I have a ton of respect for Prolexic and what they offer to our world. But the spammers and botnets have waged a mini-war against Blue Security and anyone who seems to assist them. But instead of directly attacking Prolexic, a botnet was leveraged against upstream DNS servers for UltraDNS. Wow, just wow. This is the sort of cyberwarfare that is coming or already here where masses of zombied computers are wielded. So far much of this has been individual hackers or groups with personal beefs, but much like phishing and virus attacks, I expect things like this to take a much more organized and sinister turn in the next 4 years.

A nice presentation on wireless security. Pretty nice detail on what is going on.

This little trick is not necessarily wireless-only, but awesome nonetheless. Using a proxy and some other tools, one can mess with http traffic to unwanted wireless guests such as turning all images upside-down, instead of just outright denying them access. Pretty cool and fun! Reminds me a lot of airpwn, only this would be a wired version using squid.

Getting start with the Cisco Pix firewall

Pix failover demystified

Dan Morrill posted a list of his top 10 information security skills to have. I really like this list, and it certainly gives me something to use as a benchmark than just what appears on my resume or certs I might hold. Considering Dan manages teams like this make him the best opinion out there, really.

I was going to post a nice list of wireless certifications and courses, but this site sums them up better than my list would do. Definitely took in all the ones I had unearthed and more.

Here is a list of Top 10 books as suggest by the Information Security magazine.

Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
This perimeter security text is perfect for serious security professionals. The authors have mastered the art of applying the theoretical to actual working applications; the result is pragmatic advice from some of the finest minds in the field.

Hacking Exposed, Fifth Edition by Stuart McClure, Joel Scambray, George Kurtz
The original edition ushered in a new era of computer security publishing, offering unabashed, technically detailed and fully documented instructions on how to subvert the security of a multitude of systems. Although some scoff at the series, perhaps they just hate to see some of their secrets published.

Applied Cryptography by Bruce Schneier
Any book that the National Security Agency prefers to remain unpublished is bound to make great reading. Anyone doing serious work with cryptography needs a copy. With a comprehensive and excellent explanation of encryption of all kinds, this book is second to none.

Practical Cryptography by Bruce Schneier, Niels Ferguson
Schneier’s sequel to Applied Cryptography will help you apply your newfound cryptographic skills successfully and securely. Think of them as volumes one and two of the same book.

Practical Unix & Internet Security by Simson Garfinkel, Gene Spafford, Alan Schwartz
The authors deliver an excellent introduction to a wide variety of computer and network security issues within UNIX.

Security Engineering by Ross Anderson
This book details security design and implementation strategies employed in real-world systems. Although many publishers employ strategies attempting to inflate the page count (and price) of a book, this 600-page masterpiece could only result from the dedication of an extremely knowledgeable veteran of the field.

The Tao of Network Security Monitoring by Richard Bejtlich
“Tao” means “The Way,” and that’s what this book is: the way to evolve IDS operations. The network security monitoring philosophy is both obvious and completely revolutionary.

The Art of Computer Virus Research and Defense by Peter Szor
Szor’s mastery of virus/antivirus technology is unparalleled, and this comprehensive tome is the definitive work on the subject. Although parts are inaccessible to all but experienced assembly language programmers, antivirus is such a critical technology that every professional should read this book, if only to understand the problem.

A Guide to Forensic Testimony by Fred Chris Smith, Rebecca Gurley Bace
As security pros, we stand a higher-than-average chance of being called into court to testify about the results of our investigations. The authors do a good job of explaining the challenges associated with information security cases and how to give the best testimony possible.

Spam Kings by Brian McWilliams
This behind-the-scenes account of real-life spammers and spam fighters is a must-read for anyone trying to squelch junk e-mail. There’s a freak show in here, but also a lot of good intelligence on the inner workings of the spam kings.

And Richard Bejtlich’s Top 10.

What pulled my attention here is a couple papers on Setting Up Cisco Pix Firewalls, but in browsing the rest of the site, all of these papers look very interesting.

Email headers are a simple thing, but when you’re in a bind and needing to read one or more, they can sometimes be such an annoyance. This paper is a fullblown discussion on email headers and what they mean. Quite a nice read, to be honest.

Blue Pill and Red Pill are part of some new research into hardware abstraction and virtualization where a system can be fully controlled by an attacker if he/she can get an abstraction layer between the OS and the hardware…well, then it’s game over. Thankfully, this is not easy and does require physical access. Nonetheless, cutting-edge creativity is quite interesting.

Wow, I never thought I would see an article on CNN.com that had some technical merit! CNN questions laptop security and why exactly is sensitive data finding its way to mobile devices in the first place? Excellent question!

One of my favorite blogs, Security Monkey (or A Day in the Life of an Information Security Investigator), made a post about how to increases your chances of getting into the lucrative and fun field of penetration testing. The comments are nearly as good as the post itself and I definitely wanted to keep this around.

You can also use iptables to monitor bandwidth.

Want to become a Chief Espionage Officer?

This link I have not tried recently, but I believe these are still free study guides for the cissp and should still be pretty informative. I read one or two about a year or more ago, and file away the link for a time when I could more fully pursue the cissp. I believe these are from Shon Harris and hosted by this site as a sponsor.

Of note, Shon Harris also has CISSP training that you can pay for and attend.