| .:: Recent events ::.
This page is no longer updated and remains here for historical reasons. Instead of that I continue on my blog http://vyskoc.blog.sme.sk (in Slovak)
19. 10. 2006 - Privacy guidelines
Microsoft published a 49-page document, called Microsoftıs Privacy Guidelines for Developing Software Products and Services. See www.microsoft.com/downloads/details.aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f&displaylang=en.
15. 09. 2006 - Tips to protect online search privacy
The Electronic Frontier Foundation has developed six online search privacy tips. See www.eff.org/Privacy/search/searchtips.pdf.
30. 08. 2006 - Data Loss Database - Open Source
Attrition.org introduced DLDOS - a basic database that will assist others in tracking data loss and data theft incidents accross the world. See attrition.org/dataloss/.
2. 07. 2006 - 2006 Tool Survey Released
A whole site for the results of the 2006 top security tools survey has been created - see SecTools.Org.
28. 06. 2006 - OWASP Top 5
The Open Web Application Security Project made available its OWASP Top 5 - information on PHP vulnerabilities based upon attack frequency in 2005 as reported to Bugtraq. See www.owasp.org/index.php/PHP_Top_5.
12. 06. 2006 - IT security handbook for managers
The National Institute of Standards and Technology (NIST) released a 124-page draft of its Information Security Handbook - A Guide for Managers. See csrc.nist.gov/publications/nistpubs/index.html.
15. 05. 2006 - Performance metrics for information security
The National Institute of Standards and Technology (NIST) released a draft of guide meant to establish performance metrics for assessing information security - Special Publication 800-80 "Guide for Developing Performance Metrics for Information Security". See csrc.ncsl.nist.gov/publications/drafts.html.
8. 05. 2006 - Repository of software security flaws
The Information Technology Laboratory of the National Institute of Standards and Technology (ITL NIST) launched a repository of samples of C, C++, and Java containing software security flaws. See samate.nist.gov/SRD/.
1. 05. 2006 - Standard for security logs
The National Institute of Standards and Technology (NIST) released guidelines on how to manage security logs. For NIST Special Publication 800-92: "Guide to Computer Security Log Management" see csrc.ncsl.nist.gov/publications/drafts/DRAFT-SP800-92.pdf.
22. 04. 2006 - Site devoted to security conferences
A new site devoted to information on security conferences has been created. See www.security-briefings.com.
18. 04. 2006 - Plan to improve cybersecurity research and development
The National Science and Technology Council in USA issued a preprint release of the "Federal Plan for Cyber Security and Information Assurance Research and Development". See www.nitrd.gov/pubs/csia/FederalPlan_CSIA_RnD.pdf.
5. 04. 2006 - ISM3 v1.20 published
Version v1.20 of the Information Security Management Maturity Model (ISM3) has been published. See www.ism3.com.
28. 03. 2006 - Web hacking incident database
The Web Application Security Consortium has a project dedicated to maintaining a list of web applications related security incidents. See www.webappsec.org/projects/whid/.
16. 03. 2006 - Standard for securing computer systems
The National Institute of Standards and Technology (NIST) has released the final version of the Federal Information Processing Standard 200. The standard sets minimum security requirements for securing computer systems under the Federal Information Security Management Act. See csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf .
10. 02. 2006 - Guidelines for removing data
The National Institute of Standards and Technology (NIST) has released draft guidelines for safely removing data from storage devices - Special Publication 800-88, "Guidelines for Media Sanitization". See csrc.nist.gov/publications/drafts/DRAFT-sp800-88-Feb3_2006.pdf.
1. 02. 2006 - Nmap version 4.00
Insecure.Org announced availability of the free Nmap Security Scanner version 4.00. It is available for most platforms in source or binary form from www.insecure.org/nmap/.
