Security musings (reflectorium)
Security musings (reflectorium)
Thursday, November 27, 2003
CISSP-FFM
(0) comments
Just came back from a CISSP-ffm meeting. If you are in our area (Frankfurt), become a part of it! Wednesday, November 26, 2003
Web-surfing using Proxies
(0) comments
Google has a good directory with free proxy servers. Free anonymous web-based proxies: The-Cloak (free ssl-based proxied-surfing), Guardster (url-encoded), The anonymous browsing quickstart page, PurePrivacy.com, AnonSurf.de, Proxybuster (one-page-at-a-time, takes user/password, download later), Of course, no guarantees on privacy (someone is paying for "free" stuff for a reason) - and "public" might not always be public.. Note: Google also has a directory with free privacy services and tools. (Interesting stuff.. incl. "anonymous web-hosting".. uh uh..)
Free Usenet News Server
(0) comments
Just a few links: maxbaud.net (free usenet server search engine) and the web-based usenet servers in the Google directory.
A Web-based Virtual Keyboard
(0) comments
A good thing - both for internalisation and if you suspect a keylogger on the system. I found one here. (direct link)
Free email provider directory
(0) comments
Yahoo has a long directory with free (web-based) email providers . From a personal point of view, I like arabia.com a lot. They offer free web-based email with domains like libyamail.com. Also, the ads look so much nicer - if you can't read them.
Classics
(0) comments
It has been around for ages and still full of surprises: The Risks Digest. And of course, Bruce Schneier's cryptogram.
Essential Security Web-Sites
(0) comments
Internet Storm Center and esp. the Handler's Diary to see what's coming up NewsNow.co.uk for fast updates on latest happenings Trendmicro, Symantec, CAI, McAffee to chase things Astalavista, securityfocus and packetstorm for "why? how?"
Fluchen auf Französisch
(0) comments
aus http://home.teleport.ch/mut/matrix/frames/presse/matrixfilmscript02de.txt "Merovinger: [...] Ich liebe französischen Wein. Genauso wie die französische Sprache. Ich habe alle Sprachen probiert. Französisch ist die Beste. Fantastische Sprache. Ganz besonders, um darin zu fluchen: Nom de Dieu de putain de bordel de merde de saloperies de connards d'enculés de ta mère. Sehen Sie, es ist, als ob man sich den Arsch mit Seide abwischt. Ich liebe es. " ... noch mehr praktische Lebenshilfe
Center for Internet security
(0) comments
Benchmarks, tools and more. .and quite a few organisations (incl. (ISC)2) are members. http://www.cisecurity.org/
"Security at Microsoft"
(0) comments
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft. Tuesday, November 25, 2003
Virii celebrate 20 years milestone
(0) comments
..and here's a story of their history, along with a Core Wars link. Monday, November 24, 2003
Impact of the 2003 Blackouts on Internet Communications
(0) comments
Renesys released this report and a press release with animations and all. (It was worse than widely believed. Is the Internet not fit as a critical infrastructure? Surprise anyone?)
Default logins for networked devices
(0) comments
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php
Riot Anonymous Remailer
(0) comments
web-interface Riot Anonymous Remailer (incl. links to mail2news gateways .. and "remember privacy cannot be guaranteed".. )
The Texas A&M Bonfire Disaster
(0) comments
(0) comments
I spent time in and around Texas A&M for quite a while. "Aggieland" is a strange place with strange customs. Imagine a university with a strong military academy component in between ranches. (Incidentally, George Bush lives nearby.) The bonfire desaster and its analysis, gives some striking testimony. - A useful management study (also for safety/security).
