• Snipping Leaks, (Fri, Nov 30th)

    Updated: 2012-11-30 17:44:56
    ISC reader Phil asked a great question earlier today: Im wondering if there are da ...(more)...

  • 10 Reasons Enterprises Should Rethink Endpoint Security

    Updated: 2012-11-30 17:00:00
    eWEEK and Tal Klein, senior director of products at Bromium, offer a slide show on protecting against attacks at the endpoint.

  • Nessus VMware vCenter Patch Auditing Now Available

    Updated: 2012-11-30 14:15:00

  • Atheists and Christmas

    Updated: 2012-11-30 09:18:31
    An excellent piece. Related Posts:How to Handle BullyingBike ParkourOn Failure and SuccessThe Onion Obliterates the “Idea Guy”Stellar Dance Routine

  • On Spending Time With the Opposite Sex

    Updated: 2012-11-30 08:37:31
    I don’t believe men and women in relationships should spend much time with people of the opposite sex. It sounds very 1950s, but it isn’t. Let me explain. I think humans are designed to fall in love with each other. Quickly. We’re geared to be around someone in the clan or village who smiles nicely, who you share a joke or two with, or who you see getting upset or excited about something, and you bond. Instantly. We do this because that bond quickly leads to courtship, and that quickly leads to babies. This is good because humanity doesn’t die. We’ll put that in the plus column. Basically, our genes want to survive, so they make us grow attracted to almost anyone around us with blinding speed. The way this materializes today is you’ll have your girlfriend or wife hanging out with some guy in a very harmless way, and after a few days of this she’ll start bringing up this other person constantly in conversation: Jason thinks… Whoa. Jason? Who’s Jason? Oh, just this guy. This happens once, great. A few times, no issue. But soon it becomes apparent that this other human is basically imprinting his essence onto your woman, just through casual conversation and getting to know each other. And it has nothing to do with him, or with her. They’re both great people. But if you were to be sent to Madagascar for nine months on a job while they “just hung out”, this would soon be a problem. And the more personal they were with each other, i.e. work drama, family drama, etc–again, all harmless–the faster it will happen. This is how “forbidden love” forms, where a guy falls in love with his girlfriend’s friend. They just hang out too much. He’s pretty cool. She’s pretty cool. And they just bond because that’s what people do. The problem was thinking it was ok for them to interact that much in the first place. That has an expected outcome. Some people believe everyone is trying to shag everyone else, so you have to lock up your girl and your man. That’s not it. That’s defensive and insecure and juvenile. The problem is precisely that it’s not intentional. It sneaks up on you because that’s what it’s supposed to do. It’s a human instinct to bond with people of the opposite sex who are near to you, and to do it very quickly. And the deeper the exposure, the quicker the bond. This is why the best pickup lines in the world are based around, Tell me your problems…I’ll just listen. It’s intimate. It forms bonds within minutes. It’ll seem like a simple conversation, and then the victim will find herself thinking about him constantly until the spell wears off. It’s also why movie stars can’t stay committed. They leave their loved ones and go of on some exotic trip with another movie star, and then go through extremely emotional acting scenes with them–for weeks at a time. And they wonder why they suddenly fall in love with them. If you were on a remote island with a movie start (or anyone else) doing acting scenes with them, you’d do the same thing. So, when my girl says she wants to go learn some kind of intimate dancing style (her girlfriend is into it), the answer is simple: we do it together or we don’t do it. It’s not because she’s untrustworthy (she’s extremely honest and loyal); it’s because she’s a girl, and rubbing crotches and laying your head on another man’s chest for hours per week while learning a physical skill is bad for current relationships. I told her I’d learn the dance as well, but not with another female partner. Why? Because talking to that girl, and having her rub her stuff all on me, would instantly get me thinking things I shouldn’t. I know this. I’m aware of it. So I defend against it by limiting contact. Brain over…well, just use your brain. So what’s the takeaway? Simple: be aware of the time your SO spends with other women/men. Notice the level of intimacy in the communication. Monitor for signs that the other person is on their mind. And if it becomes obvious that this person is bonding with him/her, pull it back. It really is that simple. Don’t go ape shit if he mentions that this girl at work likes the song that’s playing. And if your girl mentions some guy at work, or wants to go hang with friends and there are guys there–no problem. Even if the guys are single and probably going to pursue her. No sweat. If you’re not insecure and she’s a good woman, there’s nothing at all to stress. Don’t become a bloody neanderthal. Just watch for multiple/constant interactions with people of the other gender. Don’t spend lots of time with your friends’ smart, attractive partners, for example. And don’t rely on trust when your SO is spending more and more alone time with “just a friend”. They won’t make a mistake, the mistake will happen to them. Respect the evolutionary biology, and don’t be surprised by natural outcomes you have all the tools to anticipate. That’s all I’m saying. Related Posts:One of Life’s Harshest RealitiesWho Wants to Date the High-powered Female CEO?Teachers and Sex: Yes, There *Is* A Double StandardSome Clarification on How I View Most Believers“My Girl” vs. “My Wife” | danielmiessler.com

