Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “Could Sale of 0-Days Soon Become Illegal”, 2) “Trust RSA, the NSA & the Unknowns”, and 1) “Malware Analysis & Incident Reports for the Lazy” If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference.
A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered.remote-access.
Trust, RSA, the NSA & the Unknowns: In the security field trust is everything. And now RSA has lost that trust with recent revelations of them accepting a $10 million bribe from the NSA to make the flawed Dual Elliptic Curve random number generator the default in their BSafe crypto suite. (continued here)
Could Sale of 0-Days Soon Become Illegal?: Guess you won’t be able to sell your 0-days soon depending on how a recently passed piece of legislation on cyber arms control develops. The law, the 2014 National Defense Authorization Act, not only approves funding for the Department of Defense and a plethora of other defense-related expenditures but also requires the creation of mechanisms to “suppress the trade in cyber tools and infrastructure that are or can be used for criminal, terrorist, or military activities.” Does this mean hacking tools could become illegal too? (continued here)
Malware Analysis and Incident Response for the Lazy: If you’ve listened to my podcast, Healthy Paranoia (insert shameless plug here), I’m more builder than breaker or even analyst. Not that I don’t respect the heck out of anyone who does incident response, malware analysis or pentesting on a daily basis, but my interest isn’t normally in that direction. So inspired by a recent re-post by grecs, “Determining Safe Websites in 3 Easy Steps,” I thought I’d share my own cheat sheet of online tools I use to quickly check links, attachments, IPs and domains. There’s definitely some duplication and some tools are more useful than others. I’m sure it might be remedial for some, but I tend to be a bit obsessive when collecting resources. If anyone has additions, I’d love to hear about them. (continued here)
ShmooCon FireTalks Update: We would like to announce CSR Group as the Silver sponsor for this year’s ShmooCon FireTalks! They are a small veteran-owned business that provides custom training, incident response, malware analysis & reverse engineering, penetration testing and vulnerability assessment services to government and commercial clients throughout North America. To learn more about them check out their website at http://www.csr-group.com and follow them on Twitter at @csr_group. (continued here)
Hope everyone had a wonderful week! Have a great weekend!