Security musings (reflectorium)
Security musings (reflectorium)
Thursday, November 27, 2003
  CISSP-FFM
Just came back from a CISSP-ffm meeting. If you are in our area (Frankfurt), become a part of it
(0) comments
Wednesday, November 26, 2003
  Web-surfing using Proxies
Google has a good directory with free proxy servers. Free anonymous web-based proxies: The-Cloak (free ssl-based proxied-surfing), Guardster (url-encoded), The anonymous browsing quickstart page, PurePrivacy.com, AnonSurf.de, Proxybuster (one-page-at-a-time, takes user/password, download later), Of course, no guarantees on privacy (someone is paying for "free" stuff for a reason) - and "public" might not always be public..
Note: Google also has a directory with free privacy services and tools. (Interesting stuff.. incl. "anonymous web-hosting".. uh uh..) 
(0) comments
  Free Usenet News Server
Just a few links: maxbaud.net (free usenet server search engine) and the web-based usenet servers in the Google directory. 
(0) comments
  A Web-based Virtual Keyboard
A good thing - both for internalisation and if you suspect a keylogger on the system. I found one here. (direct link
(0) comments
  Free email provider directory
Yahoo has a long directory with free (web-based) email providers . From a personal point of view, I like arabia.com a lot. They offer free web-based email with domains like libyamail.com. Also, the ads look so much nicer - if you can't read them. 
(0) comments
  Classics
It has been around for ages and still full of surprises: The Risks Digest.
And of course, Bruce Schneier's cryptogram
(0) comments
  Essential Security Web-Sites
Internet Storm Center and esp. the Handler's Diary to see what's coming up
NewsNow.co.uk for fast updates on latest happenings
Trendmicro, Symantec, CAI, McAffee to chase things
Astalavista, securityfocus and packetstorm for "why? how?" 
(0) comments
  Fluchen auf Französisch
aus http://home.teleport.ch/mut/matrix/frames/presse/matrixfilmscript02de.txt
"Merovinger: [...] Ich liebe französischen Wein. Genauso wie die französische Sprache. Ich habe alle Sprachen probiert. Französisch ist die Beste. Fantastische Sprache. Ganz besonders, um darin zu fluchen: Nom de Dieu de putain de bordel de merde de saloperies de connards d'enculés de ta mère. Sehen Sie, es ist, als ob man sich den Arsch mit Seide abwischt. Ich liebe es. "
... noch mehr praktische Lebenshilfe 
(0) comments
  Center for Internet security
Benchmarks, tools and more. .and quite a few organisations (incl. (ISC)2) are members.
http://www.cisecurity.org/ 
(0) comments
  "Security at Microsoft"
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. 
(0) comments
Tuesday, November 25, 2003
  Virii celebrate 20 years milestone
..and here's a story of their history, along with a Core Wars link.  
(0) comments
Monday, November 24, 2003
  Impact of the 2003 Blackouts on Internet Communications
Renesys released this report and a press release with animations and all. (It was worse than widely believed. Is the Internet not fit as a critical infrastructure? Surprise anyone?) 
(0) comments
  Default logins for networked devices
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php 
(0) comments
  Riot Anonymous Remailer
web-interface Riot Anonymous Remailer (incl. links to mail2news gateways
.. and "remember privacy cannot be guaranteed".. ) 
(0) comments
  The Texas A&M Bonfire Disaster
I spent time in and around Texas A&M for quite a while. "Aggieland" is a strange place with strange customs. Imagine a university with a strong military academy component in between ranches. (Incidentally, George Bush lives nearby.) The bonfire desaster and its analysis, gives some striking testimony. - A useful management study (also for safety/security). 
(0) comments
  a free project mapping the internet
Let's all hope for cool imagery...
http://www.opte.org/
 