  • OS X Easter Egg Reveals LoTR Calendar

    Updated: 2012-11-30 06:11:16
    # Read the LoTR calendar file from a default OS X install ~ <span class="first"cat /usr/share/calendar/calendar.lotr Related Posts:<a rel="nofollow" target="_blank" href="http://danielmiessler.com/blog/connecting-to-serial-ports-from-os-x" class="crp_title"Connecting to Serial Ports from OS XEmployment Status by Education LevelRemoving Files from a Git Repository Without Actually Deleting ThemObama Gaining GroundMount an ISO From the Command Line in OS X

  • iTunes 11 Lets You Redeem Gift Cards By Using Your Camera &#124; 9to5Mac

    Updated: 2012-11-30 06:01:34
    Awesome touch in the new iTunes 11 iTunes Store: Apple will now allow you to redeem iTunes gift cards using your computer’s camera. It seems like a newer type of Apple gift card will be required. via Posted via email from danielmiessler.com | posterous Related Posts:iPhone Business Card ReaderHeyTell | Walkie Talkies for iPhoneTiger’s SickHow to Find Your Personal Information Within Your iTunes SongsMy iTunes Ping URL

  • ISC StormCast for Friday, November 30th 2012 http://isc.sans.edu/podcastdetail.html?id=2974, (Fri, Nov 30th)

    Updated: 2012-11-30 01:51:37
    ...(more)...

  • Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th)

    Updated: 2012-11-30 01:23:56
    ...(more)...

  • New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1, (Thu, Nov 29th)

    Updated: 2012-11-29 23:03:06
    ...(more)...

  • Facebook Faces More Opposition on Proposed User Privacy Changes

    Updated: 2012-11-29 22:15:00
    The massive social network wants to make changes to user policies but is facing opposition from critics who argue that user privacy would be weakened.

  • ISC Feature of the Week: SSH Scan Reports, (Thu, Nov 29th)

    Updated: 2012-11-29 21:29:17
    Overview Our feature this week introduces Dr. Ullrichs newest system addition addressing ...(more)...

  • IT Security in 2013: Cloud, Mobile Devices, HTML5 to Get More Scrutiny

    Updated: 2012-11-29 19:30:00
    Here, eWEEK has compiled some of the better it security predictions for the coming year to help your organization get a head start on preparation.

  • Retina CS 4.0 and Remedy Ticketing Integration

    Updated: 2012-11-29 17:00:54
    Overview Retina CS enables teams to centrally manage organization-wide IT security and compliance initiatives from a single, web-based console. It provides discovery, prioritization, and remediation of security risks by delivering what matters the most – context. Retina CS is the centerpiece of the BeyondTrust vision of Context Aware Security Intelligence which helps organizations answer the [...]

  • Check Point Rolls Out Managed Security Services

    Updated: 2012-11-29 16:09:00
    Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Unified Communications Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes Today's enterprise networks are at the breaking point . The rising demands

  • Trend Micro Launches Online Security Assessment Tools

    Updated: 2012-11-29 15:00:00
    The toolkit is designed to help businesses assess the risk they face from cyber attacks and mobile security holes.

