Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “2 Steps Forward, 1 Step Sideways, 1 Step Back – The New Background Check System”, 2) “Tails 2.0 Released” and 1) “Pentagon Delays SBU Requirement 10,000 Contractors”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
Shmoocon Firetalks 2016 Winners: For those that were not at closing ceremonies we just wanted to put out a post to announce the Shmoocon Firetalks 2016 winners. Before this though I would like to thank everyone that made Firetalks possible this year. First, I would like to thank our sponsors. Each of their contributions covered prizes for the best speakers and audience give-aways. (continued here)
Venn Diagram of the Day – Commercial vs. Home Grown Threat Intel: Following up on our recent article regarding the best way to create relevant and actionable threat intelligence, I wanted to share this Venn diagram from my “Creating REAL Threat Intelligence” series of talks. Basically, you cannot buy relevant and actionable threat intelligence as it pertains to your organization. (continued here)
If You Can’t Configure It, You Can’t Secure It: I don’t know where I first heard this quote but I find it at the root of a lot of the security problems we have today. Basically, we have many newly minted information security professionals entering the market with so-called “cyber” degrees. Yeah, they can do the basics but when push comes to shove they lack important foundational skills required to be successful. One of the reasons is the big difference between conceptual academic theories and actual experience administrating the systems they are trying to secure or defend. The people who are going to excel in our field are those that cut their teeth going through the horrors of configuring and administrating a network and its hosts, servers, and devices. (continued here)
Pentagon Delays SBU Requirement for 10,000 Contractors: I wondered what ever happened to this. With the complexity involved in meeting these requirements, no wonder the proverbial can is being kicked down the road until late 2017. In the meantime contractors only have to report penetrations into their networks within 72 hours. (continued here)
2 Steps Forward, 1 Step Sideways, 1 Step Back – The New Background Check System: We kind of expected news of a new background check system would be coming soon due to OPM’s failure to protect it in years past. There will be a more secure system for storing the data, a DoD effort to provide security for any data gathered, and a new organization — the “National Background Investigations Bureau (NBIB)” led by a presidential appointed director — in charge of conducting the background checks. Although a bit of this sounds like security theater or just making changes to show they are doing something, it looks like some progress will be made. (continued here)
Tails 2.0 Released: We’ve talked about the Tails distro a while ago way back in 2012. Of course this was before Snowden and a lot of other privacy focused efforts that have arisen the past few years. Well, the maintainers have come a long way since then and have just announced the release of Tails 2.0. For those unfamiliar with this distro, Tails is a live operating system that can be run from a DVD or USB that provides a level of privacy and anonymity by storing no (or limited) persistent data in the OS and routing all traffic through the Tor network. What are your thoughts on Tails? Let us know. (continued here)
The Java Plug-In Is Dead, Long Live HTML5!: As reported by Gizmodo recently the world has rejoiced at news of Oracle’s decision to deprecate the much-maligned Java Plug-In. It will still be around for a while but this announcement marks the beginning of the end of this vulnerable browser plugin. For the last decade the Java Plug-In has been one of the top pieces of software attacked and its death will surely cut off a primary exploit vector from our adversaries. (continued here)
Hope everyone had a wonderful week! Have a great weekend!