(0) comments
  Interpol Crime Prevention Checklist
Nice checklist for the security management in a company.
Looks like something handy for swift audits and due diligences.
http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp 
(0) comments
  Linux Security Checklists
e.g.
http://www.wfu.edu/~rbhm/linux.html
http://www.eits.uga.edu/wsg/security/linuxchecklist.html
http://www.security-gurus.de/papers/linux2.pdf 
(0) comments
  CISSP get-to-gether in Frankfurt (Rhine Main area), Germany

For all the CISSPs and other security professionals in the Frankfurt/Main area,
there's a mailing-list and there are meetings on a monthly basis. Next meeting is Nov 27th, 2003.
Check cissp-ffm here for details. 
(0) comments
Wednesday, November 19, 2003
  Data privacy/protection Homepage for European Union
German version: http://europa.eu.int/comm/internal_market/privacy/index_de.htm
English version: http://europa.eu.int/comm/internal_market/privacy/index_en.htm

Standard contract clauses in German and other languages 
(0) comments
Tuesday, November 18, 2003
  Security certification overview

(synapsis from an email I got from a colleague)

Technical Certifications:
SANS Global Information Assurance Certification (GIAC) with a variety of security tracks and Cisco

Auditing certifications for Accounting based professionals:
Certified Information Systems Auditor (CISA),
BS7799 Certification (lead auditor)

Risk based Certifications:
Certified Risk Professional (CRP)

Information Security Management Certifications:
Certified Information Systems Security Practitioner (CISSP)
Certified Information Security Manager (CISM) (should goin acceptance quickly),
Certified Protection Professional (CPP)

Disaster Recovery:
Certified Business Continuity Professional (CBCP),
Master Business Continuity Planner (MBCP),
Certified Senior RecoveryvPlanner (SRP)

Fraud Certifications:
Certified Fraud Examiner (CFE)

Physical Security:
Certified Institutional Protection Specialist (CIPS)
 
(0) comments
  from a post to cissp-forum:

I moderate 'security-management@securityfocus.com' which is focused
on exchanging ideas relating to general information security
management practices: "The SECURITY-MANAGEMENT mailing list is meant
to assist those with security program management responsibilities,
focusing on topics related to the planning, implementation, and
maintenance of a strategic information security program aligned to
support individual organizational needs."

More info: http://www.securityfocus.com/archive/132

Thanks,
========================
Brad Bemis, CISSP, CISA, CBCP
Sr. Enterprise Security Engineer
Nordstrom, Inc.
(206) 233-5332
======================== 
(0) comments
  Security Awareness Links

An article detailing how to establish a security awareness program:
http://www.cyberguard.com/news_room/news_newsletter_030926threatwithin.cfm

For those interested in learning more about security awareness, the security-awareness group
http://groups.yahoo.com/group/security-awareness

NIST 800-50 is another great awareness resource
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
 
(0) comments
Wednesday, November 05, 2003
  More blogs
I found two other interesting blogs:
http://aeble.dyndns.org/blogs/Rants/
http://www.balrog.de/Axel/biblion/

 
(0) comments
Monday, November 03, 2003
  Various blogs
Bowulf's security blog, info-sec blog, jacob's blog, TaoSecurity Blog, Troy Jessup's network security blog, computer security @ bigblog
 
(0) comments
  Security Management Links

Here are some Security Management Links incl. a link to a great whitepaper on attack trees (my favorites!), called

Attack Modeling for Information Security and Survivability 
(0) comments
  I think that this web log ("blog") will be focused on security management.
At least that's what on my mind throughout my working day.
However, it's likely that now and then some private things will slip in.

Here's my web site to give you an idea on me.  
(0) comments


Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.

RSS Feed now atom.xml!
My public bloglines universe

Essential Security Web-Sites
Internet Head Up Display, Internet Storm Center incl. Handler's Diary NewsNow.co.uk on Virii and Security - Messagelabs stats, Trendmicro, Symantec, CAI, McAffee, F-Secure -- securityfocus, packetstorm


Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.
ARCHIVES
11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/


Powered by Blogger


related blogs: general and family research