  • New Open Source Intelligence Gathering Tool &#124; iTnews.com.au

    Updated: 2012-11-29 09:05:36
    Users could set the OSINT OPSEC (Open Source Intelligence  perational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code snippets, use Twitter to track the whereabouts of politicians in warzones, or check Reddit, Facebook and WordPress to avert potential PR disasters.  via itnews.com.au Posted via email from danielmiessler.com | posterous Related Posts:Open Web Application Security Project: OWASP iGoat 1.0Ultimate Nmap Scan | Rich RinesBeautiful People Really ARE More Intelligent | Psychology TodayWhy Unemployment Matters | The AtlanticSecTools

  • A Minimum Tax on the Wealthy &#124; NYTimes.com

    Updated: 2012-11-29 09:01:15
    Additionally, we need Congress, right now, to enact a minimum tax on high incomes. I would suggest 30 percent of taxable income between $1 million and $10 million, and 35 percent on amounts above that. A plain and simple rule like that will block the efforts of lobbyists, lawyers and contribution-hungry legislators to keep the ultrarich paying rates well below those incurred by people with income just a tiny fraction of ours. Only a minimum tax on very high incomes will prevent the stated tax rate from being eviscerated by these warriors for the wealthy. Above all, we should not postpone these changes in the name of “reforming” the tax code. True, changes are badly needed. We need to get rid of arrangements like “carried interest” that enable income from labor to be magically converted into capital gains. And it’s sickening that a Cayman Islands mail drop can be central to tax maneuvering by wealthy individuals and corporations. But the reform of such complexities should not promote delay in our correcting simple and expensive inequities. We can’t let those who want to protect the privileged get away with insisting that we do nothing until we can do everything. via nytimes.com Very much agreed. Go Warren. Posted via email from danielmiessler.com | posterous Related Posts:You Want Compromise? Sure You Do – NYTimes.comTo truly become rich, you need to stop acting like it | Michelle SingletaryMoney Won’t Buy You Health Insurance | NYTimesA’s for Good Behavior | NYTimes.com<a rel="nofollow" target="_blank" href="http://danielmiessler.com/blog/the-great-gatsby-curve" class="crp_title"The Great Gatsby Curve

  • Cambridge to Study Tech&#8217;s Danger to Humanity

    Updated: 2012-11-29 08:53:22
    The Centre for the Study of Existential Risk (CSER) ill look at how developments in biotechnology, nanotechnology and artificial intelligence could potentially pose “extinction-level” risks to our species. While few would deny the benefits humanity has received as a result of technology, the centre will analyse whether technological advances will help humans survive or will lead to their extinction. “At some point, this century or next, we may well be facing one of the major shifts in human history – perhaps even cosmic history – when intelligence escapes the constraints of biology,” said Huw Price, a professor of philosophy and one of the CSER’s three founders. via v3.co.uk Sounds like they should get with Bill Joy regarding “Why the Future Doesn’t Need Us”. Posted via email from danielmiessler.com | posterous Related Posts:All Non-Africans Part Neanderthal | Discovery NewsInformation Processing: Supercomputers and the mystery of IQBee EmergenceStudy: Power without status can lead to to rudeness, even abuse | CNN.comThe Eliezer Startup Ambition Scale

  • CloudFlare Implements Authy Two-factor &#124; TechCrunch

    Updated: 2012-11-29 08:50:54
    As Prince told me yesterday, the company spent a lot of time researching the different options for enabling this feature and finally settled on working with Authy, a Y Combinator-backed startup that launched out of the accelerator’s last summer program. Internally, CloudFlare has been testing Authy for its own admin system for the last three months and it’s now ready to distribute it to its users. via techcrunch.com Enabled. Posted via email from danielmiessler.com | posterous Related Posts:Posterous Finds A Home In The Arms Of Twitter | TechCrunchAn iPhone vs. Android Infographic | TechCrunchGoogle Offers DNS-based Site Optimization Service, Promising 25% To 60% Speed Improvements | TechCrunchGoogle Buys Security Analytics Software Developer ZynamicsOpenTable Finds An Opening On Yelp | TechCrunch

  • Tracking Changes in Beliefs &#124; Buster Benson

    Updated: 2012-11-29 08:38:54
    Github works really well for this because you can comment on changes, see how things change over time, fork it, branch it. There’s something magical about treating beliefs like code. It’s the code that runs our perspective of the world. I also track other things this way. Such as my life list, my manifesto/rules for living, and even my raw . Who else is interested in this kind of thing? Any interest in starting a group up about it? via wayoftheduck.com Using github to track changes to beliefs, a life list, manifesto/rules. This REALLY excites me. I’m pinging this guy for sure. Posted via email from danielmiessler.com | posterous Related Posts:Capturing Everything You Know | Buster BensonLearning About Learning | RaganwaldA Reminder That You’re Not LivingThe Vim PedalBuilding the Ideal 100-word Password List </a

