Info-Letter vol.2

Hi all,

This month’s reading list. Make sure to check out the tools sections.

Traditional Pen-testing is Dead: A frank look at the state of affairs of our daily job
http://www.secmaniac.com/october-2010/traditional-penetration-testing-is-dead-bsides-atlanta/

10 Steps to creating your own IT Security Audit
http://www.itsecurity.com/features/it-security-audit-010407/

Preparing for an ISO 27001 Audit
http://searchsecurity.techtarget.in/tip/Preparing-for-ISO-27001-audit

Dilbert on Identity Theft (Comic)
http://dilbert.com/strips/comic/2010-10-14/

Hide your entire Operating System from prying eyes (Local System Security)
http://lifehacker.com/5554136/hide-your-entire-operating-system-from-prying-eyes

Sys Admins Gone Rogue – Biggest Insider Threat
http://www.pcworld.com/businesscenter/article/206362/biggest_insider_threat_sys_admin_gone_rogue.html

Pentesting with Burpsuite – Taking the web back from Automated Scanners
http://www.securityaegis.com/pentesting-with-burp-suite-taking-the-web-back-from-automated-scanners/

Google Offering Bounties for Bugs in Web services
http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html

Real-time Phishing: A leap in phishing attack techniques
http://www.darkreading.com/authentication/167901072/security/attacks-breaches/228200550/index.html

TOOLS:

Firesheep: Firefox addon to demonstrate the impact of browsing without HTTPS encrypted session.
http://codebutler.com/firesheep

EFF: HTTPS Everywhere– Firefox addon to force the browser to opt for HTTPS versions of the sites (Twitter, Google, Facebook, Paypal)
https://www.eff.org/https-everywhere

Social Engineering Toolkit (v1.0) – ‘Devolution’ release :
(Version adds several key components including new attack vectors, a web GUI interface, a way to automate SET behavior)
http://www.secmaniac.com/november-2010/the-social-engineer-toolkit-v1-0-devolution-release/

Be safe!!

Wasim

  •  
  •  
  •  
  •  
  •  
  •  
  •