Security-Fyi
Joe Grand (Kingpin) gets famouser!
This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. “Prototype This” looks like it will be awesome..
I spent the rest of the day trying hard to catch the adverts at just the right time to get a pic of Joe, while excitedly saying “i cant believe joe is on TV” to deels to try to convince her that it was a better alternative than going out..
RFP Spotting..
Not the boring pile of papers kind.. the shiny pants and sunglasses kind:
Turns out you can find him blogging these days at [http://research.zscaler.com/]
PS. if you dont know who RFP is, you are too young, and probably think w00w00 is leetspeak for a siren..
South Africa’s own IT Security “pubcast”
Our good friend Anthony Olivier has launched his “IT Security Pubcast“. So far 2 episodes are online, with episode #2 including our very own, ever quotable Charl van der Walt.
Check it out..
rethinking ye old truths
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents inside their organisation and found that the vast majority, 73%, originated from outside. however, the majority of breaches occurred as a result of errors in internal behaviour such as misconfigs, missing patches etc. (62% of cases).
So attackers are generally outsiders taking advantage of bad internal behaviours, rather than local users finding 0-day. From the exec summary:
Dino Dai Zovi is such a Rock Star..
Dino is the guy who added much shellcode coolness to MetaSploit, gave
the world Karma, released the first virtualization rootkit for Intel
(Vitriol), and gave much credibility to the Matasano crowd while he was
there..
Although he left the consultancy gig, he popped up briefly again during
the year to claim his macbook in the Cansec Hack the Mac challenge and
popped up again to break second-life..
Is that a robots.txt in your pocket or are you just ahppy to see me?
This will probably get cleaned up soon, but thats a huuuuuuuge robots.txt [ http://www.whitehouse.gov/robots.txt]
BotNets not just for SPAM any more
The Symantec Security blog has an article titled “Botnets: not just for spamming anymore“. Interestingly we are now starting to see the use of botnets for more than just simple spamming (or simpler DoS attacks).
Its pretty cool (in a twisted sort of way), because this is one of those things we called out a long time ago, predicting that botnets were way under-used as a form of cheap distributed computing. We have been mentioning its potential for effectively minimizing the key-space of session-ids and it looks like its starting to rear its head..
Awesome data visualization stuff…
Steven Murdoch over at lightbluetouchpaper did an investigation into the Privila internship program.. What was also cool however was that he threw together a quick visualization of the data
Moving graphs are always cool, and the fact that he got it together so quickly was impressive.. a quick check shows that he used the Prefuse toolkit which is a totally BSD lic. visualization toolkit that looks simple to use with some awesome examples..
Page 1 of 1