Security musings (reflectorium)
Security musings (reflectorium)
Thursday, November 27, 2003
CISSP-FFM
Just came back from a CISSP-ffm meeting. If you are in our area (Frankfurt), become a part of it!
(0) comments
Just came back from a CISSP-ffm meeting. If you are in our area (Frankfurt), become a part of it!
Wednesday, November 26, 2003
Web-surfing using Proxies
Google has a good directory with free proxy servers. Free anonymous web-based proxies: The-Cloak (free ssl-based proxied-surfing), Guardster (url-encoded), The anonymous browsing quickstart page, PurePrivacy.com, AnonSurf.de, Proxybuster (one-page-at-a-time, takes user/password, download later), Of course, no guarantees on privacy (someone is paying for "free" stuff for a reason) - and "public" might not always be public..
Note: Google also has a directory with free privacy services and tools. (Interesting stuff.. incl. "anonymous web-hosting".. uh uh..)
(0) comments
Google has a good directory with free proxy servers. Free anonymous web-based proxies: The-Cloak (free ssl-based proxied-surfing), Guardster (url-encoded), The anonymous browsing quickstart page, PurePrivacy.com, AnonSurf.de, Proxybuster (one-page-at-a-time, takes user/password, download later), Of course, no guarantees on privacy (someone is paying for "free" stuff for a reason) - and "public" might not always be public..
Note: Google also has a directory with free privacy services and tools. (Interesting stuff.. incl. "anonymous web-hosting".. uh uh..)
Free Usenet News Server
Just a few links: maxbaud.net (free usenet server search engine) and the web-based usenet servers in the Google directory.
(0) comments
Just a few links: maxbaud.net (free usenet server search engine) and the web-based usenet servers in the Google directory.
A Web-based Virtual Keyboard
A good thing - both for internalisation and if you suspect a keylogger on the system. I found one here. (direct link)
(0) comments
A good thing - both for internalisation and if you suspect a keylogger on the system. I found one here. (direct link)
Free email provider directory
Yahoo has a long directory with free (web-based) email providers . From a personal point of view, I like arabia.com a lot. They offer free web-based email with domains like libyamail.com. Also, the ads look so much nicer - if you can't read them.
(0) comments
Yahoo has a long directory with free (web-based) email providers . From a personal point of view, I like arabia.com a lot. They offer free web-based email with domains like libyamail.com. Also, the ads look so much nicer - if you can't read them.
Classics
It has been around for ages and still full of surprises: The Risks Digest.
And of course, Bruce Schneier's cryptogram.
(0) comments
It has been around for ages and still full of surprises: The Risks Digest.
And of course, Bruce Schneier's cryptogram.
Essential Security Web-Sites
Internet Storm Center and esp. the Handler's Diary to see what's coming up
NewsNow.co.uk for fast updates on latest happenings
Trendmicro, Symantec, CAI, McAffee to chase things
Astalavista, securityfocus and packetstorm for "why? how?"
(0) comments
Internet Storm Center and esp. the Handler's Diary to see what's coming up
NewsNow.co.uk for fast updates on latest happenings
Trendmicro, Symantec, CAI, McAffee to chase things
Astalavista, securityfocus and packetstorm for "why? how?"
Fluchen auf Französisch
aus http://home.teleport.ch/mut/matrix/frames/presse/matrixfilmscript02de.txt
"Merovinger: [...] Ich liebe französischen Wein. Genauso wie die französische Sprache. Ich habe alle Sprachen probiert. Französisch ist die Beste. Fantastische Sprache. Ganz besonders, um darin zu fluchen: Nom de Dieu de putain de bordel de merde de saloperies de connards d'enculés de ta mère. Sehen Sie, es ist, als ob man sich den Arsch mit Seide abwischt. Ich liebe es. "
... noch mehr praktische Lebenshilfe
(0) comments
aus http://home.teleport.ch/mut/matrix/frames/presse/matrixfilmscript02de.txt
"Merovinger: [...] Ich liebe französischen Wein. Genauso wie die französische Sprache. Ich habe alle Sprachen probiert. Französisch ist die Beste. Fantastische Sprache. Ganz besonders, um darin zu fluchen: Nom de Dieu de putain de bordel de merde de saloperies de connards d'enculés de ta mère. Sehen Sie, es ist, als ob man sich den Arsch mit Seide abwischt. Ich liebe es. "
... noch mehr praktische Lebenshilfe
Center for Internet security
Benchmarks, tools and more. .and quite a few organisations (incl. (ISC)2) are members.
http://www.cisecurity.org/
(0) comments
Benchmarks, tools and more. .and quite a few organisations (incl. (ISC)2) are members.
http://www.cisecurity.org/
"Security at Microsoft"
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft.
