From Security Weekly Wiki
Jump to navigation
Jump to search
← Older edit
Newer edit →
Revision as of 20:49, 8 December 2011
7,002 bytes added
20:49, 8 December 2011
→Stories For Discussion
[http://blogs.technet.com/b/msrc/archive/2011/08/10/bluehat-prize-q-amp-a-with-katie-moussouris.aspx BlueHat Prize Q&A with Katie Moussouris]
#[http://securityvulns.com/docs27398.html Security Advisory: [security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders] - Looks like HP is jumping on the problems with the printers that have firmware updates turned on. If you have printers on your network (snicker) then you should be rolling out this patch.
#[http://blog.ncircle.com/blogs/patterns/archives/2011/12/which_half_of_your_business_ar.html nCircle Patterns Blog: Which Half of Your Business Are You Protecting?] - This is the sam
e old story, business are only looking at the perimeter, ignoring security on the rest of the environment. I see this both ways in the vulnerability management front. It seems either
an organization will scan the inside OR the outside, but not always both. You need to be managing vulnerabilities on all systems. Of course, thats the tricky part, getting full covera
ge of everything that connects to the network in today's world.
#[http://www.veracode.com/blog/2011/12/hp-faces-class-action-lawsuit-over-printer-software-vulnerability/ HP Faces Class Action Lawsuit Over Printer Software Vulnerability] - The comm
unity rises to fight printer vulnerabilities, whooohoo! Do we need to get lawyers involved though? Maybe thats what it comes down to. I think the difficult part may be showing loss, a
s the vulnerabilitiy is not being exploited in the wild to my knowledge.
#[http://www.h-online.com/security/news/item/Facebook-glitch-gave-access-to-other-users-private-pictures-1391270.html Facebook glitch gave access to other users' private pictures] - L
ots of drunk half naked women/girls were exposed. Sorry, just had to say it.
#[http://www.h-online.com/security/news/item/Download-com-apologises-for-bundling-1392501.html Download.com apologises for bundling] - Apologies? How about a process that verifies wha
t is being downloaded? CNET should be publically shamed for letting this happen. Oh wait, I just did.
#[http://www.telegraph.co.uk/technology/news/8921033/Staff-to-be-banned-from-sending-emails.html Staff to be banned from sending emails - Telegraph] - I wish more people would do this
. I don't think it would help security, but it would make for better communication. So many people use email where IM could work better.
#[http://carnal0wnage.attackresearch.com/2011/11/embeding-link-to-network-share-in-word.html Carnal0wnage & Attack Research Blog: Embeding A Link To A Network Share In A Word Doc] - T
his is great for tracking documents.
#[http://hackonadime.blogspot.com/2011/12/hacking-printers-pjl-basics.html Hacking On A Dime: “Hacking” Printers - PJL Basics] - Great article on PJL, anytime you can get a breakdown
of this protocol its a good thing, because its a messed up protocol.
#[http://1raindrop.typepad.com/1_raindrop/2011/12/top-5-security-influencers.html Top 5 Security Influencers] - This is just a great list, and I totally agree. Security is about peopl
#[http://www.darknet.org.uk/2011/12/sslyze-fast-and-full-featured-ssl-configuration-scanner/ sslyze – Fast and Full-Featured SSL Configuration Scanner] - We bash SSL, fact is so many
SSL implementations are just wrong. Use this tool to make it right.
#[http://www.secureconsulting.net/2011/12/3-common-ways-security-fails-p.html 3 Common Ways Security Fails People] - "1) It gets in the way. 2) It makes life more difficult. 3) It doesn't understand what's important."
#[https://365.rsaconference.com/blogs/mike-gentile/2011/12/07/how-being-green-makes-you-stink-at-security-print-bigger How being Green Makes You Stink at Security: Print Bigger] - I c
an see how this MAY save a few pieces of paper, security-wise though, you are still printing through a vulnerable printer :)
#[http://carnal0wnage.attackresearch.com/2011/12/aggressive-mode-vpn-ike-scan-psk-crack.html Aggressive Mode VPN — IKE-Scan] - I come up against VPN on pen tests, its pretty boring, t
here are some attacks, but what most people ignore is that if I want to attack your VPN, I'm going after the clients. I also want to hear about successful attacks against SSL VPNS.
#[http://nakedsecurity.sophos.com/2011/12/08/justin-bieber-stabbed-facebook-scam/ Justin Bieber stabbed by a crazed fan? It’s a Facebook scam] - We can only hope...
Retrieved from "
Application Security Weekly
Business Security Weekly
Enterprise Security Weekly
Paul's Security Weekly
Security Weekly News
Security And Compliance Weekly
Tradecraft Security Weekly
Security Weekly Links
About Security Weekly Wiki