Episode278

From Security Weekly Wiki
Jump to navigationJump to search


Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 278 for Thursday February 16th, 2012


  • John Strand will be teaching Offensive Countermeasures at SANS Orlando March 23-24th: Check it out here
  • Subscribe to our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini. Wether you smoke an occasional cigar or daily, this show is for you! Tune in as we review the latest cigars being released and talk "Stogie Tech".

Interview: Jeremiah Grossman

Jeremiah Grossman founded WhiteHat Security in August 2001, and is a world-renowned expert in Web security. He's a founder of the Web Application Security Consortium (WASC), and was named one of InfoWorld's Top 25 CTOs for 2007. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Follow him on Twitter at @jeremiahg


JGrossman.jpg


Four years and 4,000 websites video, slides

  1. Tell us about the "Top Ten Web Hacking Techniques of 2011" survey
  2. There is always a lot of discussion about the value of certifications in infosec, but the Certified Application Security Specialist credential has retained its cachet. As one of the founders, what lessons can you share with other certification bodies such as (ISC)2 and ISACA in their attempts to remain relevant?

Stories

Paul's Stories

Last login: Thu Feb 16 11:18:41 on ttys004 [paulda@Pauls-MacBook-Pro:~/private]$ cd ../Do -bash: cd: ../Do: No such file or directory [paulda@Pauls-MacBook-Pro:~/private]$ cd ../Downloads/ [paulda@Pauls-MacBook-Pro:~/Downloads]$ history | grep awk

  25  history  | grep awk
  27   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\(1*.csv  | sed -e 's/\"//g'
  28   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\(1\).csv  | sed -e 's/\"//g'
  29   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(1\).csv  | sed -e 's/\"//g'
  30   awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(1\).csv  | sed -e 's/\"//g' > pdc-268.txt
 103  awk -FS" '{print $4}
 104  awk -FS" '{print $4}'
 105  awk -FS'"' '{print $4}'
 106  awk -FS'"' '{print $4}' MyCigarSubscriptions.opml 
 107  awk -FS'"' '{print $6}' MyCigarSubscriptions.opml 
 109  awk -FS'"' '{print $13}' MyCigarSubscriptions.opml 
 110  awk -FS'"' '{print $14}' MyCigarSubscriptions.opml 
 111  awk -FS'"' '{print $15}' MyCigarSubscriptions.opml 
 113  awk -FS'"' '{print $3,4,5,6,7,8,9}' MyCigarSubscriptions.opml
 114  awk -FS'"' '{print $3,$4,5,6,7,8,9}' MyCigarSubscriptions.opml
 115  awk -FS'"' '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 116  awk -FS" '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 117  awk -FS'"' '{print $3,$4,$5,$6,$7,$8,$9}' MyCigarSubscriptions.opml
 130  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href="\"$1\""}'
 131  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href=\"$1\""}'
 132  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href=\""$1\""}'
 133  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\""}'
 134  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"}'
 135  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1}'
 136  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\<\\a\>}'
 137  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1""\<\\a\>"}'
 138  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1""}'
 139  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"}'
 140  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1\""}'
 141  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1}'
 142  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\""}'
 143  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<"}'
 144  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<\a>"}'
 145  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"\"<\\a>"}'
 148  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\\a>"}'
 149  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>"}'
 150  cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}' 151 cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}' > mycigarblogs.html 153 cat MyCigarSubscriptions.opml | cut -d'"' -f12 | awk '{print "\<a href\=\"" $1 "\"\>"$1"<\/a>
"}' 165 awk '{print $1 "," $2 "," $3}' cigars.in 177 history | grep awk 178 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' pdc269.csv | sed -e 's/\"//g' > pdc-268.txt 179 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' pdc269.csv | sed -e 's/\"//g' > pdc-269.txt 199 history | grep awk 202 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(2\).csv | sed -e 's/\"//g' 310 history | grep awk 311 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(3\).csv | sed -e 's/\"//g' 314 history | grep awk 315 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(3\).csv | sed -e 's/\"//g' 316 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(4\).csv | sed -e 's/\"//g' 335 history | grep awk 336 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv | sed -e 's/\"//g' 338 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv | sed -e 's/\"//g' 345 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(5\).csv | sed -e 's/\"//g' 346 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv | sed -e 's/\"//g' 348 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv | sed -e 's/\"//g' 349 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv | sed -e 's/\"//g' 491 history | grep awk 492 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(6\).csv | sed -e 's/\"//g' 493 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(7\).csv | sed -e 's/\"//g' 503 history | grep awk

