Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Zmap Released, Nmap Updated with Speed Improvements”, 2) “Amazon EC2 Pen Test Lab Slides from BSidesLV”, and 1) “How Does FedRAMP Authorization Affect Cloud Providers?”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.
Update LastPass Now … at Least If You’re an IE User: We are big proponents of password managers, especially LastPass, so when we saw this little piece from PCMag.com hit the news, we thought it best to help spread the word. Apparently IE maintaining some passwords in cleartext while in memory after autofilling a form is the cause for the concern. Do you know of additional controls that LastPass uses to stop attackers from using your master password in memory? Let us know in the comments below. (continued here)
How Does Amazon’s FedRAMP Authorization Affect Cloud Providers?: A couple weeks ago, the GSA announced that Amazon Web Services (AWS) was granted a FedRAMP authority to operate (ATO) from the Department of Health and Human Services. Make no mistake – this is a great achievement and AWS deserves significant praise for achieving this milestone. The fact is – Amazon’s dedication to compliance has yet to be matched. In addition to FedRAMP, AWS undergoes all three SOC examinations (SOC 1 , SOC 2, and SOC 3) , PCI validation, ISO 27001certification, and more. How do you think Amazon’s FedRAMP authorization will affect cloud providers? Post your comments below. (continued here)
ISC2 Board Slate and Petition Process: Hey CISSPers … be sure to check your email inboxes for an important announcement from (ISC)2. Over the weekend they just announced the annual “ISC2 Board Slate and Petition Process” with complete details on the upcoming Board of Directors election cycle. Beyond mentioning the 5 available board seats (up from 4 last year), the message also includes a listing of their 8 endorsed candidates, including none other than Howard Schmidt. Anyone else interested in getting on the ballot must submit an electronic or written petition containing no less than 500 signatures from members before 5:00 pm EST on September 17th. Are you thinking of running for a Board seat? Let us know in the comments below. (continued here)
Amazon EC2 Pen Test Lab Slides from BSidesLV: A few weeks ago I had the honor of presenting some initial research on setting up a pen test lab in Amazon EC2 at BSidesLV in Las Vegas, NV. The goal of the presentation was to provide an overview of their cloud architecture and describe how you could take advantage of it to quickly build your own virtual pen testing lab. Here’s the title, abstract, and the slides. (continued here)
Zmap Released, Nmap Updated with Speed Improvements: Two related stories we’ve been tracking the past few days were the announcement of a new tool that can scan the entire Internet in less than an hour and an update to THE defacto networking scanning tool. (continued here)
How-To On Australian Signals Directorate’s Top 4: I’ve been a big fan of some of the simple yet effective advice the Australian Signals Directorate (ASD) has given over the years. Key among them are the Top 35 strategies for mitigating threats posted each October. But some of these suggestions they are no longer optional … that is … if you are a Australian agency. Due to a new law the government will require all agencies to adopt the ASD’s top four recommendations. What do you think of ASD’s new guidance? Let us know in the comments below. (continued here)
Hope everyone had a wonderful week. Have a great weekend!