  • Capturing Everything You Know &#124; Buster Benson

    Updated: 2012-11-29 08:36:41
    The Codex Vitae is something that special members of this fellowship “earn” the right to create, after rising up in the ranks. When written, it’s submitted to the fellowship, approved, and encrypted. 3 copies are made of the book, 1 goes to the central library, and 2 others go to branch libraries in other parts of the world. The key to the encryption is only given to 1 person, and it remains a secret until the writer’s death. Such an interesting idea. To pour everything you’ve learned into a book, to be made public upon your death. A sort of immortality, a summary of your life’s meaning and learning. We should all do this. via wayoftheduck.com This resonates, for obvious reasons. One piece I found really interesting was the idea of having a beliefs file hosted on github–so you can track changes. Elegant. Posted via email from danielmiessler.com | posterous Related Posts:Tracking Changes in Beliefs | Buster BensonNew Malware Protection Using Big Data Analytics From SourcefireScott Adams Blog: Uh-Oh 09/29/2011Charles Tillman on Improvement | Nathan KontnyMad Men Coming to Netflix Instant

  • Howto: Autosaving malicious payload using Fiddler

    Updated: 2012-11-29 03:36:00

  • ISC StormCast for Thursday, November 29th 2012 http://isc.sans.edu/podcastdetail.html?id=2971, (Thu, Nov 29th)

    Updated: 2012-11-29 02:56:57
    ...(more)...

  • The XY Problem

    Updated: 2012-11-29 00:47:18
    You want to do X, and you think Y is the best way of doing so. Instead of asking about X, you ask about Y. I see this constantly on programming and other technical forums. Related Posts:Linux: Good Community = Good DistroMore Technical Content ComingHow to Write Without Writing | Coding HorrorA Programming Pipe20 Pieces of Programming Wisdom

  • New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th)

    Updated: 2012-11-28 22:47:47
    ...(more)...

  • McAfee releases extraDAT for W32/Autorun.worm.aaeb-h, (Wed, Nov 28th)

    Updated: 2012-11-28 22:46:20
    McAfee released an extra dat this morning https://kc.mcafee ...(more)...

  • Cyber-Crime 2012: Big Business for Attackers, Big Costs for Victims

    Updated: 2012-11-28 19:15:00
    eWEEK highlights some of the most devastating breaches and hacks in 2012.

  • Microsoft SCCM Integration with Retina CS Threat Management Console

    Updated: 2012-11-28 18:24:57
    Overview Retina CS enables teams to centrally manage organization-wide IT security and compliance initiatives from a single, web-based console. It provides discovery, prioritization, and remediation of security risks by delivering what matters the most – context. Retina CS is the centerpiece of the BeyondTrust vision of Context Aware Security Intelligence which helps organizations answer the [...]

  • Charles Tillman on Improvement &#124; Nathan Kontny

    Updated: 2012-11-28 16:08:07
    Tillman forces himself to find a new peak each week. He and his coaches place him in situations where he’s losing and screwing up in practice early in the week. He uses these moments as opportunities to get better each practice session until he’s winning again. And then he keeps the cycle going. To get better, to be better, to be awesome, we need to get comfortable with being uncomfortable. We need to make those moments of suckiness opportunities to improve, not opportunities to sulk, feel sorry for ourselves, or complain to our friends about how we don’t get anywhere with anything. Tillman is a tremendous example of getting good by constantly putting himself in situations where he’s not that good. Yet. via ninjasandrobots.com Strong. Posted via email from danielmiessler.com | posterous Related Posts:Posterous Finds A Home In The Arms Of Twitter | TechCrunchIdeas Have a 2 Week Shelf Life | Steve CoronaThose Were the Days | Scott AdamsMad Men Coming to Netflix InstantAn iPhone vs. Android Infographic | TechCrunch

  • Liberal vs. Conservative Core Beliefs : PoliticalDiscussion

    Updated: 2012-11-28 08:36:59
    .