28. 01. 2006 - Guidance for redacting Word documents for public release
The National Security Agency (NSA) has released a report offering advice on how to safely edit sensitive information from Word documents and Adobe PDF files before releasing them for public. See www.nsa.gov/snac/vtechrep/I333-TR-015R-2005.PDF.
16. 01. 2006 - The Web Application Firewall Evaluation Criteria v1 released
The Web Application Firewall Evaluation Criteria project has announced the first official release of The Web Application Firewall Evaluation Criteria (WAFEC). WAFEC v1.0 can be downloaded from the project home page www.webappsec.org/projects/wafec/.
6. 01. 2006 - Uninformed Journal Volume 3
Uninformed has announced the release of its third volume. This volume covers topics like reverse engineering, rootkit technology, fuzzing, and other areas of research. See www.uninformed.org/?v=3.
25. 12. 2005 - New underground magazine
Obsidis is a scientific/underground magazine that focuses on research in ITC security. Number 1 was released at www.obsidis.org.
15. 12. 2005 - Nessus 3 released
Version 3 of the widely popular Nessus vulnerability scanner has been released to the public for various Linux distributions and FreeBSD (versions for Windows, Mac OS X and Solaris will not be released until early 2006). See www.nessus.org.
27. 11. 2005 - IT Security Guidelines
The Joint Information Systems Committee together with the Universities and Colleges Information Systems Association (USICA) have issued formal IT security guidance for UK colleges and universities. See www.ucisa.ac.uk/ist/.
9. 11. 2005 - RSA-640 factored
Successful factorization of the 193-digit composite number known as RSA-640 has been announced. See mathworld.wolfram.com/news/2005-11-08/rsa-640/.
29. 10. 2005 - VoIP security risks
Germany's Federal Office for Security in Information Technology (BSI) is warning of potential security risks with VoIP technology, in a study available (in German) at www.bsi.de/literat/studien/VoIP/index.htm.
24. 10. 2005 - Skype security evaluation
Skype has released an external security evaluation of its product, available at www.skype.com/security/files/2005-031%20security%20evaluation.pdf.
17. 10. 2005 - New security mailing lists
SecurityFocus has added five new security maillists to its collection of well-known security related mailing lists, namely
- Phishing & BotNets
- Real Cases
- Binary Analysis
- Wireless Security
- Policy, Standards, Regulations & Compliance
For more information and subscription see www.securityfocus.com/archive.
9. 10. 2005 - Site with security tools and tips for software developers
The U.S. Homeland Security Department together with the Carnegie Mellon Software Engineering Institute developed a special portal to provide best practices, tools and other resources for creating more reliable and secure software for developers and security professionals. See buildsecurityin.us-cert.gov/.
5. 10. 2005 - Web security threat classification
The Web Application Security Consortium (WASC) announced the availability of the open source Web Security Threat Classification. The material is available in 4 languages and in TXT, PDF, and DOC formats - for download see www.webappsec.org/projects/threat/.
21. 9. 2005 - Guideline for implementing cryptography
National Institute of Standards and Technology (NIST) has published draft document "Guideline for Implementing Cryptography In the Federal Government". It is available at csrc.nist.gov/publications/drafts/800-21-Rev1_September2005.pdf.
10. 9. 2005 - Book about digital forensics
Full text of the book "Forensic Discovery" by the well-known specialists in the field Dan Farmer and Wietse Venema, is now available at fish2.com/forensics/.
8. 8. 2005 - Vulnerability database
Information Technology Laboratory of the National Institute of Standards and Technology (NIST) has launched National Vulnerability Database (NVD). NVD is a comprehensive cyber security vulnerability database that is updated daily with the latest vulnerabilities. It integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is available at nvd.nist.gov.
27. 7. 2005 - Free web application security book
The Open Web Application Security Project (OWASP) has released a free open-source web application security book, "The OWASP Guide to Securing Web Applications and Services 2.0.". The 277 page book can be downloaded in both PDF and Word formats from the OWASP website at www.owasp.org.
