Daily Digs – 08.24.2009
It's Monday evening and time for another round of Daily Digs. We'll be back to our regularly scheduled Weekend Redux this weekend. Today I spent the afternoon at the Twin Cities OWASP mini-con and while it was generally pretty good only one of the three speakers were really that good and that was Pravir Chandra discussing OpenSAMM. I would highly recommend checking it out. That aside we're on to the digs...
The NYT Bits blog has some interesting insight into Clampi and real-time keystroke logging. There's been considerably more press on Clampi as of late but this article has some interesting tidbits and if you're not in the know it's a good place to start.
[How Hackers Snatch Real-Time Security ID Numbers]
Registration for the GNU Hackers Meeting November 11-13 in Sweden was announced recently. Brian Gough posted the info to the GNU forum.
[Registration Open for GNU Hackers Meeting]
Apple is shipping the next release of the OS X series this coming Friday (28th). Although the linked article doesn't mention it ZFS has all but disappeared from the documentation on Apple's site.
[Apple to Ship OS X Snow Leopard August 28th]
Need high quality random numbers? Then you need the Simtec Entropy Key. Product marketing aside understanding why and how the key can help is always good information to have under your belt.
[Simtec Entropy Key]
Cisco today released an active security advisory around BGP (specifically related to update functions). Not surprising though as Cisco has recently been pushing advisories that are quite similar in nature. I think you'll see more targeted attacks focusing on XR as it starts to finally gain more mainstream acceptance. The modularity in XR allows easier updates, but that doesn't mean lots-o (broken) legacy code didn't get carried over.
[Cisco IOS XR Software Border Gateway Protocol Vulnerabilities]
Jim Manico has a post up today about when it's a good time/place to use OWASPs AntiSamy.
[When to use OWASP AntiSamy]
Stoned Bootkit got some updates today with new code release along with some extra documentation.
[File System Drivers]
Failures can often times be funny, so this list of failures in terrorism has a few good laughs. My favorite line: "The bomb explodes, disintegrating Ahmed and showering his partner Sa'ad with retard bits". While not exactly PC, it's some good reading.
[The 5 Most Embarrassing Failures in Terrorism]
That's it for tonight boys and girls, we'll leave you with a grab bag of other good links.
[Teenage Hackers: Making a Better World]
[Updated Groklaw: Apple vs. Pystar]
[Exactly Why Data Breaches Happen]
[Microsoft, Google and VMware Redefine the OS]
[Windows Incident Response: Virtualization]
[Pirate Bay Down After ISP Cuts Connection]
[Mass Infection Turns Websites Into Exploit Launch Pads]
[SubSeven is Back]
[Google to be Used to Control Botnets]
[Sony Debuts HD Security Cameras]
[Canada Takes Lead Role in Facebook Privacy Issues]
Tags
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | |||
Random Musings
Twitter: windexh8er
- @marcusjcarey Yeah, makes Ruby feel - well, boring / convoluted. Been all about Scapy lately, you won't go back. :)
- Haha, giving away hardware as bribery to get people to take a survey so the "analysis" can suck less. Enough for me for today! #out
- Getting sick of 1Password's suck on Android. LastPass is my project for this weekend. Still need to put my XT in the MBP too! :(
- @llsecurity Ubuntu is what I would put my parents on. Arch doesn't get in the way - much faster out of the box. Pacman & AUR > deb.
- @llsecurity Polish, as in the sausage? ;) Arch is the way to go, happy medium of "polish" and power.