Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Pimp My Firefox – Pen Testing Style”, 2) “Free Offensive Security Class”, and 1) “Free CISSP Class”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
What’s the Most Secure OS?: I came across an article last week on the topic of the most secure desktop operating system and feel the author’s pain that we just keep asking the wrong question. As I’ve written about before it is not about which desktop operating system is more secure … but rather which presents the least risk to an organization or individual. Should we start saying “securable” or “securability” instead of “secure?” Got a suggestion for another term? Let us know in the comments below. (continued here)
Who Is a Fed?: In case you haven’t heard there’s been in outrage on both sides of the debate within the security community over a recent blog post from Jeff Moss (a.k.a., The Dark Tangent). In the article (see below) DT asked feds not to attend the upcoming DEF CON conference later this month due to the “recent revelations” … obviously related to the Snowden leaks. In perusing the Twitters, blogs, etc. over the past few days, my humble opinion is that most of the chatter has been against the so-called “time-apart” suggestion. (continued here)
Free CISSP Class: Whether you are for or against certifications, especially the CISSP, you sure can’t beat this bargain tweeted by @NimbleSec the other day. Starting this week Charles Sturt University is offering a free online 6 week course that meets every Wednesday. Beyond watching the weekly webinar, they also recommend purchasing the “Official (ISC)2 Guide to the CISSP CBK” book and spending 10 to 12 hours of additional time studying. (continued here)
So That’s a Fed: Update on Recent DEF CON No Fed Policy: Over the weekend the DEF CON crew put out a short clarification post on the topic of the recent “No Fed” policy, specifically addressing the question of who is a fed. The third paragraph below basically explains it. (continued here)
Free Offensive Security Class: This past spring Prof. Xiuwen Liu and W. Owen Redwood taught the first of their Offensive Security classes at Florida State University. Courses like this are nothing new but the difference here is that they put the entire thing online … syllabus, videos, slides, assignments and all. (continued here)
NovaHackers July Meeting Videos Posted: If you weren’t able to attend the NovaHackers meetup earlier this week, two of the presenters opted in to being recorded. Brett Thorson, of the Compute Cycle podcast, recorded and recently posted them. We weren’t able to attend but we heard it was a great time as usual. The sessions this month covered an overview of the Cyber Patriot CTF and an introduction for those looking to get into wardriving. (continued here)
Sand – Insert Head Into: Thought we’d point out this post titled “DHS Puts its Head in the Sand” from Schneier discussing the absurdity of a recent DHS memo about the of spillage policies associated with viewing any of the recent Snowden-leaked classified documents. Basically, the memo states that if an employee uses their unclassified work or home computer/device to view classified documents on the Washington Post, that machine is now classified and must be reported immediately. (continued here)
Pimp My Firefox – Pen Testing Style: We came across a great article on InfosecInstitute.com covering 18 extensions that turns Firefox into a pretty cool lightweight pen testing tool. The article lists 18 extensions that enable you to use Firefox for some light weight pen testing. We thought it was a very informative article, so we are passing it along by reposting it. Out of all of them we’ve always been a big fan of Tamper Data for doing some basic on-the-fly edits of POST, GET, and cookie requests. Thanks to Ryan Fahey at InfosecInstitute.com for giving permission to repost! What do you think about the add-ons, and which ones would you use? Post your comment below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!