[paulda@Pauls-MacBook-Pro:~/Downloads]$ !493 awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(7\).csv | sed -e 's/\"//g'

  1. [URL Title]
  2. Easy Directory Traversal with Burp
  3. Some IDS comments
  4. Standing Desk 2.0
  5. Infosec: Where’s our “Long Tail”?
  6. The Toughest Question in Digital Security
  7. Forcing Flash to Play in the Sandbox
  8. It all started with a Pillow Fight….
  9. I’m Sorry I Called Your Baby Ugly … But It Is
  10. Red Hat Network Satellite Server spacewalk-backend Remote and Local Password Disclosure
  11. Trustwave admits issuing man-in-the-middle digital certificate
  12. Top 10 pirated movies in the world (infographic)
  13. Keeping up with the hackers (chart)
  14. How Many Monitors Is Too Many?
  15. Caffeine fix? Now you can literally inhale it.
  16. Don’t Stick That in There – HID (Human Interface Device)
  17. [webapps - OSCommerce v3.0.2 - Persistent Cross Site Vulnerability]
  18. Android and Security - Official Google Mobile Blog
  19. FBI Conference Call Tapped By Antisec
  20. Sophos 2012 Security Threat Report
  21. Two Approaches to Managing Mobile Devices
  22. Microsoft Internet Explorer 'Forced Tweet' Cross Domain
  23. Remotely start your car using an Arduino
  24. Apple revises Snow Leopard security update
  25. 'Psycho Siri': Scariest Siri parody yet? | Crave - CNET
  26. Job-seeking Marriott hacker gets 30 months' porridge
  27. Satellite phone encryption cracked - Telegraph
  28. PHP 5.3.10 fixes critical remote code execution vulnerability
  29. Boardroom Spying for Fun and Profit
  30. When will wearables be wearable?
  31. Why I Love Routerpwn? Simplicity!
  32. 10 SharePoint Security Mistakes You Probably Make
  33. Basics of embedded firewalls - Exploding the myths
  34. Firewalls and SSL: More Profitable than Facebook
  35. Apple and Apache security fixes and releases
  36. Who’s Behind the World’s Largest Spam Botnet?
  37. SocialShield Releases the Top Social Networking Terms Kids Don’t Want Their Parents To Know
  38. Island Hopping the SpiderLabs Way
  39. VeriSign Breached
  40. Hacker extracts RFID credit card details
  41. HTC Android phones expose Wi-Fi passwords to apps
  42. Critical PHP vulnerability being fixed
  43. Opera < 11.61 Multiple Vulnerabilities
  44. Google Chrome < 16.0.912.77 Multiple Vulnerabilities
  45. OpenSSL 0.9.8s DTLS Denial of Service
  46. McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution
  47. WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow
  48. WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow
  49. HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
  50. HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
  51. HP Managed Printing Administration Detection
  52. New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed
  53. Cisco Security Appliances at risk from Telnet bug
  54. Symantec publishes pcAnywhere security recommendations
  55. Why Your Company Needs To Hack Itself
  56. Hacking Seen as Rising Risk With Car Electronics
  57. When Antivirus Firms Can't Tell They've Been Hacked
  58. Students busted for hacking computers
  59. Feds say Megaupload user content could be deleted this week
  60. Warnings About Windows Exploit
  61. Shmoocon Demo Shows Easy
  62. Rootkit has rhythm
  63. Iran To Execute Programmer
  64. toolsmith: Security Onion
  65. T-Mobile reused staff passwords
  66. Using False Alarms to Disable Security
  67. Why should senior management be involved in security decisions?
  68. Rising Network Insecurity… and the Need to Re-examine Security Fundamentals
  69. Understanding collisions and duplex in wireless
  70. Microsoft Anti-XSS Library Bypass (MS12-007)
  71. Why more APs aren’t always better
  72. Basic Setup of Security-Onion: Snort
  73. How To Run Penetration Tests From The Amazon Cloud - Without Getting Into Trouble
  74. What the heck is SOPA?
  75. Top 10 Trends In Information Security
  76. I Left My Data In El Segundo - Dark Reading
  77. Reflection Scan: an Off-Path Attack on TCP
  78. Symantec admits to more exposed code
  79. Dusseldorf airport closes security holes
  80. Cisco IP Video Phone E20 Default Account Lets Remote Users Obtain Root Access
  81. Into the cloud -- securely
  82. Fundamental Oracle flaw revealed
  83. Secunia sets six-month deadline for vulnerability disclosures
  84. Custom Wineador™ Creations - Home
  85. Five Principles To Better Your Security Monitoring
  86. Wireshark 1.4.x and 1.6.x updates close security holes
  87. PHP 5.3.9 released with hash DoS fix
  88. Recovering a Hacked Gmail Account
  89. 10 years of breach
  90. Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
  91. PRC Targeting DoD Smart Cards
  92. Time to check your DNS settings?
  93. Windows Live may be a vulnerability for Xbox Live users
  94. Zappos Says Hackers Accessed 24 Million Customers' Account Details
