Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “And Then There Were Four … NSA Cyber Offense Schools,” 2) “New Jobs for Ethical Hackers at Pentagon,” and 1) “LastPass 2.0 Released but Beware Default PBKDF2 Setting.” If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Slides from PHP Website Security Talk at RVASec: This past weekend @grecs had the honor of presenting some PHP security research he’s been pulling together for some time now. The presentation was based on his AppSecDC PHPIDS talk however more emphasis was placed on overall PHP security more than PHPIDS. If you were at RVAsec and got a chance to hear his talk … let us know what you thought! (continued here)
New Jobs for Ethical Hackers at Pentagon: Looks like security researcher @mikko has been doing some investigations recently … this time in job openings instead of malware. No, he doesn’t seem to be looking for a new position but instead analyzing the number of open infosec positions that have skyrocketed for the Pentagon and their contractors. Mikko further found that many of these opportunities fall into the “offensive cyberwarfare” category. So if you have the right clearances and skills, you may be able to demand a salary of up to $175,000! What do you think about offensive cyberwarfare? Are the salary predictions realistic? Let us know your thoughts. (continued here)
“Continuous Fixing” to Mend Loophole in “Continuous Monitoring” Doctrine: The Homeland Security Department will present to federal computer contractors and remote cloud suppliers standards for finding and fixing cyber threats within 72 hours, DHS officials announced on Thursday. To us it seems like common sense that “fixing” would be included in “monitoring.” Nonetheless, DHS’s decision to augment “continuous monitoring” with “continuous fixing” seems to be a proactive choice. What do you think? (continued here)
LastPass 2.0 Released but Beware Default PBKDF2 Setting: LastPass just released a major version update. Welcome to 2.0! We give LastPass rave reviews as they seem to take security very seriously. That combined with the flexibility of cross-computer use and improvements such as the overall better user interface and I think it makes a worthy upgrade. Have you used LastPass 2.0? Let us know what you think! (continued here)
Unconfirmed: Flame Created by US & Israel to Slow Iranian Nuke Program: Contrary to what this article says, this information is unconfirmed, but the NSA, CIA, and Israeli military developed Flame to slow Iran’s nuclear program. The article goes on to say that it is believed to be the first sustained “cyber” campaign to sabotage a U.S. adversary. We find this hard to believe though … it’s more likely to be just the first one exposed. What do you think about this? (continued here)
And Then There Were Four … NSA Cyber Offense Schools: The NSA has created a new Cyber Operations program. Out of the 20 schools that applied, only 4 were selected: State University in SD, Northeastern University in MA, the University of Tulsa in OK, and the Naval Postgraduate School in CA. We feel that this new Cyber Operations program seems to be a great opportunity for those interested in the challenging defensive and offensive operations environment. Let us know what you think. (continued here)
New Undergrad Infosec Honors Program at UMD: The University of Maryland has a new infosec honors program for undergraduate students. We feel that students are more prepared as computer science or engineering majors at the undergraduate level, then they can pursue an infosec degree at the postgraduate level once they have field experience. But of course, that is our opinion – let us know yours! (continued here)
Hope everyone had a wonderful week. Have a great weekend!