Interpol Crime Prevention Checklist
(0) comments
Nice checklist for the security management in a company. Looks like something handy for swift audits and due diligences. http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp
Linux Security Checklists
(0) comments
e.g. http://www.wfu.edu/~rbhm/linux.html http://www.eits.uga.edu/wsg/security/linuxchecklist.html http://www.security-gurus.de/papers/linux2.pdf
CISSP get-to-gether in Frankfurt (Rhine Main area), Germany
(0) comments
For all the CISSPs and other security professionals in the Frankfurt/Main area, there's a mailing-list and there are meetings on a monthly basis. Next meeting is Nov 27th, 2003. Check cissp-ffm here for details. Wednesday, November 19, 2003
Data privacy/protection Homepage for European Union
(0) comments
German version: http://europa.eu.int/comm/internal_market/privacy/index_de.htm English version: http://europa.eu.int/comm/internal_market/privacy/index_en.htm Standard contract clauses in German and other languages Tuesday, November 18, 2003
Security certification overview
(0) comments
(synapsis from an email I got from a colleague) Technical Certifications: SANS Global Information Assurance Certification (GIAC) with a variety of security tracks and Cisco Auditing certifications for Accounting based professionals: Certified Information Systems Auditor (CISA), BS7799 Certification (lead auditor) Risk based Certifications: Certified Risk Professional (CRP) Information Security Management Certifications: Certified Information Systems Security Practitioner (CISSP) Certified Information Security Manager (CISM) (should goin acceptance quickly), Certified Protection Professional (CPP) Disaster Recovery: Certified Business Continuity Professional (CBCP), Master Business Continuity Planner (MBCP), Certified Senior RecoveryvPlanner (SRP) Fraud Certifications: Certified Fraud Examiner (CFE) Physical Security: Certified Institutional Protection Specialist (CIPS)
from a post to cissp-forum:
(0) comments
I moderate 'security-management@securityfocus.com' which is focused on exchanging ideas relating to general information security management practices: "The SECURITY-MANAGEMENT mailing list is meant to assist those with security program management responsibilities, focusing on topics related to the planning, implementation, and maintenance of a strategic information security program aligned to support individual organizational needs." More info: http://www.securityfocus.com/archive/132 Thanks, ======================== Brad Bemis, CISSP, CISA, CBCP Sr. Enterprise Security Engineer Nordstrom, Inc. (206) 233-5332 ========================
Security Awareness Links
(0) comments
An article detailing how to establish a security awareness program: http://www.cyberguard.com/news_room/news_newsletter_030926threatwithin.cfm For those interested in learning more about security awareness, the security-awareness group http://groups.yahoo.com/group/security-awareness NIST 800-50 is another great awareness resource http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf Wednesday, November 05, 2003
More blogs
(0) comments
I found two other interesting blogs: http://aeble.dyndns.org/blogs/Rants/ http://www.balrog.de/Axel/biblion/ Monday, November 03, 2003
Various blogs
(0) comments
Bowulf's security blog, info-sec blog, jacob's blog, TaoSecurity Blog, Troy Jessup's network security blog, computer security @ bigblog
Security Management Links
(0) comments
Here are some Security Management Links incl. a link to a great whitepaper on attack trees (my favorites!), called Attack Modeling for Information Security and Survivability
I think that this web log ("blog") will be focused on security management.
(0) comments
At least that's what on my mind throughout my working day. However, it's likely that now and then some private things will slip in. Here's my web site to give you an idea on me. |
RSS Feed now atom.xml!
Essential Security Web-Sites Recently added Detections from CAI Standalone Virus Cleaner Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004 / 01/01/2004 - 02/01/2004 / 02/01/2004 - 03/01/2004 / 03/01/2004 - 04/01/2004 / 04/01/2004 - 05/01/2004 / 05/01/2004 - 06/01/2004 / 06/01/2004 - 07/01/2004 / 07/01/2004 - 08/01/2004 / 08/01/2004 - 09/01/2004 / 09/01/2004 - 10/01/2004 / 10/01/2004 - 11/01/2004 / 01/01/2005 - 02/01/2005 / 02/01/2005 - 03/01/2005 / 03/01/2005 - 04/01/2005 / 04/01/2005 - 05/01/2005 / 05/01/2005 - 06/01/2005 / 06/01/2005 - 07/01/2005 / 07/01/2005 - 08/01/2005 / 01/01/2006 - 02/01/2006 / 02/01/2006 - 03/01/2006 / 03/01/2006 - 04/01/2006 / 06/01/2006 - 07/01/2006 / 08/01/2006 - 09/01/2006 / 09/01/2006 - 10/01/2006 / 12/01/2006 - 01/01/2007 / 03/01/2007 - 04/01/2007 / 05/01/2007 - 06/01/2007 / 07/01/2007 - 08/01/2007 / 08/01/2007 - 09/01/2007 / 10/01/2007 - 11/01/2007 / 11/01/2007 - 12/01/2007 / 12/01/2007 - 01/01/2008 / 02/01/2008 - 03/01/2008 / 09/01/2008 - 10/01/2008 / 10/01/2008 - 11/01/2008 / 03/01/2009 - 04/01/2009 / 09/01/2009 - 10/01/2009 / 11/01/2009 - 12/01/2009 / 01/01/2010 - 02/01/2010 / 02/01/2010 - 03/01/2010 / 06/01/2010 - 07/01/2010 /
|