Security Digest for July 30th – Aug 3rd

Computer Security Videos at Security-Freak.com
http://www.security-freak.net/videos.html
A series of good primer videos for network security engineers

Google TechTalk Video “What every engineer needs to know about security”
http://www.net-security.org/secworld.php?id=5401
Interesting talk at Google

Make Mashups secure
http://www.infoworld.com/article/07/08/06/32FEmashsec_1.html
Important techniques to make your mashup more secure

Consumer Reports: Malware Costs US Consumer $7 Billion Over Two Years
http://www.darkreading.com/document.asp?doc_id=131056

Super All-in-one network security test system
http://www.eweek.com/article2/0,1759,2165270,00.asp?kc=EWRSS03129TX1K0000614
A start-up using HD Moore’s Metasploit technology and where he is the Director of Security Research is launching the mother of all network security test systems.

Security Digest for July 9th – 13th

How to Detect Security Vulnerabilities in Your System
http://www.cio.com/article/107158/How_to
_Detect_Security_Vulnerabilities_in_Your_Systems/1
Highlights the importance of keeping up with Common Vulnerability and Exposure (CVE) in your network

 Hackers Clean Up with Ajax
http://www.darkreading.com/document.asp?doc_id=128730
Web 2.0 technologies might be prettier to the end user but they are inherently more vulnerable.

NSA, DHS name top info assurance schools
http://www.fcw.com/article103179-07-09-07-Web
Don’t send your people to just any security school.

RFP: Penetration Testing
http://www.eweek.com/article2/0,1759,2155859,00.asp?kc=EWRSS03129TX1K0000614
A quick and dirty guideline for pen tests.

Security Digest for July 2 – July 6

Security Company launches eBay for Zero-day exploits
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026363&
source=rss_topic17
I’m all for security researchers getting paid for their work but this marketplace has to make sure that cybercriminals are not on the other side of these transactions.

Court holds Belgium ISP liable for file sharing
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026360
This sets a worrisome precedence for all ISPs which in the past have taken no responsibility over what transverses over their network.

Hackers target C-level execs and their families
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9026048
A very good example of spear-phishing.

Data Leak Prevention in Flux
http://www.darkreading.com/document.asp?doc_id=128292
DLP is starting to get traction in the marketplace.

Credit card fraud takes a charitable twist
http://www.scmagazine.com/us/news/article/669553/not-so-sweet-charity-credit-card-fraud-takes-charitable-twist/
Be careful of small transactions on your credit card- the cybercriminals are testing it!

Investigating logic bomb attacks and their explosive effects
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1262766,00.html?track=sy320
A good article describing one of the worst type of attacks that can happen to you and your company.

6 ways to fight back against botnets
http://www.networkworld.com/research/2007/070607-botnet-side1.html?page=1
These 6 ways are also a great way to stay secure from many Internet-based malware.

Average Zero-day bug has 348-day lifespan
http://www.networkworld.com/news/2007/070907-average-zero-day-bug-has-348-day.html?fsrc=rss-security
How much havoc can hackers do in over just under a year?!!

Security Digest for June 18th – June 22nd

Can ‘cyberinsurance protect you from data breach catastrope?
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023078&
pageNumber=1
As insurance companies dip their toe into the cyperbinsurance market, it is good for admins to know what to look for and how to decrease potential premiums.

IBM, HP reshape Web app security market
http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci12
61423,00.html?track=sy160
Possible good security consequences of IBM buying Watchfire and HP buying SPI Dynamics

Mergers and acquisitions: Building up security after an M&A
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1261024,00.
html?track=sy320
A lot of times IT security is pushed aside during the frantic activities of M&A. Advice: Don’t let it be.

Security Digest for June 11th – June 15th

Study: Law puts damper on Web security research
http://www.computerworld.com/action/article.do?command=viewArticle
Basic&articleId=9024361&source=rss_topic17
Also mentioned in my June 12th post #5. These laws hamper white hat hackers’ ability to do their job.

10 reasons why the Black Hats have us outgunned
http://www.theregister.co.uk/2007/06/13/black_hat_list/
A good primer on what it is like to be a black hat hacker

CIOs look Beyond Cops for Help Fighting Cybercrime
http://www.cio.com/article/118500/CIOs_Look_Beyond_Cops_for_Help
_Fighting_Cybercrime
With the Secret Service and FBI overwhelmed and under-resourced to catch hackers in other countries, CIOs have to find help from others.

Four Deadly security sins
http://www.zdnetasia.com/news/security/0,39044215,62020417,00.htm 
A quick reminder to have your bases covered.

Gartner: Consumer Products Threaten Corporate Security
http://www.darkreading.com/document.asp?doc_id=126638
Advice on how to protect against consumer products and Web 2.0 technologies in the enterprise.

Online crime group logs Millionth complaint
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9025038&
taxonomyId=17&intsrc=kc_top
This represents over $650 million in losses to customers in the US alone.

Why network-based security doesn’t cut it anymore
http://www.networkworld.com/news/2007/061407-vc-recommends-client-
side-security.html?fsrc=rss-security
A VC’s take on the importance of securing the endpoint.