Security musings (reflectorium)
Security musings (reflectorium)
Thursday, November 27, 2003
Just came back from a CISSP-ffm meeting. If you are in our area (Frankfurt), become a part of it!
Wednesday, November 26, 2003
Web-surfing using Proxies(0) comments
Google has a good directory with free proxy servers. Free anonymous web-based proxies: The-Cloak (free ssl-based proxied-surfing), Guardster (url-encoded), The anonymous browsing quickstart page, PurePrivacy.com, AnonSurf.de, Proxybuster (one-page-at-a-time, takes user/password, download later), Of course, no guarantees on privacy (someone is paying for "free" stuff for a reason) - and "public" might not always be public..
Note: Google also has a directory with free privacy services and tools. (Interesting stuff.. incl. "anonymous web-hosting".. uh uh..)
Free Usenet News Server(0) comments
Just a few links: maxbaud.net (free usenet server search engine) and the web-based usenet servers in the Google directory.
A Web-based Virtual Keyboard(0) comments
A good thing - both for internalisation and if you suspect a keylogger on the system. I found one here. (direct link)
Free email provider directory(0) comments
Yahoo has a long directory with free (web-based) email providers . From a personal point of view, I like arabia.com a lot. They offer free web-based email with domains like libyamail.com. Also, the ads look so much nicer - if you can't read them.
It has been around for ages and still full of surprises: The Risks Digest.
And of course, Bruce Schneier's cryptogram.
Essential Security Web-Sites(0) comments
Internet Storm Center and esp. the Handler's Diary to see what's coming up
NewsNow.co.uk for fast updates on latest happenings
Trendmicro, Symantec, CAI, McAffee to chase things
Astalavista, securityfocus and packetstorm for "why? how?"
Fluchen auf Französisch(0) comments
"Merovinger: [...] Ich liebe französischen Wein. Genauso wie die französische Sprache. Ich habe alle Sprachen probiert. Französisch ist die Beste. Fantastische Sprache. Ganz besonders, um darin zu fluchen: Nom de Dieu de putain de bordel de merde de saloperies de connards d'enculés de ta mère. Sehen Sie, es ist, als ob man sich den Arsch mit Seide abwischt. Ich liebe es. "
... noch mehr praktische Lebenshilfe
Center for Internet security(0) comments
Benchmarks, tools and more. .and quite a few organisations (incl. (ISC)2) are members.
"Security at Microsoft"(0) comments
This paper describes what the Microsoft Corporate Security Group does to prevent malicious or unauthorized use of digital assets at Microsoft.
Tuesday, November 25, 2003
Virii celebrate 20 years milestone(0) comments
..and here's a story of their history, along with a Core Wars link.
Monday, November 24, 2003
Impact of the 2003 Blackouts on Internet Communications(0) comments
Renesys released this report and a press release with animations and all. (It was worse than widely believed. Is the Internet not fit as a critical infrastructure? Surprise anyone?)
Default logins for networked devices(0) comments
Riot Anonymous Remailer(0) comments
web-interface Riot Anonymous Remailer (incl. links to mail2news gateways
.. and "remember privacy cannot be guaranteed".. )
The Texas A&M Bonfire Disaster(0) comments
I spent time in and around Texas A&M for quite a while. "Aggieland" is a strange place with strange customs. Imagine a university with a strong military academy component in between ranches. (Incidentally, George Bush lives nearby.) The bonfire desaster and its analysis, gives some striking testimony. - A useful management study (also for safety/security).
a free project mapping the internet(0) comments
Let's all hope for cool imagery...
Interpol Crime Prevention Checklist(0) comments
Nice checklist for the security management in a company.
Looks like something handy for swift audits and due diligences.
Linux Security Checklists(0) comments
CISSP get-to-gether in Frankfurt (Rhine Main area), Germany(0) comments
For all the CISSPs and other security professionals in the Frankfurt/Main area,
there's a mailing-list and there are meetings on a monthly basis. Next meeting is Nov 27th, 2003.
Check cissp-ffm here for details.
Wednesday, November 19, 2003
Data privacy/protection Homepage for European Union(0) comments
German version: http://europa.eu.int/comm/internal_market/privacy/index_de.htm
English version: http://europa.eu.int/comm/internal_market/privacy/index_en.htm
Standard contract clauses in German and other languages
Tuesday, November 18, 2003
Security certification overview(0) comments
(synapsis from an email I got from a colleague)
SANS Global Information Assurance Certification (GIAC) with a variety of security tracks and Cisco
Auditing certifications for Accounting based professionals:
Certified Information Systems Auditor (CISA),
BS7799 Certification (lead auditor)
Risk based Certifications:
Certified Risk Professional (CRP)
Information Security Management Certifications:
Certified Information Systems Security Practitioner (CISSP)
Certified Information Security Manager (CISM) (should goin acceptance quickly),
Certified Protection Professional (CPP)
Certified Business Continuity Professional (CBCP),
Master Business Continuity Planner (MBCP),
Certified Senior RecoveryvPlanner (SRP)
Certified Fraud Examiner (CFE)
Certified Institutional Protection Specialist (CIPS)
from a post to cissp-forum:(0) comments
I moderate 'firstname.lastname@example.org' which is focused
on exchanging ideas relating to general information security
management practices: "The SECURITY-MANAGEMENT mailing list is meant
to assist those with security program management responsibilities,
focusing on topics related to the planning, implementation, and
maintenance of a strategic information security program aligned to
support individual organizational needs."
More info: http://www.securityfocus.com/archive/132
Brad Bemis, CISSP, CISA, CBCP
Sr. Enterprise Security Engineer
Security Awareness Links(0) comments
An article detailing how to establish a security awareness program:
For those interested in learning more about security awareness, the security-awareness group
NIST 800-50 is another great awareness resource
Wednesday, November 05, 2003
More blogs(0) comments
I found two other interesting blogs:
Monday, November 03, 2003
Various blogs(0) comments
Bowulf's security blog, info-sec blog, jacob's blog, TaoSecurity Blog, Troy Jessup's network security blog, computer security @ bigblog
Security Management Links(0) comments
Here are some Security Management Links incl. a link to a great whitepaper on attack trees (my favorites!), called
Attack Modeling for Information Security and Survivability
I think that this web log ("blog") will be focused on security management.(0) comments
At least that's what on my mind throughout my working day.
However, it's likely that now and then some private things will slip in.
Here's my web site to give you an idea on me.
RSS Feed now atom.xml!
Essential Security Web-Sites
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES11/01/2003 - 12/01/2003
/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010