HolisticInfoSec.org
 
Showing 1-10 of 49 records
 
Expand article

Expanding Response: Deeper Analysis for Incident Handlers

2008-10-10 08:38:00 by Russ McRee in HolisticInfoSec.org
 
To achieve my GCIH Gold, I recently completed a paper called Expanding Response: Deeper Analysis for Incident Handlers , now available in the SANS Reading Room . The premise was to further expand on the topics discussed in my Malware analysis tools post. This paper includes tools discussed at various times in my toolsmith column in the ISSA...
 
Tags: network, paper includes tools, incident handlers, network capture, deeper analysis, paper, gcih gold, includes details, pcap files
 
 
 
 
Expand article

The McAfee Secure Standard: Sort Of

2008-10-07 23:47:00 by Russ McRee in HolisticInfoSec.org
 
...security standards. I believe that, in their own way, they are listening. So here's your chance 1) Is transparency enough 2) Is holding only enterprise customers accountable acceptable 3) Should ALL McAfee Secure customers be expected to fix their vulnerabilities, even if on different timelines 4) What else do you want McAfee to hear, in the...
 
Tags: mcafee, mcafee secure customers, sites, mcafee secure sites, mcafee secure standard, mcafee secure service, mcafee secure, loved mcafee secure, convince mcafee
 
 
 
 
Expand article

FileAdvisor: software file search engine

2008-10-01 14:34:00 by Russ McRee in HolisticInfoSec.org
 
Troy Larson sent me a heads up on Bit9's FileAdvisor , a service they describe as "a comprehensive catalog of executables, drivers, and patches found in commercial Windows applications and software packages. Malware and other unauthorized software that affects Windows computers is also indexed I immediately checked the FileAdvisor db for malware...
 
Tags: software, fileadvisor, commercial windows applications, malware, malware results, software packages, affects windows computers, comprehensive results, incident handlermalware
 
 
 
 
Expand article

Hype Alert: Internet Shopping Carts Are Secure

The Article has images
2008-09-26 15:00:00 by Russ McRee in HolisticInfoSec.org
...information security practitioner, but here's where the trouble begins Shopping cart service providers have developed secure ecommerce shopping cart solutions for any business owner looking to enhance their current online store, or create a new one. Some ecommerce shopping cart solution providers are even receiving PABP (Payment Application...
 
Tags: ecommerce, multiple ecommerce platforms, ecommerce sdl, ecommerce perspective, pci, pci dss, cart solutions, cart, ecommerce security
 
 
 
 
Expand article

XSF & XSS: Double your pleasure, double your fun

The Article has images
2008-09-21 21:00:00 by Russ McRee in HolisticInfoSec.org
...Information%20Technology%3B%3B%3BSecurity&startflag=3&CFID=66851845&CFTOKEN=29a95-d12594d4-47d9-49e8-9067-1091bdf68e80 Now here the same job posting spewing massive cookie data http://hostedjobs.openhire.com/epostings/jobs/submit.cfm?fuseaction=dspjob&id=23&jobid=130527&company...
 
Tags: openhire code, openhire, original openhire cross-site, scottrade site, scottrade, cross-site, site, secure code, code
 
 
 
 
Expand article

EstDomains & Intercage: A Perfect Couple in Crime

The Article has images
2008-09-15 21:32:00 by Russ McRee in HolisticInfoSec.org
If you track malware issues as readily as I do, you're likely aware of the failings of clownpacks like EstDomains and their hosting buddies Atrivo/Intercage. You need only follow Sunbelt's take on the topic, or search Emergingthreats to come up to speed Yesterday, EstDomains posted the most inept, ridiculous response ever issued to the endless...
 
Tags: intercage, estdomains, malware, malware presence, intercage data center, track malware issues, reliable ally, management services, malware vehicles
 
 
 
 
Expand article

XSS fortune cookie

The Article has images
2008-09-02 16:10:00 by Russ McRee in HolisticInfoSec.org
Forgive me in advance for an extremely bad joke, if you can even call it that, but I just can't help it Here's how to get an XSS fortune cookie 1) Ask the mighty Google oracle who might be able to tell you your fortune http://www.google.com/search?hl=en&q=tell+my+fortune&btnG=Search&lr=lang en 2) Select one of the sponsored links; in this case...
 
Tags: xss fortune cookie, cookie, fortune, google, mighty google oracle, extremely bad joke, compsychic readingpsychic, chose spritualexperts, play nice
 
 
 
 
Expand article

McIrony: An unexpected response from McAfee

2008-08-30 13:04:00 by Russ McRee in HolisticInfoSec.org
 
...information security professional; more readership or street cred than the next guy, or the respect of my peers for contributing to the greater good ? Attention, press cycles, 15 minutes...it all has its allure, trust me on this But at the end of the day, I really do want to contribute to the greater good So I did something different. I sent...
 
Tags: mcafee, mcafee secure, negative security research, research, mcafee secure product, security, security research community, information security professional, positive outcome
 
 
 
 
Expand article

ColdFusion: Hack Me or Help Me

The Article has images
2008-08-28 10:13:00 by Russ McRee in HolisticInfoSec.org
...information disclosure in a few sites running a ColdFusion-built CMS. The error reporting was so verbose it included the base path, data source name, database username, and yes, the database password I've cleaned it up for the protection of all involved, but here's a screen shot of only 1/4 of the details this site coughed up when I tweaked...
 
Tags: coldfusion, coldfusion paths, coldfusion fans, coldfusion security issues, error, database, database username, error messages, coldfusion feature