(0) comments
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft.
Tuesday, November 25, 2003
Virii celebrate 20 years milestone
..and here's a story of their history, along with a Core Wars link.
(0) comments
..and here's a story of their history, along with a Core Wars link.
Monday, November 24, 2003
Impact of the 2003 Blackouts on Internet Communications
Renesys released this report and a press release with animations and all. (It was worse than widely believed. Is the Internet not fit as a critical infrastructure? Surprise anyone?)
(0) comments
Renesys released this report and a press release with animations and all. (It was worse than widely believed. Is the Internet not fit as a critical infrastructure? Surprise anyone?)
Default logins for networked devices
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php
(0) comments
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php
Riot Anonymous Remailer
web-interface Riot Anonymous Remailer (incl. links to mail2news gateways
.. and "remember privacy cannot be guaranteed".. )
(0) comments
web-interface Riot Anonymous Remailer (incl. links to mail2news gateways
.. and "remember privacy cannot be guaranteed".. )
The Texas A&M Bonfire Disaster
I spent time in and around Texas A&M for quite a while. "Aggieland" is a strange place with strange customs. Imagine a university with a strong military academy component in between ranches. (Incidentally, George Bush lives nearby.) The bonfire desaster and its analysis, gives some striking testimony. - A useful management study (also for safety/security).
(0) comments
(0) comments
I spent time in and around Texas A&M for quite a while. "Aggieland" is a strange place with strange customs. Imagine a university with a strong military academy component in between ranches. (Incidentally, George Bush lives nearby.) The bonfire desaster and its analysis, gives some striking testimony. - A useful management study (also for safety/security).
Interpol Crime Prevention Checklist
Nice checklist for the security management in a company.
Looks like something handy for swift audits and due diligences.
http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp
(0) comments
Nice checklist for the security management in a company.
Looks like something handy for swift audits and due diligences.
http://www.interpol.int/Public/TechnologyCrime/CrimePrev/companyChecklist.asp
Linux Security Checklists
e.g.
http://www.wfu.edu/~rbhm/linux.html
http://www.eits.uga.edu/wsg/security/linuxchecklist.html
http://www.security-gurus.de/papers/linux2.pdf
(0) comments
e.g.
http://www.wfu.edu/~rbhm/linux.html
http://www.eits.uga.edu/wsg/security/linuxchecklist.html
http://www.security-gurus.de/papers/linux2.pdf
CISSP get-to-gether in Frankfurt (Rhine Main area), Germany
For all the CISSPs and other security professionals in the Frankfurt/Main area,
there's a mailing-list and there are meetings on a monthly basis. Next meeting is Nov 27th, 2003.
Check cissp-ffm here for details.
(0) comments
For all the CISSPs and other security professionals in the Frankfurt/Main area,
there's a mailing-list and there are meetings on a monthly basis. Next meeting is Nov 27th, 2003.
Check cissp-ffm here for details.