  95. ACROS Security Blog: Is Your Online Bank Vulnerable To Currency Rounding Attacks?
  96. Flying the Fraudster Skies
  97. How Come My Blog/Podcast Wasnt Nominated?
  98. Best Book Bejtlich Read in 2011
  99. An example of likejacking (Facebook clickjacking)
  100. Google Renews Push Into China
  101. [Honeypot Alert Extensive ‘setup.php Scanning Detected]
  102. Show me your SSID’s
  103. How a Baptist pastor in Florida became the go-to IT guy
  104. Robot Makers Not Thrilled To Be Stuck Next To Justin Bieber ≈ Packet Storm
  105. Apple
  106. Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on
  107. When Someone Else's Insider is Your Threat
  108. The inconvenient truth about passwords
  109. Oracle: Firewalls Against SQL Injection Are a Good Idea After All
  110. Why Security Does Not Concern Generation Y
  111. Microsoft denies Xbox Live security breach
  112. Smart meter SSL screw-up exposes punters' TV habits
  113. HP sneaks out printer firebomb firmware security fix
  114. Apple patent stashes passwords in chargers
  115. Paul Ryan turns against SOPA following a Reddit-based attack
  116. Adobe to release zero-day fixes for Reader and Acrobat
  117. Microsoft finally vanquishes the BEAST-related bug
  118. Microsoft releases MS11-100 for Security Advisory 2659883
  119. WPS Security on Wireless Access Points pwn3d: VIDEO
  120. When to Give Your Girlfriend Your Password
  121. Hacking group releases more Stratfor subscriber data - Computerworld
  122. The Most Influential Voices in Security
  123. Patator – Multi Purpose Brute Forcing Tool
  124. Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
  125. Hacking Google for Fun and Profit
  126. Is Code Quality Seasonal?
  127. The Siemens SIMATIC Remote
  128. Password Improvements Coming To Windows 8
  129. Reversing Industrial firmware for fun and backdoors I
  130. Not 0wning That ColdFusion Server but Helping...
  131. Splunk Remote Root Exploit
  132. A look back at 2011’s security landscape
  133. Ettercap updated after more than seven years.
  134. PuTTY Stored Plaintext Passwords in Memory After Authentication
  135. DARPA Shredder Challenge
  136. Path of Least Resistance : FishNet Security
  137. VLAN Hacking |  InfoSec Institute – IT Training and Information Security Resources
  138. Prepping for 2012: 3 Tips When Speaking to the Board of Directors
  139. Metasploit Pentest Plugin Part 1
  140. Top 5 mobile phone security threats in 2012
  141. VPN An Oft-Forgotten Attack Vector
  142. Microsoft gets silent upgrade religion
  143. Feds cuff KISS rock star's DDoS suspect
  144. Backdoors in industrial control systems
  145. Can Security Teams And DBAs Play Nicely?
  146. Study: Chrome the most secure browser
  147. Dumbest Camera Ban Ever
  148. BonkersWorld: Backwards Compatibility
  149. Shamir’s predictions of the future
  150. Two Bets on 2012
  151. 8 Out of 10 Software Apps Fail Security Test
  152. MS11-080 - A Voyage into Ring Zero
  153. Two zero-day vulnerabilities found in Flash Player
  154. The security threat Stephen King warned us about?
  155. Chief Hava's Top Cigars of 2011 (Honorable Mentions)
  156. Cigar Tip: Give the Gift of Cigars this Christmas
  157. Security Advisory: [security bulletin HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders]
  158. nCircle Patterns Blog: Which Half of Your Business Are You Protecting?
  159. HP Faces Class Action Lawsuit Over Printer Software Vulnerability
  160. Facebook glitch gave access to other users' private pictures
  161. Download.com apologises for bundling
  162. Staff to be banned from sending emails - Telegraph
  163. Carnal0wnage & Attack Research Blog: Embeding A Link To A Network Share In A Word Doc
  164. Hacking On A Dime: “Hacking” Printers - PJL Basics
  165. Top 5 Security Influencers
  166. sslyze – Fast and Full-Featured SSL Configuration Scanner
  167. 3 Common Ways Security Fails People
  168. How being Green Makes You Stink at Security: Print Bigger
  169. Aggressive Mode VPN — IKE-Scan
  170. Justin Bieber stabbed by a crazed fan? It’s a Facebook scam
  171. Week 48 In Review
  172. REVIEW: My Father El Hijo
  173. Paul Garmirian Gourmet Series Corona Grande | Atlantic Cigar Company
  174. Detecting New Hardware by Ethernet Address
  175. Security Advisory: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - security vulnerabilities database
  176. New version of EMET is now available
  177. Logging Isn't Hard -- Getting Started Is
  178. Worm uses built-in DHCP server to spread
  179. MS Web Application Configuration Analyzer
  180. Police: Man stole nude photos from hacked e-mail accounts
  181. vCash
  182. 8 security considerations for IPv6 deployment
  183. So
  184. Apple iOS: Why it's the most secure OS
  185. Chinese army: We really need to get into cyber warfare
  186. Looks Like It