20. 7. 2005 - Publication describing minimum security requirements
National Institute of Standards and Technology (NIST) has released document "Draft Federal Information Processing Standard (FIPS) Publication 200: Minimum Security Requirements for Federal Information and Information Systems." The document can be found at csrc.nist.gov/publications/drafts/FIPS-200-ipd-07-13-2005.pdf.
12. 7. 2005 - Security career guide
A nonprofit organization has created a "career guide" to spark interest for the information security profession among students. The booklet offers a description of information security, typical jobs, titles, industries and organizations, professional requirements, certification options, typical salaries, career outlook, and a listing of schools, education facilities, certification companies and other resources and associations. The guide can be found at www.isc2.org/careerguide/.
5. 7. 2005 - New version of OpenSSL released
The OpenSSL project team announced the release of version 0.9.8 of its open source toolkit for SSL/TLS. OpenSSL 0.9.8 is available for download via www.openssl.org/source/.
23. 6. 2005 - Resource of attack patterns and security patterns
New Wiki repository for the Attack Patterns and Security Patterns started at www.threatsandcountermeasures.com.
22. 5. 2005 - Report on insider sabotage
New report "Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors", presenting research conducted by the U.S. Secret Service and CERT is available at www.cert.org/archive/pdf/insidercross051105.pdf.
13. 5. 2005 - A new blog
Those interested in usability and security might find interesting a weblog on usable security at usablesecurity.com/.
8. 5. 2005 - Web security mailing list
The Web Application Security Consortium (WASC) has created 'The Web Security Mailing List' - an open information forum for discussing topics relevant to web security. Subscriptions by sending email to firstname.lastname@example.org.
26. 4. 2005 - New security configuration standards
The Center for Internet Security released new security configuration benchmarks for wireless networks AIS, OS X, Oracle 9i/10g, and Solaris 10. See www.cisecurity.org.
14. 4. 2005 - Zone-H 2004 statistics
The graphical statistics of intrusions for the year 2004 by the well-known site Zone-H are available. See www.zone-h.org/download/file=3D5396/.
26. 3. 2005 - Ten worst security practices
For a list of the ten worst security practices see www.nwc.securitypipeline.com/159900223.
21. 3. 2005 - Interesting report on cybersecurity
U.S. Presidential IT Advisory Committee (PITAC) made available its report "Cyber Security: A Crisis of Prioritization". In addition to various recommendations the report also identifies key areas for future research. See www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf .
2. 3. 2005 - Security advice for small business
Microsoft added a new "Security Guidance Center" to it's Small Business Center Web site. See www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx.
25. 2. 2005 - Security advice for non-technical people
The UK government launched an official virus alert website intended to help home users and small businesses protect themselves with free advice and threat alerts. See www.itsafe.gov.uk.
18. 2. 2005 - iDEFENSE Labs Website
iDEFENSE Labs launched community site intended as repository for sharing their research and development with the security community. The site is at labs.idefense.com.
2. 2. 2005 - Final public draft of recommended security controls
The National Institute of Standards and Technology has released the final public draft of recommended security controls for federal systems. The document that will become a mandatory Federal Information Processing Standard by the end of the year is available at csrc.nist.gov/publications/drafts/SP-800-53-FinalDraft.pdf.
22. 1. 2005 - PHRACK comes to an end
Final Call for Papers for the FINAL RELEASE of PHRACK has been published ... see www.phrack.org/cfp_final.txt.
12. 1. 2005 - New spyware mailing list
New mailing list to discuss spyware issues has been launched. To subscribe send an email to 'email@example.com'.
3. 1. 2005 - Information on phishing
An overview describing phishing and giving the public information on what to do about it is available at www.psepc.gc.ca/publications/policing/phishing_e.asp.
31. 12. 2004 - Information Systems Security Assessment Framework Draft0.1
Open Information Systems Security Group (OISSG) released its Information System Security Assessment Framework (ISSAF) - a structured framework that categorizes information system security assessment into various domains & details specific evaluation or testing criteria for each of these domains. A draft version of this framework is available at OISSG website www.oissg.org/issaf.
