Security Training
OpenSSL “Heartbleed” – Whose Vulnerable and How to Check
April 10, 2014 Added by:Dan Dieterle
The Internet is plastered with news about the OpenSSL heartbeat “Heartbleed” (CVE-2014-0160) vulnerability that some say affects up to 2/3 of the Internet.
Comments (1)
OpenSSL Problem is HUGE – PAY ATTENTION
April 10, 2014 Added by:Brent Huston
The attack allows an attacker to remotely tamper with OpenSSL implementations to dump PLAIN TEXT secrets, passwords, encryption keys, certificates, etc. They can then use this information against you.
Comments (0)
Hackers Impersonating Feds buy $1.5 Million worth of PC Supplies
April 07, 2014 Added by:Dan Dieterle
“Spear phishing fraud” has been used by hackers impersonating federal entities to create fraudulent orders for large amounts of PC supplies including toners, ink cartridges and even laptops.
Comments (0)
Yahoo Protects Users with Lots More Encryption
April 03, 2014 Added by:Electronic Frontier Foundation
We were thrilled to hear today that Yahoo is carrying through a concerted effort to protect users across its sites and services by rolling out routine encryption in several parts of its infrastructure
Comments (0)
On Complexity & Bureaucracy vs Security…
April 02, 2014 Added by:Brent Huston
“Things have always been done this way.” —> Doesn’t mean they will be done that way in the future, or even that this is a good way.
Comments (0)
Full Disclosure: The Rebirth
March 31, 2014 Added by:Tripwire Inc
Today, Full Disclosure is alive again, the advisories are flowing, the banter is cheerful, and the trolling has already started.
Comments (0)
Reforming Terms of Service: Microsoft Changes Its Policy on Access to User Data
March 31, 2014 Added by:Electronic Frontier Foundation
We commend Microsoft for its willingness to reconsider its policies, and we think it made the right decision.
Comments (0)
Be Wary: Hackers are Readying Security Updates for XP Users
March 27, 2014 Added by:Tripwire Inc
Approximately 40% of PC users still run desktop versions of Windows XP as well. Windows XP has been regarded by many as the best version of Windows ever.
Comments (0)
When Security Tools Cry Wolf
March 27, 2014 Added by:Ken Westin
With the rising number and complexity of security tools at our fingertips, sometimes everything looks like an alert so nothing becomes actionable.
Comments (0)
The Power of Change
March 26, 2014 Added by:Wendy Nather
I believe that most of security relies on detecting and controlling change. And there are so many aspects to change that have to be considered.
Comments (0)
How to Use Threat Intelligence with Your SIEM?
March 26, 2014 Added by:Anton Chuvakin
SIEM and Threat Intelligence (TI) feeds are a marriage made in heaven! Indeed, every SIEM user should send technical TI feeds into their SIEM tool.
Comments (0)
Will the Demise of XP Shut Down Your Business…or Heart?
March 25, 2014 Added by:Rebecca Herold
According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP.
Comments (0)
Why is Guy Fawkes an Anarchist Hero?
March 23, 2014 Added by:Wayde York
Why do Anonymous hackers and other anarchists use the mask of Guy Fawkes as their symbol? George Orwell may be a better anarchist freedom for all mask than Guy Fawkes.
Comments (2)
On Internally-sourced Threat Intelligence
March 20, 2014 Added by:Anton Chuvakin
At the very top of the very top of the pyramid...sit organizations that produce their own threat intelligence (TI), sourced from local artifacts and their own intelligence gathering activities.
Comments (0)
System Hardening: Defend Like An Attacker
March 18, 2014 Added by:Tripwire Inc
Defenders also need to think like attackers. Easier said than done.
Comments (0)
Delving into Threat Actor Profiles
March 17, 2014 Added by:Anton Chuvakin
Threat actor profiles can be used by a fledgling threat intelligence operation to organize their knowledge about who is “out to get them” and who they observe on their network. Such knowledge organization helps prioritize incident response and alert triage activities.
Comments (0)
- Multipath TCP - Black Hat Briefings Teaser
- Ad Hoc Security's Surprisingly Negative Residual Effect
- "Fake ID" Android Vulnerability in Lets Malicious Apps Impersonate Trusted Apps
- Connecting Bellwether Metrics to the Business
- The Dilemma of PCI Scoping - Part 1
- Cyphort Detects Surge in Ad Network Infections, a.k.a. “Malvertising”
- Israeli Military and Hamas trade Hacking Attacks
- Security and the Internet of Things
- EBS Encryption: Enhancing the Amazon Web Services Offering with Key Management
- White House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy