PEN TEST HISTORY: Ian with another great post. He really hit on it’s history & rise of tool firms. http://tinyurl.com/4eg4he # PEN TEST EVOL: In part 2 of this article Ian hits the mark again. Compliance != Security. http://tinyurl.com/4wmqa7 # DELOITTE LA PTOP LOST: Well, 150,000 personal details this time. At least it sounds like the...
Read more »

PERFECT CLIENT: Use application whitelist approach. Of course standard stuff to (e.g., firewall, anti-*, …). # PERFECT CLIENT: Apps via cloud or local apps that don’t require cross login state. Data stored in cloud or on special area of USB. # PERFECT CLIENT: Of course all this runs off of an encrypted USB (Ironkey). Local workstation...
Read more »

METASPLOIT NOW OPEN SOURCE: This framework is now open starting with 3.2. I hope vendors don’t abuse this. http://tinyurl.com/5322m3 # NEW SKOUDIS CHALLENGE: Ed just announced a new challenge called “Scooby Doo and the Crypto Caper.” Sounds fun! http://tinyurl.com/3lhx9j # $700,000 IN PHISHING REVENUE: Man, I’m in the wrong biz. Of course maybe we...
Read more »

DNS VULN EXPLAINED: Nice guide to understanding the DNS vuln. http://tinyurl.com/64pruz #
Read more »

PERFECT CLIENT: Boot off USB stick; opens self-contained OS/apps; VPN to connect to intranet; steady-state to keep OS clean. Other opts too. # 5 YEARS: Don’t mess with potential VP’s email. http://tinyurl.com/445b2b # 1ST DEMO – NOW REAL THING: Now that a demo is out, researhers are spilling the beans about the clickjacking vuln. http://tinyurl.com/3w9vh9 # NO...
Read more »

MIFARE OWNED: Now anyone can ride subway for free. Don’t know if affects the DC metro. http://tinyurl.com/3lyzjr # TIC CONSPIRACY: Nice commentary on TIC. http://tinyurl.com/472cwc # GRASS GREENER CAREER STRATEGY: Just something to consider. http://tinyurl.com/4vacxc # NEWSBITES: Another good issue. http://tinyurl.com/4epdkp # COOL JOBS: Survey that stresses best positions to grow career. http://tinyurl.com/4epdkp # CLICKJACKING DEMO: It hasn’t been...
Read more »

ANOTHER BREACH: T-Mobile has joined the parade this time with 17 million records missing. http://tinyurl.com/4nwbjx # PLAUSIBLE DENIABILITY – NOT: So much for this feature in marketed in products. Looks like there is a fix though. http://tinyurl.com/45msn7 # DATA RISKS IN THE CLOUD: Nice Chrome-focused article that weighs benefits/risks of taking advantage of cloud apps. http://tinyurl.com/4l69e3...
Read more »