By Kurt Seifried (kurt@seifried.org)

The Pirate Party of Sweden has launched a new anonymous Internet browsing service, essentially they provide a VPN service with NAT to anonymize your connection.

More: https://www.relakks.com/?lang=eng

The Washington Post

If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. That’s exactly what hackers Jon “Johnny Cache” Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.

More: Article here

This problem affects most if not all wireless device drivers that haven’t been audited for security (which would be most of them). When not in use wireless should be disabled, ideally with a hardware switch (contained on many laptops).

www.tech-recipes.com

Open the Registry Editor click on the Start button on your taskbar, then click on Run and type “regedit” and click on OK to start the regedit utility.

Expand HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control.

From there right click and create a new key and name it “StorageDevicePolicies”. In the window on the right then create a new DWORD value and label it WriteProtect, give it a value of “1″ and users can no longer write to USB drives. To re-enable this option change the value to 0 and users are again allowed to write.

More: Read the article here

NIST

NIST is pleased to announce the release of draft Special Publication (SP) 800-69, Guidance for Securing Microsoft Windows XP Home Edition: A NIST Security Configuration Checklist. SP 800-69 provides guidance to home users, such as telecommuting Federal employees, on improving the security of their home computers that run Windows XP Home Edition. Home computers face many threats from people wanting to cause mischief and disruption, commit fraud, and perform identity theft. The publication explains the need to use a combination of security protections, such as antivirus software, antispyware software, a personal firewall, limited user accounts, and automatic software updates, to secure a computer against threats and maintain its security. It also emphasizes the importance of performing regular backups to ensure that user data is available after an adverse event such as an attack against the computer, a hardware failure, or human error. The publication contains detailed step-by-step directions for securing Windows XP Home Edition computers that can be performed by experienced Windows XP Home Edition users.

NIST requests comments on NIST SP 800-69 by August 31, 2006. Please submit comments to itsec@nist.gov with “Comments SP800-69/XPHome” in the subject line.

URL to document:
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html

IT Managers Journal

Information security flaws can create havoc within your business operations. The ISO 27001 standard for information security management systems can help to locate existing security problems and prevent future threats before they prove harmful to your organization.

More: Read the article here

I have purchased a copy of the standard, after a brief read I’d have to say overall it’s a pretty good effort and all encompassing document. In the coming weeks we will have a series of articles offering commentary and a more in depth look into the ISO 27001 standard.

NIST

2nd Public Draft Special Publication 800-96, PIV Card / Reader Interoperability Guidelines.
URL to view / download this document: http://csrc.nist.gov/publications/drafts.html#sp800-96

NIST is pleased to announce the release of Draft Special Publication 800-96 (SP 800-96), PIV Card / Reader Interoperability Guidelines. The SP 800-96 is available for a two week public comment period. The document provides guidelines for interaction between any card and any reader in the PIV system. It covers contact and contactless readers for logical access as well readers for physical access. The comment period closes at 5:00 EST on Friday, August 11th, 2006.

Special Publication 800-85B, PIV Data Model Conformance Test Guidelines.
URL to view / download this document: http://csrc.nist.gov/publications/nistpubs/index.html#sp800-85B

NIST is pleased to announce the release of NIST SP 800-85B, PIV Data Model Conformance Test Guidelines. This document provides Derived Test Requirements and Test Assertions for testing all data on the PIV Card. The requirements and assertions cover the following PIV Specifications - SP 800-73-1, SP 800-76 and SP 800-78. In addition it also provides tests for verifying the PKI certificates on the PIV card for conformance to Certificate Profiles in FICC-SSP subcommittee document. The guidelines are to be used by the developers of software modules, PIV card issuers, and entities performing conformance tests.

2nd Public Draft 800-53 Revision 1, Recommended Security Controls for Federal Information Systems.
URL to view / download this document: http://csrc.nist.gov/publications/drafts.html#sp800-53-Rev1

NIST is pleased to announce the release of Special Publication 800-53, Revision 1 (Second Public Draft), Recommended Security Controls for Federal Information Systems. SP 800-53, Revision 1 is available for a one-month public comment period. The comment period closes on August 25, 2006.