  • Using Virtual Smart Cards with Windows 8

    Updated: 2012-11-28 08:00:03
    In this article, we'll look at how virtual smart cards are created and used in Windows 8.

  • Howto: Virtual PC Detection Tricks By waleedassar

    Updated: 2012-11-28 08:00:00

  • The Joys of Doing the Right Thing

    Updated: 2012-11-28 06:45:09
    I remembered exactly what the kid on the register looked like,” he said of Brunelle. When I walked in, he spotted me and smiled. I was going to shake his hand, but I couldn’t help it, I just gave him a big bear hug,” Duane said, laughing. “I had tears in my eyes. The girl on the register was choking up. I’m choking up just talking about it. via nashuatelegraph.com We need more of this to read. Posted via email from danielmiessler.com | posterous Related Posts:How to Get a Raise | The RegisterFuturePundit: One Night Of Sleep Not Enough To Make Up DeficitGood and Bad Procrastination | Paul GrahamThe Top Girl iPhone Application“My Girl” vs. “My Wife” | danielmiessler.com

  • ISC StormCast for Wednesday, November 28th 2012 http://isc.sans.edu/podcastdetail.html?id=2968, (Wed, Nov 28th)

    Updated: 2012-11-28 02:54:43
    ...(more)...

  • Power to the People and the Coming AppSec Revolution

    Updated: 2012-11-27 18:00:41
    When the revolution comes, the first up against the firewall will be your business partners – along with every other third-party that provides you with software. It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call, for example with its push for trustworthy computing, starting in 2002 – but today we’re more dependent on software than ever, and more interconnected than ever; we rise and fall by the security of our associates.

  • Microsoft’s New Data Center: The Straight Poop

    Updated: 2012-11-27 14:36:00

  • Can users' phish emails be a security admin's catch of the day?, (Tue, Nov 27th)

    Updated: 2012-11-27 13:12:39
    Blocking phishing emails is part and parcel of now commonplace technology controls, supplied by a w ...(more)...

  • 802.11ac: 5 Steps to Prepare for Next-Gen WLANs

    Updated: 2012-11-26 16:56:00
    : Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Lee H . Badman Bio Archive Lee H . Badman Network Computing Blogger Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Unified Communications Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes

  • Howto: Inject PHP Shell via SSH Log By Brute Logic

    Updated: 2012-11-26 15:39:00

  • Howto: Skype Passive IP Disclosure Vulnerability By SensePost

    Updated: 2012-11-26 14:02:00

  • Convert metasploit cachedump files to Hashcat format for cracking By Commandlinefu.com

    Updated: 2012-11-26 07:54:00

  • Howto: Manual Pentest Windows Cheatsheet by Stormsecurity

    Updated: 2012-11-26 00:19:00

  • Stellar Dance Routine

    Updated: 2012-11-24 23:11:03
    Related Posts:On Failure and Success</liBike ParkourThe Onion Obliterates the “Idea Guy”Dinesh D’Souza Doing a Movie About ObamaMister Rogers Defending His Show on Capitol Hill

  • PageScan - Webbased Malware Analysis

    Updated: 2012-11-24 04:02:00

  • What Are Android Users Doing With Their Phones?

    Updated: 2012-11-23 23:36:37
    Apple has a lot to do with that: IBM says the iPhone led as the most popular device driving retail shopping, with 9.6% of traffic coming from it. In a very close second place was the iPad, at 9.3%. IBM aggregates all Android devices together, and collectively they drove 7.3% of all traffic. via techcrunch.com So that’s 19% Apple devices vs. 7% Android. Almost 3X. I grow tired of people talking about marketshare on Android as if it’s some indicator of superiority. My consistent response to that line is: “Marketshare with who?” I go to a lot of Information Technology and Information Security conferences. The speakers overwhelmingly have iPhones, Macs, and use OS X. Look at the artists, the photographers, the writers, the actors, and on and on. It seems like pretty much anyone you’ve heard of uses the Apple ecosystem. And these are the numbers for early holiday sales: once again–purchasers, i.e. people actually buying things on their mobile devices. This too dominated by Apple despite Android having far more marketshare. Android claims around 75% of smart devices, but I can’t help but wonder what those people are doing with them. They don’t have the games. They aren’t driving ad revenue. They aren’t making the mobile purchases. And they aren’t the majority of top people in the creative class. So what are they doing with their devices? Why such a disparity among creative types and purchasers? Posted via email from danielmiessler.com | posterous Related Posts:McAfee: Nearly All New Mobile Malware In Q3 Targeted At Android Phones | TechCrunchiPhone Versus Android | Nielsen StatsAndroid Isn’t About Building a Mobile Platform | TightWindApple is About to Gut Google’s Map Revenue | ForbesiPhone 4 About To Be Flickr’s Top Camera

