Archive for June, 2005
Official digg podcast coming soon!

We are pleased to announce that former TechTV hosts Kevin Rose and Alex Albrecht have agreed to host a weekly podcast version of digg. Each 30 min podcast will cover the most dugg stories, as well as their personal favorites. Expect to see the first release sometime within the next two weeks!

read more | digg story

Domain 1.0 – General Security Concepts (Security+)

1.1 Recognize and be able to differentiate and explain the following access control models

 o MAC (Mandatory Access Control)

· Access controls based on security labels (Sensitivity labels) associated with each data item

· Lattice = MAC model

· Uses levels of security to classify users and data is a characteristic of MAC

o DAC (Discretionary Access Control)

· Access controls that are created and administered by the data owner are considered.

· Each object has an owner, which has full control over the object

· Inherent flaw in DAC is that it relies only on the identity of the user or process, leaving room for a Trojan horse

o RBAC (Role Based Access Control)

· Access control decisions are based on responsibilities that an individual user or process has in an organization

· Relationship of user, role, operation: multiple users, multiple roles and multiple operations

http://del.icio.us/rss/tag/access+control

http://del.icio.us/rss/tag/rbac

 

Spending too much time aimlessly on the internet?

Combines FireFox live Bookmark update feature with Del.icio.us and organize them by time.

Neat tip on how to save time while browsing the internet using Firefox and a Del.icio.us account.

read more | digg story

Absolutely Del.icio.us – Complete Tool Collection

del.icio.us is a very popular social bookmarks manager. This is possibly the largest collection of tools related to del.icio.us and is constantly updated.

read more | digg story

RSS Reader Security Check

With Google testing RSS ADS, predictions of Spyware on RSS soon and RSS exploits slowly emerging, this is a bit refreshing.
RSS Spyware by Years End
http://www.digg.com/security/_RSS_To_Carry_Spyware_Before_Year_s_Out
Mark Pilgrim's RSS Prank
http://diveintomark.org/archives/2003/06/12/how_to_consume_rss_safely

read more | digg story

Digg 2.0 Beta (Digg 2.1. on the way)

Beta of Digg 2.1 on the way. Here is the results of the first beta:
Thanks to everyone for doing a great job beta testing digg 2.0 thus far. please keep it up! We are aware of the dropdown problems and issues with IE (who uses IE anymore? (we joke, we joke) 😉 We are also aware that some users are requesting a “minimalist” interface. We will do our best to satisfy everyone – expect to see something along those lines in 2.1. beta.digg.com un/pw: betatest

read more | digg story

Remove the W32.Codbot WORM

W32.Codbot is a worm that has been popping up throughout the net. It exploits the SQL Sever LSASS and RPC-DCOM process.

W32.Codbot.AL masquerades as a system process which allows it to be run
when the system boots up. Once running it connects to Internet Relay
Chat (IRC) where it can take command to control you sytem.

Instructions to remove W32.Codbot.htm:
http://elamb.blogharbor.com/hacked/codbot.htm

Snort Technical Learning Guide

Snort is touted as one of the best network intrusion-detection systems available, but some consider it complicated to operate. This Technical Guide simplifies Snort operation with answers to questions like how to modify Snort rules and where to place IDS sensors.

read more | digg story

Vulnerability Disclosure List

VulnWatch was created because the involved individuals felt the need for a forum which didn't currently exist: a non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.

read more | digg story

Net Ready Key Performance Parameters (NR-KPP)

The Net Ready Key Performance Parameters (NR-KPP) is
comprised of the following elements: compliance with the Net-Centric
Operations and Warfare (NCOW) Reference Model (RM), applicable Global
Information Grid (GIG) Key Interface Profiles (KIP),
DOD information assurance requirements, and supporting integrated
architecture products required to assess information exchange and use
for a given capability.

Net Centric Operations Warfare Reference Model (NCOW RM) (a) The NCOW
RM serves as a common, enterprise-level, reference model for the DOD’s
Enterprise Architecture The NCOW RM will ultimately provide a common
architectural construct for NCOW with a common language and taxonomy.
The final version of the RM will include:

1. All Views (AV): AV-1 and AV-2
2. Operational Views (OV): OV-1, OV-2, OV-3, and OV-5
3. System Views (SV): SV-1, SV-2, SV-3, SV-4, and SV-5
4. Target Technical View

AV-1 Overview and Summary
Information Scope, purpose, intended users, environment depicted, analytical findings

OV-2 Operational Node
Connectivity Description Operational Nodes, operational activities performed at each node,
connectivity and information exchange need lines between nodes

OV-4 Organizational Relationships Chart
Organizational, role, or other relationships among organizations

OV-5 Operational Activity Model
Operational activities, relationships among activities, inputs and outputs.

OV-6c Operational Event-Trace Description
One of three products used to describe operational activity sequence and
timing – traces actions in a scenario or sequence of events and specifiestiming of events.

SV-4 Systems Functionality Description
Functions performed by systems and the information flow among system
functions, including information assurance functions

SV-5 Operational Activity to Systems Function Traceability Matrix
Mapping of systems back to operational capabilities or of system functions
back to operational activities.

SV-6 Systems Data Exchange Matrix
Provides details of systems data being exchanged between systems.

TV-1 Technical Standards Profile Extraction of standards that apply to the given architecture,
Including information assurance functions.

Bookmarks
that are constantly updated by people around the world use delicious
feed for netcentric (will need an aggregator to view feed):

http://del.icio.us/rss/tag/netcentric
More on Netcentrics, Ditscap, DIACAP and Information Assurance at infoassure.blogspot.com