Wednesday, November 19, 2003
Data privacy/protection Homepage for European Union
German version: http://europa.eu.int/comm/internal_market/privacy/index_de.htm
English version: http://europa.eu.int/comm/internal_market/privacy/index_en.htm
Standard contract clauses in German and other languages
(0) comments
German version: http://europa.eu.int/comm/internal_market/privacy/index_de.htm
English version: http://europa.eu.int/comm/internal_market/privacy/index_en.htm
Standard contract clauses in German and other languages
Tuesday, November 18, 2003
Security certification overview
(synapsis from an email I got from a colleague)
Technical Certifications:
SANS Global Information Assurance Certification (GIAC) with a variety of security tracks and Cisco
Auditing certifications for Accounting based professionals:
Certified Information Systems Auditor (CISA),
BS7799 Certification (lead auditor)
Risk based Certifications:
Certified Risk Professional (CRP)
Information Security Management Certifications:
Certified Information Systems Security Practitioner (CISSP)
Certified Information Security Manager (CISM) (should goin acceptance quickly),
Certified Protection Professional (CPP)
Disaster Recovery:
Certified Business Continuity Professional (CBCP),
Master Business Continuity Planner (MBCP),
Certified Senior RecoveryvPlanner (SRP)
Fraud Certifications:
Certified Fraud Examiner (CFE)
Physical Security:
Certified Institutional Protection Specialist (CIPS)
(0) comments
(synapsis from an email I got from a colleague)
Technical Certifications:
SANS Global Information Assurance Certification (GIAC) with a variety of security tracks and Cisco
Auditing certifications for Accounting based professionals:
Certified Information Systems Auditor (CISA),
BS7799 Certification (lead auditor)
Risk based Certifications:
Certified Risk Professional (CRP)
Information Security Management Certifications:
Certified Information Systems Security Practitioner (CISSP)
Certified Information Security Manager (CISM) (should goin acceptance quickly),
Certified Protection Professional (CPP)
Disaster Recovery:
Certified Business Continuity Professional (CBCP),
Master Business Continuity Planner (MBCP),
Certified Senior RecoveryvPlanner (SRP)
Fraud Certifications:
Certified Fraud Examiner (CFE)
Physical Security:
Certified Institutional Protection Specialist (CIPS)
from a post to cissp-forum:
I moderate 'security-management@securityfocus.com' which is focused
on exchanging ideas relating to general information security
management practices: "The SECURITY-MANAGEMENT mailing list is meant
to assist those with security program management responsibilities,
focusing on topics related to the planning, implementation, and
maintenance of a strategic information security program aligned to
support individual organizational needs."
More info: http://www.securityfocus.com/archive/132
Thanks,
========================
Brad Bemis, CISSP, CISA, CBCP
Sr. Enterprise Security Engineer
Nordstrom, Inc.
(206) 233-5332
========================
(0) comments
I moderate 'security-management@securityfocus.com' which is focused
on exchanging ideas relating to general information security
management practices: "The SECURITY-MANAGEMENT mailing list is meant
to assist those with security program management responsibilities,
focusing on topics related to the planning, implementation, and
maintenance of a strategic information security program aligned to
support individual organizational needs."
More info: http://www.securityfocus.com/archive/132
Thanks,
========================
Brad Bemis, CISSP, CISA, CBCP
Sr. Enterprise Security Engineer
Nordstrom, Inc.
(206) 233-5332
========================
Security Awareness Links
An article detailing how to establish a security awareness program:
http://www.cyberguard.com/news_room/news_newsletter_030926threatwithin.cfm
For those interested in learning more about security awareness, the security-awareness group
http://groups.yahoo.com/group/security-awareness
NIST 800-50 is another great awareness resource
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
(0) comments
An article detailing how to establish a security awareness program:
http://www.cyberguard.com/news_room/news_newsletter_030926threatwithin.cfm
For those interested in learning more about security awareness, the security-awareness group
http://groups.yahoo.com/group/security-awareness
NIST 800-50 is another great awareness resource
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Wednesday, November 05, 2003
More blogs
I found two other interesting blogs:
http://aeble.dyndns.org/blogs/Rants/
http://www.balrog.de/Axel/biblion/
(0) comments
I found two other interesting blogs:
http://aeble.dyndns.org/blogs/Rants/
http://www.balrog.de/Axel/biblion/
Monday, November 03, 2003
Various blogs
Bowulf's security blog, info-sec blog, jacob's blog, TaoSecurity Blog, Troy Jessup's network security blog, computer security @ bigblog
(0) comments
Bowulf's security blog, info-sec blog, jacob's blog, TaoSecurity Blog, Troy Jessup's network security blog, computer security @ bigblog
Security Management Links
Here are some Security Management Links incl. a link to a great whitepaper on attack trees (my favorites!), called
Attack Modeling for Information Security and Survivability
(0) comments
Here are some Security Management Links incl. a link to a great whitepaper on attack trees (my favorites!), called
Attack Modeling for Information Security and Survivability
I think that this web log ("blog") will be focused on security management.
At least that's what on my mind throughout my working day.
However, it's likely that now and then some private things will slip in.
Here's my web site to give you an idea on me.
(0) comments
At least that's what on my mind throughout my working day.
However, it's likely that now and then some private things will slip in.
Here's my web site to give you an idea on me.
Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.
RSS Feed now atom.xml!
Essential Security Web-Sites
Internet Head Up Display,
Internet Storm Center incl. Handler's Diary
NewsNow.co.uk on Virii and Security -
Messagelabs stats,
Trendmicro,
Symantec,
CAI,
McAffee,
F-Secure
-- securityfocus,
packetstorm
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/
related blogs: general and family research
