In this blog post I am going to talk on various interesting items on security. I am going to try to do this at least once a month on various tidbits that I hope everyone finds interesting.
- Learn about web tracking and Panopticlick. https://panopticlick.eff.org/
- Security disclosers are still an
issue. We need a Federal mandate to make companies tell employees, customers
and investors if PI data has been breached. I wrote about legislation in a past
blog post that congress is trying to get passed into a law. It doesn’t look
like congress can do it. http://www.huffingtonpost.com/2012/06/29/cybercrime-disclosures-ra_0_n_1637008.html?utm_hp_ref=tw
- Check out http://www.openwall.com/ they have the John
the Ripper project plus other projects. John the Ripper was just upgraded to
use GPU support integrated.
- I have blogged about Microsoft’s
Azure Cloud on security. Microsoft has a series of videos on Azure security.
Everyone should view this series first before diving into the Azure How-to
- PGP Creator Phil Zimmermann has a
new company. What he did for text and emails he is trying to do for IPhone and
IPad users. https://silentcircle.com/
- Sad, funny, or both? You decide. http://instagram.com/p/MG2hHRMkSO/
- An interesting paper on selling
0-day vulnerabilities. http://securityevaluators.com/files/papers/0daymarket.pdf
A few posts back I talked about how much information a system is willing to give up. One of the items was the chip set. Knowing the chip set gives you two distinct advantages. It allows you to date the system. This may help you to decide which vulnerabilities that can be tried first. Second it may help you determine what OS is running on the chip. Well now you have another vulnerability that you can use knowing the chip set. This vulnerability will give you escalated privileges. http://www.kb.cert.org/vuls/id/649219