Security musings (reflectorium)
Security musings (reflectorium)
Friday, February 27, 2004
Password-protection of Lotus Notes IDs(0) comments
Technical reference and a tool for cracking/brute-forcing/testing.
Thursday, February 26, 2004
Dedicated search engine and infolandscape maintained by the ETH Zürich.
(incl. Critical Infrastructures, etc.)
Open Source Methodologies for Security Testing(0) comments
I went to a FIST conference the other day in Frankfurt (at the university there). It took from 18:00 to 21:00, a bit more than a dozen people in attendance (incl. Alberto from CISSP-FFM!).
From the invitation: "FIST Conferences are free and open events where to present and talk different aspects of Penetration Testing and Information Security. Presentation of recent conferences in Madrid, Bombay, Delhi, Bangalore, Pune are available here....
The final agenda was
We had good discussions, especially on the risks in penetration testing and the overall need for a good methodology for Web Services testing. - I went away with the feeling that while penetration testing is at times "appealing" to management, from my point of view it has its shortcomings:
Interesting enough, there are other (rival?) groups pondering open methodologies for security testing, e.g.
Electronic Criime Scene Investigations - Guide for first responders
WS-I releases Web Services Security Scenarios
Tuesday, February 24, 2004
Comparison Cobit vs. ITIL vs. ISO17799(0) comments
.. strengths and weaknesses of each and which one to look at if in need of XYZ..
Monday, February 16, 2004
Misinformation in Security Advisories (ASN.1)(0) comments
Bugtraq carried a very good posting by John Compton, that aims to clarify some misunderstandings.
Saturday, February 07, 2004(0) comments
Friday, February 06, 2004
I'm a CISM.. =)(0) comments
The letter from ISACA with the certificate just arrived. I'm now a Certified Information Security Manager (CISM), which goes nicely with my Certified Information System Security Professional (CISSP) from (ISC)2.
- This makes me feel a bit strange and reminds me of the time I spent in the USA. It also makes me feel old and awkwardly aware that my CISSP three year anniversary is in March. "Stefan Keller, CISM, CISSP" or "Stefan Keller, CISSP, CISM"? - It's still an uncommon thing to boast certifications in Germany..
I hope it shows that I really enjoy working in the security field. (I think it will be the last cert. for some time..)
Wednesday, February 04, 2004
Another good security blog: Randy Bias(0) comments
[CISSP-FFM] Notes from the CISSP-FFM Meeting, 15.01.2004(2) comments
Just to wet the appetite of anyone in the greater Frankfurt (Germany) area.
The next meeting is planned to be Friday, 20.02.04 with Ernst&Young in Eschborn (Thank you Marcus!).
The next Bird-of-Feather event is the GI security management workshop this Friday, 06.02.04, in Frankfurt.
This one was a long meeting in Wiesbaden. We started at 19:30 and kept talking until 00:30 - which raised some concern for the safety of the Daimler folks that had to drive home all the way to Stuttgart. We quickly discussed whether we wanted any membership fees (no), and then moved on to a review of the Chaos Communication Conference in Berlin (Dec 27-29). We went through several presentation slides from the conference and the CISSP-FFMers that went there presented the key findings there. (see separate mail to the list) Marcus Rubenschuh gave a presentation on the German results of the E&Y's Information Security Survey. We then discussed the impact of Spam, the current situation and possible future scenarios. We then went through the slides to a NIST workshop on security metrics. There was criticism on the overall lack of good examples. We also did a brainstorm on future Birds-of-feather sessions around upcoming events, possible locations/calendar for the next events and a wish-list for field trips .. .
So please do join the fun: CISSP-FFM mailing list CISSP-FFM@Balrog.DE
Public Webinterface to subscribe and unsubscribe: http://AEble.DynDNS.ORG/cgi-bin/mailman/listinfo/cissp-ffm
Sunday, February 01, 2004
Netcraft's humorous DNS education on MyDoom, DDOS..(0) comments
..quotes five solutions and is titled "www.sco.com is a weapon of mass destruction".
Freeware sites: snapfiles(0) comments
The nuclear boy scout(0) comments
This is an older story, but I do like it a lot. From Harper's Magazine, Nov 1998: "The radioactive boy scout: when a teenager attempts to build a breeder reactor. (case of David Hahn who managed to secure materials and equipment from businesses and information from government officials to develop an atomic energy radiation project for his Boy Scout merit-badge)"
Cccure.org (The CISSP Open Study Guides Web Site)(0) comments
Cccure.org (The CISSP Open Study Guides Web Site) has a online copy of the Handbook of Information Security Management as well as a variety of other good resources.
RSS Feed now atom.xml!
Essential Security Web-Sites
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010