Monday, November 22, 2010
If you get or see an email, post or other add for Adobe 10 - ignore it, it WILL BE MALWARE!!!!
Go to Adobe.com directly if you want to check for an update, or use Secunia PSI.
SANS article on the Adobe SPAM
Sunday, November 14, 2010
Tuesday, November 9, 2010
Sunday, November 7, 2010
In the last week I attended two first time InfoSec conferences, LasCon focused at Web Application Security and HouSecCon which combined hacking and general InfoSec presentations.
For a first time conference LasCon rocked, not just for the kewl LA Police Gear bag, but it was organized well and most the presentations were very good. I especially liked "How I met your girlfriend" by Samy Kamkar of MySpace worm and Evercookie fame, but also a very kewl example of using Facebook chat times and a Geo location hack to actually get information enough to meet, say, your girlfriend knowing when you are not with her...
At HouSecCon, MJ Keith gave a presentation on Android phone hacking and how the business contact App Bump can be used to steal info and generally do nefarious activity.
Of course there were other talks and conversation with several seasoned InfoSec professionals I know or just met, but all in all, they were great one day events.
Put these two conferences on your list as MUST attend for next year!!!!
There is a new paradigm shift (Yes I used it) in InfoSec conferences with one or two day inexpensive conferences (under $100) that are ruling the InfoSec conference circuit. Why? Because as InfoSec professionals, we have an obligation to train and educate in order to improve information security, not just make profit, which there is plenty of. B-Sides is another conference that was this weekend in Dallas that I tried to virtually attend via MS Live, but alas.. The audio did not work... ;-(
I am part of the Austin B-Sides March 2011 conference planning because I believe in this new InfoSec 1-2 day cheap to free mentality to promote InfoSec for everyone, not just those with budget to attend BlackHat, SANS, RSA or CSI events..
Watch my Blog for more on Austin B-Sides 2011, it WILL be a killer event !!! And just before South by Southwest Interactive week!!!!
So we have two new browsers designed more for social networking than typical browsing. Both these browsers are based on Chromium, so expect speed for video and pictures.
Will these be more or less secure for surfing social sites like Facebook, Twitter, Flicker and others? Time will tell...
Wednesday, November 3, 2010
I usually agree with SANS, but they missed the #1 preventative item and that is REMOVE ADMINISTRATIVE access of the user!!!! This will cut your risk 90% give or take. Also AV will not help you from 0-Day events... Not being a local Admin will.
Start - Control Panel - Users - Create New User, make it STANDARD USER - set a good password.
Logoff, logon as is user and never use an Administrative account unless you are doing updates.
Surfing and Emailing as a Standard User will protect you more than anything else... Ohh and of course DON'T CLICK ON THAT !!!!
Tuesday, November 2, 2010
(F) Catch me on The InfoSec Daily Podcast, discussing compliance, Don't click on that, local administrator and other Infosec shutoff
Catch me chatting with Rick Hayes and Keith Pachulski on the "InfoSec Daily Podcast" Episode 248 - discussing PCI, compliance, Security Awareness, 'Don't click on THAT!!!' presentation, local administrator accounts and other shtuff... on iTunes:
Link to iTunes
or their website via MP3 download:
Monday, November 1, 2010
Read my article in the November 2011 ISSA Journal on how to achieve compliance daily. Basically, spend the effort on obtaining compliance on actually improving your InfoSec program and by default you will be compliant.