  • EC2 Now Supporting FreeBSD, Debian, and CentOS

    Updated: 2012-11-23 23:12:30
    , ,

  • Onion Post on Saudi Arabia Electronically Tracking Their Women

    Updated: 2012-11-23 01:17:19
    Denied the right to travel without consent from their male guardians and banned from driving, women in Saudi Arabia are now monitored by an electronic system that tracks any cross-border movements. Since last week, Saudi women’s male guardians began receiving text messages on their phones informing them when women under their custody leave the country, even if they are travelling together. Hilarious. The Onion always gets it right. It’s just ridiculous enough to be obviously fake, but still close enough to reality to be scary. Good times. Except this isn’t The Onion. Saudi Arabia is actually doing this. Related Posts:Saudi Arabia is the WorstIgnorant People Don’t Realize Their Environment Built ThemA Shining Example of Socialism, and Why America Can’t Competes/heConservatives Demand Law Requiring Women to Name Fetuses and Paint Nursery Before Getting an Abortion

  • Tracking Web Visitors Using Cached HTTP Redirects &#124; Scatmania

    Updated: 2012-11-23 00:40:00
    Here’s how it works, in brief: A user visits the website. The website contains a <script> tag, pointing at a URL where the user’s browser will find some Javascript. The user’s browser requests the Javascript file. The server generates a random unique identifier for this user. The server uses a HTTP 301 response to tell the browser “this Javascript can be found at a different web address,” and provides an address that contains the new unique identifier. The user’s browser requests the new document (e.g. /javascripts/tracking/123456789.js, if the user’s unique ID was 123456789). The resulting Javascript is generated dynamically to automatically contain the ID in a variable, which can then be used for tracking purposes. Subsequent requests to the server, ven after closing the browser, skip steps 3 through 5, because the user’s browser will cache the 301 and re-use the unique web address associated with that individual user. via scatmania.org This is crafty. It seems like you could extend the search for these types of things by looking for ANYTHING that gets stored to disk, and then seeing if it could get abused in the same way. Posted via email from danielmiessler.com | posterous Related Posts:Hulu and Others Using New Tricks to Track Even When You Clear Your CookiesHULK DDoS ToolAnother Reason to Use Chrome Instead of SafariNew “Man in the Browser” Attack Bypasses Banks’ Two-Factor Authentication SystemsWhy Did Google Build a Phone and a Browser? « Design By Gravity

  • The Onion Obliterates the &#8220;Idea Guy&#8221;

    Updated: 2012-11-23 00:36:01
    Related Posts:<a rel="nofollow" target="_blank" href="http://danielmiessler.com/blog/on-failure-and-success" class="crp_title"On Failure and SuccessBike ParkourStellar Dance RoutineDinesh D’Souza Doing a Movie About ObamaMister Rogers Defending His Show on Capitol Hill

  • Facebook to End User Voting on Privacy Policies

    Updated: 2012-11-22 14:30:00
    The social networking company says it is modifying the way it changes its privacy policies to encourage better feedback.

  • Convert Endace ERF capture files to PCAP

    Updated: 2012-11-22 13:11:00
    A customer recently contacted us because he wanted to load ERF capture files from their Endace probes into NetworkMiner Professional. In order to do so they would first need to convert the ERF file into the libpcap format. The obvious solution is to use editcap and specify the output capture type w[...]

  • Checkpoint VPN-1 Power - Voted WindowSecurity.com Readers' Choice Award Winner - VPN Software

    Updated: 2012-11-22 09:00:04
    Checkpoint VPN-1 Power was selected the winner in the VPN Software category of the WindowSecurity.com Readers' Choice Awards. Celestix MSA Threat Management Gateway Series and Securepoint Security UTM Software were runner-up and second runner-up respectively.

