Archive | March, 2015

Security Websites

General Technology and Security trends:

Threat Intelligence

Microsoft Security Intelligence Report: http://www.microsoft.com/security/sir/default.aspx
Team Cymru (also has subscription service): www.team-cymru.org
FBI Cybercrime information: http://www.fbi.gov/about-us/investigate/cyber/cyber

Malware and threats:

Threat Expert: http://threatexpert.com
Microsoft Malware Protection Center: http://www.microsoft.com/security/portal/default.aspx
SANS Internet Storm Center: http://Isc.sans.edu
Symantec Threat Explorer: http://www.symantec.com/norton/security_response/threatexplorer/index.jsp
Symantec Internet Threat Report: http://www.symantec.com/business/theme.jsp?themeid=threatreport
McAfee Threat Center: http://www.mcafee.com/us/threat_center/
Metasploit Blog: https://community.rapid7.com/community/metasploit?view=blog
Security Focus: http://www.securityfocus.com/
Dshield: http://www.dshield.org/
Offensive Security’s Exploit Database: http://www.exploit-db.com/
Worldwide Observatory of Malicious Behaviors and Attack Threats (WOMBAT):
http://wombat-project.eu/246
Symantec’s Worldwide Intelligence Network Environment (WINE): http://www.
symantec.com/about/profile/universityresearch/sharing.jsp
Mandiant M-Trends: https://www.mandiant.com/resources/mandiant-reports/
Bad domains, IP addresses, and other indicators:
Malware Domain Blocklist: http://www.malwaredomains.com/
Malware Domain List: http://www.malwaredomainlist.com/
Unspam Technologies Project Honeypot: http://www.projecthoneypot.org/index.php
EXPOSURE (Exposing Malicious Domains): http://exposure.iseclab.org/
Shadowserver Foundation: http://www.shadowserver.org/wiki/

Automatic threat analyzers:

Anubis (Analyzing Unknown Binaries): http://anubis.iseclab.org/
Virustotal: http://www.virustotal.com/
Metascan online: http://www.metascan-online.com/

Threats with signatures:

IBM ISS X-Force: http://xforce.iss.net
BotHunter Internet Distribution Page: http://www.bothunter.net/
Latest Snort publicly available Snort rules (most recent rules require subscription):
http://www.snort.org/snort-rules/
Emerging Threats signature list: http://www.emergingthreats.net/
Latest Tenable Nessus plugins (requires subscription): http://www.nessus.org/
plugins/

Patches and vulnerabilities:

MITRE’s CVE: http://cve.mitre.org
NIST’s National Vulnerability Database: http://nvd.nist.gov/
US-CERT Technical Cyber Security Alerts: http://www.us-cert.gov/cas/techalerts
Microsoft Security TechCenter: http://technet.microsoft.com/en-us/security/default.aspx

Data Conveniency

Chris Dancy recently tweeted, “We don’t have a privacy problem with data we have a conveniency problem with data.” How true. We live in a day and age when we have become more desensitized to how our data is used to make our lives just a little more convenient. Earlier this week, Wired also published a great story on Disney’s MagicBand. Colleagues at work have described first hand how convenient the Disney MagicBand made their trip by allowing for things like unlocking your door at a Disney Resort hotel room, entering theme and water parks, checking in at FastPass+ entrances, connecting Disney PhotoPass images to your account and even charging food and merchandise purchases to your Disney Resort hotel room. Convenience?

It’s delightful, and it took hold faster than the goosebumps could. The utility seems so obvious, your consent has simply been assumed.

Source: Disney’s $1 Billion Bet on a Magical Wristband