Hitler and Cloud Computing Security - YouTube

If you're involved in managing risk assessments for your organization, you will find this video hilarious. The subtitles are where the action is. This video is priceless...

Hitler and Cloud Computing Security - YouTube

Chris

Help stop SOPA/PIPA and corporate censorship of the Internet

These pair of bills (Senate and House) need to be defeated. The PROTECT IP Act and the Stop Online Piracy Act both go to far. I don't object to the original intent, necessary, to give copyright holders more capabilities to block those people who are infringing on their legitimate rights, however, these bills are overreaching and put the power in the wrong hands (government driven by business). Please sign up at americancensorship.org and help stop these from being passed. 


 Chris

top testing tools for SQL injection

While trying to look up options for testing SQL injection, I came a cross a few you may want to try. I have not tried all of these, but it seems that there isn't a good list of them around that Google can find, so I'm going to make one here. YMMV

Happy hunting!
Chris

• http://www.webresourcesdepot.com/category/extras/security/
• http://www.mavitunasecurity.com/communityedition/
• http://www.websecurify.com/
• http://www.ict-romulus.eu/web/wapiti/home
• http://nstalker.com/products/free
• http://code.google.com/p/skipfish/
• http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx
• http://websecuritytool.codeplex.com/
• http://xss.codeplex.com/
• http://labs.securitycompass.com/index.php/exploit-me/
• http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
• http://www.acunetix.com/cross-site-scripting/scanner.htm
• http://www.dvwa.co.uk/  - test bed for tools, learning
• http://sec4app.com/

99.7% of Android phones leak data, contacts can be downloaded

Turns out that Google uses tokens for authentication that have an unreasonable lifetime. This isn't the real issue. The problem is that when your phone connects to an open wifi network, the phone attempts to reconnect to all the services, including your Google accounts. This is where your contacts are stored. So...sniff the AuthToken, use it later to authenticate/sync to an account, and wah-lah, p0wn3d.

http://mocana.com/blog/2011/05/17/almost-all-android-phones-leak-account-details/

Gee, nice...

Police: Wireless network [cracker] targeted Seattle-area businesses

Who knew wardriving could still net credit card data. I was considering getting a laptop mount, but maybe that would just arouse suspicion of wardriving for cracking purposes.

Even more brazen is physically stealing the servers themselves. Having the servers, you'll also have the data.

Police: Wireless network hacker targeted Seattle-area businesses - seattlepi.com

Chris

Chrome Facebook error, just to help out others...

When I clicked on an email notification from Facebook I got the error "Only the recipient of a message may view it." My default browser is Chrome, and when it opened up the link, this is what I got. I cut/pasted the link into IE9 and it opened right up. Seems like Facebook has a problem with Chrome at this point.

Chris

Ideal Skill Set For the Penetration Testing | InfoSec Resources

This is a great article which flushes out a lot of the key things I look for in a good information security professional. If you have this knowledge and mindset, you will always have job security in the information security business.

Ideal Skill Set For the Penetration Testing | InfoSec Resources

Chris

How to Secure Linux Servers :: Basic Linux Server Security

Looking for a quick start guide to a security standard for Linux server boxes, or looking to secure your own, here's a quick guide for newer users of Linux:

How to Secure Linux Servers :: Basic Linux Server Security

Chris

Facebook open JavaScript hole

Facebook open JavaScript hole

This is going to be an issue going forward for a large number of users if Facebook doesn't do something different with how they handle applications. Using iframes creates an abstraction that users can't see. The linked Trend Micro blog has this right. Maybe there will be other protections, but at this point it doesn't look good.

Chris

The awesomeness that is Android on HTC Evo 4G

As I type this, I am sitting in an car repair shop using my Sprint HTC Evo 4G to run PDANet (Android USB tethering application for Internet access) connected to my netbook, using my noise canceling head phones to listen to PaulDotCom (security podcast) using Car Cast Pro (Android podcast downloader/player) as well as updating my podcast feeds.  Android and good Internet access is all good...

Chris