  • Howto: Installing Mac OS X Mountain Lion in VMWare By SecurityLearn

    Updated: 2012-11-22 07:27:00

  • Firewall is Enabled and Configured on Windows Server 2008/R2 Domain Controllers

    Updated: 2012-11-21 10:00:10
    In this article the author reviews Windows Server 2008/R2 Firewall settings and options on Domain Controllers.

  • Writing a stealth web shell

    Updated: 2012-11-21 08:56:00

  • Key Logger With Bash Script

    Updated: 2012-11-21 04:17:00

  • Nice tool for API Monitoring

    Updated: 2012-11-21 03:02:00

  • Network Security Podcast, Episode 297

    Updated: 2012-11-21 00:07:23
    It’s Rich that’s out this holiday week, so Martin and Zach talk turkey (no pun intended) about Skype SNAFUs, LTE going all a-splode-y, and a Linux rootkit that will make you go “That’s…neat…?” Happy Thanksgiving! Network Security Podcast, Episode 297, November 20, 2012 Time:  31:00 Show notes: Skype password flaw made stealing accounts easy Obama [...]

  • Cisco Broadens Management Capabilities with Cloupia Acquisition

    Updated: 2012-11-20 16:22:00
    Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Unified Communications Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes Today's enterprise networks are at the breaking point . The rising demands

  • Example Of Google Dork List For SQL Injection

    Updated: 2012-11-20 14:41:00

  • Nessus HTML5 Interface is Generally Available!

    Updated: 2012-11-20 14:30:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • Nice Source For Ruby

    Updated: 2012-11-20 02:33:00

  • Skype Account Service Session Token Bypass

    Updated: 2012-11-20 02:24:00

  • Dear Cisco, Please Don’t Screw Up Meraki

    Updated: 2012-11-19 18:09:00
    , Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Lee H . Badman Bio Archive Lee H . Badman Network Computing Blogger Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Unified Communications Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes

  • Identity Theft: Keeping Safe in an Online World Infographic

    Updated: 2012-11-19 15:25:25

  • Dell’s Gale Buy Points To Cloud Focus

    Updated: 2012-11-19 14:48:00

  • Facebook Pwn

    Updated: 2012-11-18 02:14:00

  • Security Debt and Vulnerability Supply Chains

    Updated: 2012-11-16 19:55:21
    Company Products Services Resources Veracode Blog All Things Security Our take on the daily happenings in the world of Application Security All Things Security Research Infographics Veracode Security Blog : Application security research , security trends and opinions ALL THINGS SECURITY Security Debt and Vulnerability Supply Chains Security Debt and Vulnerability Supply Chains Posted by Chris Wysopal in ALL THINGS SECURITY , November 16, 2012 Comments 0 When we were kicking around ideas for a new SoSS supplement I thought the vendor testing angle could be interesting . We had just launched our VAST program so the topic made our marketing folks happy , but also because I think the supply chain analogy can be an interesting lens to view the security industry . We can think about the software

  • Wireless for Beginners Part 3: Getting the Signal

    Updated: 2012-11-16 19:19:00
    : Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Unified Communications Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes Today's enterprise networks are at the breaking point . The rising

  • Dumping Domain Password Hashes Using Metasploit (ntds_hashextract.rb) By Pentest Geek

    Updated: 2012-11-16 01:11:00

  • SDN Is Business, OpenFlow Is Technology

    Updated: 2012-11-15 23:14:00
    , Network Computing www.networkcomputing.com RSS Newsletters Current Issue Issue Archives Slideshows Whitepapers About Us Greg Ferro Bio Archive Greg Ferro Home News and Analysis Research Tech Centers End to End APM IPv6 Next Gen Network Private Cloud Public Cloud Channels Backup Recovery Cloud Computing Cloud Storage Data Center Data Protection Networking Mgmt Openflow Servers Storage Storage Mgmt UC VoIP Virtualization WAN App Acceleration Wireless Bloggers Lee H . Badman Greg Ferro Mike Fratto David Hill Jeff Loughridge Howard Marks Joe Onisick Art Wittmann Upcoming Events WANs at the Breaking Point : How to Transform Your Network to an Intelligent WAN Wednesday , December 5, 2012 11:00 am PT 2:00 pm ET Duration : 60 minutes Today's enterprise networks are at the breaking point . The

