Friday, October 30, 2009

New NIST document "Small Business Information Security: The Fundamentals"

NIST has published a new document on information security for small businesses to help them secure their information assets. It is a good read to understand the fundamentals of information security, it also lists some of the must have practices. The document is here

Friday, October 23, 2009

Metasploit project acquired by Rapid7

Really surprised to hear the news that Metasploit project has been acquired by Rapid7. HD Moore, the creator of Metasploit will be joining Rapid 7 as a full time staff, Moore insists in a podcast with Risky.Biz that all core software developed by the new, full time team will remain free and open source.

Hopefully this is a good news in that he can spend more time to develop Metasploit into an even exciting product. This reminds me of the similar moves by Nessus - Tenabale and Snort - Sourcefire

Useful cheat sheets - addition

Adding another cheat sheet to the mix. Transport Layer Protection Cheat Sheet provides various options with explanations for implementing TLS in a web application.

The other collection I posted a while back is here

Friday, October 9, 2009

Cyber Security Awareness Month

October in National Cyber Security Awareness Month, this is a good time to review the security practices and conduct sessions to make users aware of the program. This is also a good time to think on the home front to see what are the cyber threats and assess the defensive measures taken by you and your family members. Educate the kids and other family members on the importance of cyber security. Some useful links are below

Saturday, October 3, 2009

Phishing and Spam IQ Quiz

You think you are good at identifying spam and phishing emails? Take this small quiz and test your skills. Don't be disheartened by not getting 10/10, only 7.4% of test takers got 100%.

On the first page they provide you with some helpful hints, try not to look at those hints initially and see how you score. By the way, I got a 10/10.

You need more challenge? Head on to CMU labs developed phishing game Phil

Thursday, October 1, 2009

Microsoft's Free Anti-malware Tool

Microsoft has released the final version of the Microsoft Security Essentials program. The free malware protection software which until now was available only to a limited amount of beta testers is now available for download, it guards against viruses, spyware, and other malicious software.

Now, the obvious question is how good is this. According to the washingtonpost report,

"AV-Test ran MSE against 3,732 samples of malware that are currently infecting PCs around the world, and found that the program blocked all of them, both when the samples were opened or accessed and when the malware was manually scanned."