Month: August 2015
GFI – Security 101 – The 10 immutable laws of security revisited
I keep a printed copy of the 10 Immutable Laws in my office at all times. It is a great reminder of what Information Security means and what threats we face on a daily basis. This article is a great refresher on the subject.
http://www.gfi.com/blog/security-101-the-10-immutable-laws-of-security-revisited/
InfoSec Handlers Diary – Are You Protecting your “Backdoor” ?
This is an excellent article from Johannes Ullrich on the often overlooked area of physical server security and remote management. It is well worth a read.
https://isc.sans.edu/diary/Are+You+Protecting+your+%22Backdoor%22+%3F/20069
Tenable – The Cost of Incident Response
This is a fantastic article detailing the costs of incident response and sheds a strong light on the value of early detection and remediation. I certainly recommend this read and that every CIO/CFO/CSO save and tuck away this formula for future use. Every tool you can bring to bear on the omnipresent internal ROI debate is worthwhile.
Sophos Weekly Recap
Credit card info for 93,000 Web.com customers nabbed in data breach
This is yet another breach to consider. The fact that addresses were also involved gives pause due to the increased risk for identity fraud.
Intel working on ID bracelet for security and authentication
I find this intriguing on a variety of levels, not the least of which is the potential power of a wearable in a arena of multi-factor authentication. I am not convinced yet that a single device should be the sole authentication mechanism, but as a second factor, it makes perfect sense.
http://androidcommunity.com/intel-working-on-id-bracelet-for-security-and-authentication-20150819/
IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch
This alert has been posted far and wide this morning across the Internet and should be taken very seriously. All systems, especially those not employing EMET, should be patched immediately.
‘Loose tweets destroy fleets’ – US Air Force warns
Operational security is of paramount importance. Just ask the ISIS member who found himself staring down a missile strike due to his social media post. I am glad to see the US Air Force addressing this problem.
https://nakedsecurity.sophos.com/2015/08/19/loose-tweets-destroy-fleets-us-air-force-warns/
Krebs – How Not to Start an Encryption Company
This is a great article and interview snippet by Krebs on the pitfalls of untested marketing claims in the world of encryption software…well worth the read.
http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/