Articles & Presentations

Monday, November 22, 2010

These lads look awfully young to be 'WANTED'....







Care to guess what they are wanted for ? Would you have trusted them ?

(W) Warning Will Robinson... Adobe 10 Email is malware







If you get or see an email, post or other add for Adobe 10 - ignore it, it WILL BE MALWARE!!!!

Go to Adobe.com directly if you want to check for an update, or use Secunia PSI.

SANS article on the Adobe SPAM

Sunday, November 14, 2010

Good source for InfoSec Podcasts




Thank you IronGeek for listing the more popular InfoSec Podcasts. I would add Steve Gibson's 'Security Now' for general IT folks and anyone wanting a good basic InfoSec update Podcast.

http://ping.fm/P46EW



Tuesday, November 9, 2010

Top Ten Opensource Security and Network tools




Some well known, new and forgotten FREE Opensource InfoSec and Network tools for the budget minded.

Thank you Dark Reading...

http://ping.fm/0ykRI

#11... custom scripts...

Sunday, November 7, 2010

(C) Two first time InfoSec Conferences in Austin & Houston ROCKED!!!!




In the last week I attended two first time InfoSec conferences, LasCon focused at Web Application Security and HouSecCon which combined hacking and general InfoSec presentations.

For a first time conference LasCon rocked, not just for the kewl LA Police Gear bag, but it was organized well and most the presentations were very good. I especially liked "How I met your girlfriend" by Samy Kamkar of MySpace worm and Evercookie fame, but also a very kewl example of using Facebook chat times and a Geo location hack to actually get information enough to meet, say, your girlfriend knowing when you are not with her...


At HouSecCon, MJ Keith gave a presentation on Android phone hacking and how the business contact App Bump can be used to steal info and generally do nefarious activity.

Of course there were other talks and conversation with several seasoned InfoSec professionals I know or just met, but all in all, they were great one day events.

Put these two conferences on your list as MUST attend for next year!!!!

There is a new paradigm shift (Yes I used it) in InfoSec conferences with one or two day inexpensive conferences (under $100) that are ruling the InfoSec conference circuit. Why? Because as InfoSec professionals, we have an obligation to train and educate in order to improve information security, not just make profit, which there is plenty of. B-Sides is another conference that was this weekend in Dallas that I tried to virtually attend via MS Live, but alas.. The audio did not work... ;-(

I am part of the Austin B-Sides March 2011 conference planning because I believe in this new InfoSec 1-2 day cheap to free mentality to promote InfoSec for everyone, not just those with budget to attend BlackHat, SANS, RSA or CSI events..

Watch my Blog for more on Austin B-Sides 2011, it WILL be a killer event !!! And just before South by Southwest Interactive week!!!!


Two new browsers for you to consider...




So we have two new browsers designed more for social networking than typical browsing. Both these browsers are based on Chromium, so expect speed for video and pictures.

Will these be more or less secure for surfing social sites like Facebook, Twitter, Flicker and others? Time will tell...
RockMelt website



Flock website

Wednesday, November 3, 2010

(U) SANS botched this one...




I usually agree with SANS, but they missed the #1 preventative item and that is REMOVE ADMINISTRATIVE access of the user!!!! This will cut your risk 90% give or take. Also AV will not help you from 0-Day events... Not being a local Admin will.

Start - Control Panel - Users - Create New User, make it STANDARD USER - set a good password.

Logoff, logon as is user and never use an Administrative account unless you are doing updates.

Surfing and Emailing as a Standard User will protect you more than anything else... Ohh and of course DON'T CLICK ON THAT !!!!

http://isc.sans.org/diary.html?storyid=9880

Tuesday, November 2, 2010

(F) Catch me on The InfoSec Daily Podcast, discussing compliance, Don't click on that, local administrator and other Infosec shutoff




Catch me chatting with Rick Hayes and Keith Pachulski on the "InfoSec Daily Podcast" Episode 248 - discussing PCI, compliance, Security Awareness, 'Don't click on THAT!!!' presentation, local administrator accounts and other shtuff... on iTunes:
Link to iTunes
or their website via MP3 download:
ISDPodcast website

Monday, November 1, 2010

Achieving Compliance Daily - my perspective on achieving compliance




Read my article in the November 2011 ISSA Journal on how to achieve compliance daily. Basically, spend the effort on obtaining compliance on actually improving your InfoSec program and by default you will be compliant.