "Surviving a Third Party Onsite Audit". I'm sorry but this is just wrong coming from SANS. Generally they have their head on straight and are a good resource for information but "surviving" an audit is not something people should be focused on. The real focus should be doing security the right way every day, not just when one knows the auditor will be knocking on the front door. I see it time and time again in clients wherein everyone is always in scramble mode and then, if all goes well, it's a celebratory "win". That is, until next time when you scramble to put in that extra new box with blinky lights that's the saving-grace for today. Do it right and do it right everyday and if you can't do that then fall back to "the audit survival guide". At that point, however, you really need to question the abilities and resources you have to do due diligence.
[Surviving a Third Party Audit]
Can you pick a 5-pin in 87 seconds? I'm guessing not - unless your name is Jos Weyers. Check this video out of him at LockCon.
[87 Seconds... Jos Weyers!]
Oh Facebook -- you're the favored platform of phishers and skiddies alike! One more reason to avoid social network platforms, especially those that all of your super security conscious friends from high-school running Windows ME are on.
[Facebook Phishers Cast Multiple Lines]
Today must be a day of definitions because if you've ever really wanted to know what ESAPI was, without digging into it, you've just hit the jackpot. Although this one's been out for a few weeks it just made its way across my feeds and is definitely a worthy read if you're interested in what it is and some show and tell of how you can help justify implementing it.
[What is ESAPI?]
That's all for tonight's digs folks! Although I have a ton left in the queue it's about that time to post. Check out some of the left overs in the grab bag below.
-windexh8er
Tonights grab bag lineup as follows:
[IEEE Connections Program]
[Visualizing IDS Output]
[Routing Redundancy: How much is enough?]
[Personal Responsibility in PCI]
[Useful Security]
[Federated ID, OpenID and OAuth Primer]
[FTC Issues Health Breach Notification Rule]
[Hyperjacking]
[DNS Blacklist Unveiled]