[paulda@Pauls-MacBook-Pro:~/Downloads]$ awk -F',' '{print "\#\[" $1 " " $2 "\]"}' instapaper-export\ \(8\).csv | sed -e 's/\"//g' > 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vi !$ vi 278.txt [paulda@Pauls-MacBook-Pro:~/Downloads]$ vim 278.txt

  1. Security Advisory: Vulnerabilities in D-Link DAP 1150 - security vulnerabilities database - Same old song and dance, many

model D-Link routers have issues such as default passwords, CSRF, and suffer from brute force attacks. The thing that scares me the most is that people are running t hese things and have no clue that they are vulnerable. Until such time, as I don't know, maybe never, or maybe when their bank account is empty and they are left won dering why. ADSL routers are the scariest, because whose job is it to update the firmware? The provider, who is already losing money, or at least cost cutting, and t he first thing to go is security. Sorry, no shiny rainbows at the end of this story.

  1. PHP Vulnerability Hunter v.1.2.0.1 Released - I could write this very easily in the form of a script that detects if you are running PHP, and returns "Yes, you are vulnerable" if you are. On the flip side, this is a neat little tool to mess around with as PHP applications are notorious for having issues, so running a specialized little fuzzer against them may be worth your while.
  2. Avi Rubin: All Your Devices Can Be Hacked - Just an FYI, we prevent computers from being stolen, and stop pe

ople from getting viruses from your computers.