  • Tenable Awarded Common Criteria Certification EAL2+

    Updated: 2012-11-15 16:00:00

  • Edelman Privacy Risk Index

    Updated: 2012-11-15 15:57:38
    We are very pleased to introduce the Edelman Privacy Risk Index developed in collaboration with Ponemon Institute.  The Index provides a high level risk coefficient specified for various sized business organizations

  • Security Stat for the CEO: 62% Fail to Comply on First Submission

    Updated: 2012-11-14 20:56:27
    Our new SoSS Feature Supplement report found that 62% of vendor applications fail to comply with enterprise security policies upon first submission. This stat, more than any other in the report, demonstrates the need for an executive level mandate to secure the software supply chain.

  • Claims Based Identity: What does it Mean to You? (Part 3)

    Updated: 2012-11-14 09:00:01
    In this article we're going to look at claims based identity going forward, in relation to Microsoft's soon-to-be-released operating systems (Windows 8 and Windows Server 2012) and server products (such as SharePoint 2013). We'll also look at claims based identity in Office 365.

  • Network Security Podcast, Episode 296

    Updated: 2012-11-14 00:31:55
    This week we start by discussing Martin’s ear wax and Rich’s cough, and it’s all downhill from there. Zach is out this week, but Rich and Martin open with a discussion of the Cloud Security Alliance conference and some things we both learned between there and the events Martin has been at. Then we delve [...]

  • VMInjector - DLL Injection tool to unlock guest VMs

    Updated: 2012-11-14 00:11:00

  • XSS In the famous website.

    Updated: 2012-11-14 00:09:00

  • Enterprise Testing of the Software Supply Chain: SoSS Supplement

    Updated: 2012-11-13 18:41:33
    Our latest SoSS release is a feature supplement, these allow us to extend our analysis to a variety of topical areas. This feature supplement focuses on the actual state of vendor application security testing programs currently being implemented by our enterprise customers.

  • Nessus Now Audits Juniper Junos Configuration

    Updated: 2012-11-12 20:08:18
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • New Nessus Compliance Checks Available for Check Point GAiA

    Updated: 2012-11-12 05:50:00
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

  • NetSleuth - Realtime & PCAP Analyzer

    Updated: 2012-11-12 03:35:00

  • DVWA on the cloud.

    Updated: 2012-11-10 03:50:00

  • Adobe Flash Player and Air (APSB12-24) Critical Memory Vulnerabilities – November 2012

    Updated: 2012-11-09 19:00:53
    Nine new audits are being released in our Retina vulnerability scan engine to help customers identify a security vulnerability that can enable an attacker to gain control of a vulnerable system (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280) These nine new audits have been released with Retina Network Community and the commercial version of Retina [...]

  • Metasploit post exploitation scripts to steal iOS 5 backups By SecurityLearn

    Updated: 2012-11-09 07:20:00

  • Video: Importing GPOs into Security Compliance Manager (SCM)

    Updated: 2012-11-07 07:00:03
    This video explains the process of importing GPOs into Security Compliance Manager 2.5.

  • Network Security Podcast, Episode 295

    Updated: 2012-11-07 00:00:04
    Rich is M.I.A. again, and we’re left do discuss Russia, “the biggest problem in computer security”, and the perpetual badness of industrial control systems.  And hopefully by the time you read this, all of the Presidential excitement will be over, or you’ll have a drink in hand and won’t care any more. Network Security Podcast, [...]

  • Using SSL to Secure Your Vulnerability Data

    Updated: 2012-11-06 16:10:01
    : Careers News Events About Tenable Contact Support Enter search text Solutions Solutions Overview Compliance Configuration Auditing Continuous Monitoring Federal Government Log Management Mobile Device Security SCADA Security Compliance SIEM Vulnerability Management Vulnerability Scanning Products Products Overview Nessus Scanner SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Resources Resources Overview Podcasts RSS

Current Feed Items | Previous Months Items

Oct 2012 | Sep 2012 | Aug 2012 | Jul 2012 | Jun 2012 | May 2012