Saturday, June 30, 2012

Multifarious Security June 2012


In this blog post I am going to talk on various interesting items on security. I am going to try to do this at least once a month on various tidbits that I hope everyone finds interesting.

  1. Learn about web tracking and Panopticlick. https://panopticlick.eff.org/
  2. Security disclosers are still an issue. We need a Federal mandate to make companies tell employees, customers and investors if PI data has been breached. I wrote about legislation in a past blog post that congress is trying to get passed into a law. It doesn’t look like congress can do it. http://www.huffingtonpost.com/2012/06/29/cybercrime-disclosures-ra_0_n_1637008.html?utm_hp_ref=tw
  3. Check out http://www.openwall.com/ they have the John the Ripper project plus other projects. John the Ripper was just upgraded to use GPU support integrated.
  4. I have blogged about Microsoft’s Azure Cloud on security. Microsoft has a series of videos on Azure security. Everyone should view this series first before diving into the Azure How-to tutorials. http://blogs.technet.com/b/trustworthycomputing/archive/2012/05/22/cloud-fundamentals-video-series-data-center-security.aspx
  5. PGP Creator Phil Zimmermann has a new company. What he did for text and emails he is trying to do for IPhone and IPad users. https://silentcircle.com/
  6. Sad, funny, or both? You decide. http://instagram.com/p/MG2hHRMkSO/
  7. An interesting paper on selling 0-day vulnerabilities. http://securityevaluators.com/files/papers/0daymarket.pdf  
    And https://www.owasp.org/images/b/b7/OWASP_BeNeLux_Day_2011_-_T._Zoller_-_Rise_of_the_Vulnerability_Market.pdf

A few posts back I talked about how much information a system is willing to give up. One of the items was the chip set. Knowing the chip set gives you two distinct advantages. It allows you to date the system. This may help you to decide which vulnerabilities that can be tried first. Second it may help you determine what OS is running on the chip. Well now you have another vulnerability that you can use knowing the chip set. This vulnerability will give you escalated privileges. http://www.kb.cert.org/vuls/id/649219
Posted by at 4:36 PM
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)