Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “CCNA Online Courses for Free”, 2) “Pimp My Chrome – Pen Testing Style”, and 1) “Free Must-Have ‘Security Engineering’ Book”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
US Gradually Removing Chinese IT Equipment from Federal Systems: Global supply chain security is being emphasized more and more as economic espionage accusations fling back and forth over the Pacific. And now we have a law to back it up… An unheard of bill until Obama signed it on Friday, the Consolidated and Further Continuing Appropriations Act requires several federal agencies, the Departments of Commerce and Justice (DoJ), NASA, and the National Science Foundation (NSF), to consult with the FBI prior to purchasing IT gear from China. (continued here)
ShmooCon: Malware Analysis Intro: In my effort to finally catchup with some of the great ShmooCon talks, today I’m taking a look at NoVA local Richard “@xabean” Harman’s “Malware Analysis Collaboration Automation & Training” presentation. I’ve been interested in malware analysis lately as you may have noticed. At ShmooCon I didn’t get a chance to see Richard’s talk in person but it is definitely a must watch. Although he mostly focuses on setting up collaborative and classroom environments in the second part of the presentation, the first 15 minutes provides a nice overview for those interested in getting started in malware analysis. (continued here)
Pimp My Chrome – Pen Testing Style: I’m mostly a Firefox user as I can’t do without my Tree Style Tabs and easy-to-use NoScript plugins but this post from InfosecInstitute.com got me interested in looking at Chrome a little more. In this post Shathabheesha discusses several plugins that allow you to do some off the cuff pen testing without ever leaving your browser. I’ve seen plugins like these for Firefox as well but the simple port scanner by ClsHack.it puts it over the top. Have any other interesting security testing plugins for Chrome? Let us know in the comments below. (continued here)
CCNA Online Courses for Free: It seems like the “deal” sites are hitting infosec/IT pretty hard lately. First, it was a practically free VPS for as little as$30/year (which I bought two of). And now thanks to a tweet by @drinfosec, it’s two free CCNA video streaming courses by INE. Know of any other good deals out there that infosec pros would be interested in? Let us know in the comments below. (continued here)
Free Must-Have “Security Engineering” Book: So while we are on a “free” kick … I’ve been meaning to write about this essential reference for any seasoned or up in coming security pro. “Security Engineering: A Guide to Building Dependable Distributed Systems” written by Ross Anderson of the University of Cambridge and published by Wiley has been one of the “goto” references for teaching security over the past decade. Although more academic than many of the modern-day security books out there, “Security Engineering” not only covers the basics of security but also some of the intricacies of building secure systems from the ground up. Have you used this book as part of a university class or self-study? Any thoughts? Let us know in the comments below. (continued here)
Leaked Memo: Apple’s iMessage Crypto Smokes DEA: Interesting article from CNET on a leaked DEA memo saying that because of its encryption, “‘it is impossible to intercept iMessages between two Apple devices’ even with a court order approved by a federal judge.” I find this hard to believe. Apple probably didn’t design iMessage to be a Wickr or Silent Circle. The crypto is probably solid but the implementation is where faults usually lie. Perhaps Apple’s design is enough to thwart a casual intercepter but definitely not a government entity. Plus if an agency gets a hold of the physical iDevice, a quick warrant will solve any of those pesky crypto problems. (continued here)
Hope everyone had a wonderful week. Have a great weekend!