  1. Twitter Enables HTTPS By Default At Last - Uhm, a little late no? We've been
saying it for years, SSL IS THE SOLUTION TO ALL YOUR SECURITY PROBLEMS!
  1. PSA: Paula Deen - Freaking great post, deep fried cheese filled brownies for everyone! Paula Dean is a great che

f, until it comes out that she has diabetes. Same thing happens in security, your doing X and it seems okay, until it relates to something bad, then someone comes up

with a solution, and everyone gravitates to it. Its a very interesting social aspect of security.
  1. Why are we talking philosophy instead of technology? - I disagree with this

article. We don't need more non-technical talks, and we really don't need less of them. What we need is balance. We should have 10% talks be really high level, 10% b e extremely technical, and the remaining 80% should be a balance of technical and non-technical aspects of security.

  1. I Want to Detect and Respond to Intruders But I Don't Know Where to Start! - Start wi

th thinking about how an attacker would attack your network, like your web server, then talk about how you would respond. You'd likely need to look at the logs. If y ou aren't collecting them, hey look you have something to do now!

  1. The Cloud’s Low-Rent District - The cloud in general is a slum, and Amazon is the slum lord.
  2. Continuous patching – is it viable in the enterprise? - I disagree with Raf, we need patches, lots of patches all the time. Its simple, how can someone else (e.g. the vendor) tell you when you should apply a
patch? It makes ZERO sense. Rothman makes more sense in the case.
  1. I’ve always wondered how many vulnerable devices - Answer: LOTS.
  2. Dumping Cleartext Credentials with Mimikatz - Sweet post!
  3. What people think industry analysts do - This is just classic
  4. Cisco Zine: Nmap for IOS? No - Neat, a portscanner for Cisco IOS! Uses TCLshell.
  5. Employment for security professionals at all-time high - We are in a great field, however now we have a problem, finding talent. So, if you need a job...
  6. Android Security Threat From 'Reverse Smudge Engineering' - If you eat lots of pot

ato chips, this could be a security risk! Put the chips away, bitch...

  1. Adobe issues Flash Player update
  2. The Sudafed Security Trade-Off - Its no secret, people use Sudafed for two reasons: Clearing up
your sinuses when you get a cold (its the only thing that works for me) and cooking Meth. So since people use it to cook Meth, we must "Ban" it and require a persci

prion. If you do the math, this could mean a $1.5 billion dollar bill for the healthcare industry. It goes to show that making something harder to get doesn't always

make it more secure. I think this most closely relates to people using their own cell phones and tablets, the moment you try to ban them, it will just have horrible
reprecussions, like people using them anyway without you knowing. Getting back to cookin' meth, according to the great TV show "Breaking Bad" you can use a differen

t chemical process using "methlymine", which the characters in the show have to steal because you can't walking into any store and just buy it).

  1. Been Caught Stealin' - People steal SIM cards out of stuff, like traffic lights.
  2. Penetration Tests: Not Getting 'In' Is An Option - I almost want to d

iagree and say you need to define what "getting in" means to your customer, and then attempt to do just that, and then see if they can detect/prevent it, if they do,

move to plan B, C, D, etc... Its all about defining goals, and yea, sometimes its not about getting in.

Larry's (taken over by Darren cause Larry is a slacker) Stories

  1. Mountain Lion preview (OSX 10.8) - Apple has released a preview of OSX 10.8 due for release later this year. New security feature called Gatekeeper is coming. Looks like developers with valid Dev IDs will create a certificate that will be used to sign all their work. In the event a given developer does something wrong the cert can be pulled and the apps will not run. There are 3 levels of options the iphone option I call it where you can ONLY use apps on the app store nothing else can be installed, or install from anywhere but must have certificate, and lastly the install from anywhere cert or no cert option.
  2. iPhone Address book access - Apple is set to fix an issue that app developers were allowed to gather users contact list with out permission from the phones owner. Now you will be prompted with a pop up asking if you wish to allow this access.
  3. patch patch patch patch and then patch some more - Yet another Adobe 0day.
  4. Insder threats are real - Example that your own employees are your biggest threat.
  5. Nortel hacked for years - Former Nortel exec (they are all former now) says they were compromised for years and Nortel didn't try to hard to stop it.

Jack's Stories