21. 12. 2004 - Xprobe2 v0.2.1 is available
Xprobe2 is a remote active operating system fingerprinting tool. The new version can be downloaded from www.sys-security.com/html/tools/tools.html.
30. 11. 2004 - WebGoat 3.5 released
New version of WebGoat - a web application that demonstrates a common web application vulnerabilities - has been released. Download it from www.owasp.org/software/webgoat.html.
23. 11. 2004 - Security for home users
Microsoft's effort to educate end users on computer security is visible at www.microsoft.com/athome/security/default.mspx.
19. 11. 2004 - Annual global privacy study released
The 7th annual Privacy and Human Rights survey, published by Privacy International and Electronic Privacy Information Center (EPIC) is available free of charge at www.privacyinternational.org/survey/phr2004.
17. 11. 2004 - First FIPS 186-2 validation certification for Elliptic Curve Crypto
Certicom Corp. has announced that its implementation for the Elliptic Curve Digital Signature Algorithm has earned the Federal Information Processing Standards (FIPS) 186-2 validation certification No. 1 - making it the first company to receive the designation for an elliptic curve cryptography (ECC) -based algorithm. See www.certicom.com.
3. 11. 2004 - Computer security training - Late booking deals portal
The new page with information on 'last minute discounts' for various security training courses is available at www.securitywizardry.com/C_lastmoment.htm.
21. 10. 2004 - The Origins of the National Security Agency
The study that traces the evolution of the military structures from the early 1930s to the establishment of the National Security Agency is available at www.thememoryhole.org/nsa/origins_of_nsa.htm.
6. 10. 2004 - New Microsoft Security Response Center PGP Key
The Microsoft Security Response Center has generated a new PGP key which is going to be used to sign all security bulletin notifications. The new key is available at: www.microsoft.com/technet/security/bulletin/pgp.mspx.
1. 10. 2004 - Toward secure code
18 concise tips to write more secure code were offered by experienced programmers in an article available at www.informit.com/articles/article.asp?p=332879.
18. 9. 2004 - Cyber Extortion Study
Interesting study that reviews the current understanding of cyber extortion as a crime has been made available at www.andrew.cmu.edu/user/gbednars/InformationWeek-CMU_Cyber_Extortion_Study.pdf.
15. 9. 2004 - ENISA Executive director elected
ENISA (European Network and Information Security Agency) Management Board elected Dr. Andrea Pirotti (Italy) for the position of the Executive Director of the agency.
1. 9. 2004 - Security contact information
The Open Source Vulnerability Database, a project to catalog and describe the world's security vulnerabilities, has expanded its offering and opened a vendor dictionary that serves as a centralized resource for vendor contact information for public use. The OSVDB vendor dictionary can be found at www.OSVDB.org.
24. 8. 2004 - Metadata risks
Various metadata can be hidden in documents and be inadvertently exposed, thus representing real risks. New website warning of the dangers posed by metadata has been launched ... see Metadatarisk.org.
18. 8. 2004 - Forum to discuss Windows XP Service Pack 2 issues
A new mailing list dedicated to discussion of Windows XP Service Pack 2 issues has been created. To subscribe, send an email to firstname.lastname@example.org, or visit www.patchmanagement.org.
13. 8. 2004 - "Phishing Attack Trends Report" for 2004
Tumbleweed Communications and the Anti-Phishing Work Group released the "Phishing Attack Trends Report" for 2004. See www.antiphishing.org/APWG_Phishing_Attack_Report-Jun2004.pdf.
10. 8. 2004 - IT security resource for developing countries
The World Bank infoDev program has published an "Information Technology Security Handbook," oriented to the needs of individuals, small businesses, governments and system and network administrators in developing countries. The document is available at www.infodev-security.net.
| team | contact