Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “QOTD – Setting PCI Compliance as the End Goal is Like…”, 2) “What is Hunting?”, and 1) “QOTD – “Cyber” Has Been Chosen as the Word”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
AT&T Charging $29 for Privacy?: This article title from Gigaom sounds appalling at first but sort of makes sense the more you think about it. You are essentially letting AT&T mine your data so they can display more relevant ads. That allows them to somewhat subsidize the cost of your Internet access, similar to how Facebook offers us a free service in exchange our preferences. (continued here)
Project KidHack Slides from BSidesTampa 2015: Last weekend I had the honor of presenting my Project KidHack talk at the BSidesTampa with @pupstrr. The goal of the presentation was to discuss all the fun games we can use to introduce our kids to information security. (continued here)
QOTD: Setting PCI Compliance as the End Goal Is Like…: I usually don’t steer into the realm of PCI that often but this quote brings a little chuckle to me. It’s scary how true it is though. (continued here)
Plugins … the Security Bane of Modern CMSs: Almost every day you see some security advisory associated with any of the popular CMSs out there. In almost all cases the issues have to deal with a third-party plugin. As an example see the advisory below for a recent flaw in the WP-Slimstat WordPress analytics plugin. Overall, though, the core CMS software packages seem pretty tight security-wise. (continued here)
What Is Hunting?: The SQRRL blog posted an excellent article defining what hunting is by David Bianco. The biggest take-away is that hunting does not start with indicators … rather it starts with questions. I’ve included a few snippets from the article below focusing on David’s definition, how it is related to the kill chain, and the skills that are necessary. This is similar to the definition Andrew Case gave at his keynote at BSidesTampa a few weekends ago. (continued here)
Tough Questions for NSA Director as Companies Forced to Pick a “Side”: NSA Director Mike Rogers had some tough questions the other day from several top security experts at the “Cybersecurity for a New America” conference in Washington, DC. There was Bruce Schneier discussing the legitimacy of backdoors but the exchange of the day was from Yahoo! CISO Alex Stamos, who asked the Director if we should build backdoors in for other countries as well. (continued here)
QOTD – “Cyber” Has Been Chosen as the Word…: Cyber! Everybody drink … right? Maybe not so much…“Cyber” has been chosen as the word, for lack of a better term. You can either talk to folks in terms of “cyber” or probably not be heard. – @McGrewSecurity #. (continued here)
Hope everyone had a wonderful week! Have a great weekend!