News, events, & resources for infosec professionals
Author: grecs
TLDR: NoVA Infosec Blogger/Tweeter/Event Finder at NovaInfosec.com. See bit.ly/whoisgrecs for more info.
Grecs has over 17 years experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career since. Currently, he spends his days doing cybersecurity paperwork drills in building multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz.
What do you say when a non-technical friend or family member asks you how to stay secure on the Internet? My answer is usually to go search for Brian Krebs’ 3 basic rules. Although he is known for researching ATM…
As reported by Gizmodo recently the world has rejoiced at news of Oracle’s decision to deprecate the much-maligned Java Plug-In. It will still be around for a while but this announcement marks the beginning of the end of this vulnerable…
We’ve talked about the Tails distro a while ago way back in 2012. Of course this was before Snowden and a lot of other privacy focused efforts that have arisen the past few years. Well, the maintainers have come a…
We kind of expected news of a new background check system would be coming soon due to OPM’s failure to protect it in years past. There will be a more secure system for storing the data, a DoD effort to…
I wondered what ever happened to this. With the complexity involved in meeting these requirements, no wonder the proverbial can is being kicked down the road until late 2017. In the meantime contractors only have to report penetrations into their…
I don’t know where I first heard this quote but I find it at the root of a lot of the security problems we have today. Basically, we have many newly minted information security professionals entering the market with so-called…
Following up on our recent article regarding the best way to create relevant and actionable threat intelligence, I wanted to share this Venn diagram from my “Creating REAL Threat Intelligence” series of talks. Basically, you cannot buy relevant and actionable…
For those that were not at closing ceremonies we just wanted to put out a post to announce the Shmoocon Firetalks 2016 winners. Before this though I would like to thank everyone that made Firetalks possible this year. First, I…
We have talked about using MASTIFF several times before as part of your malware analysis process. It is a wonderful automated static analysis framework created by Tyler Hudak (@secshoggoth) from KoreLogic Security. For those not familiar with MASTIFF, here is…
It was the NSA a while ago. Then RSA a few years back. Then NIST finally removed it from being an approved algorithm. And most recently Juniper got into the hang of things. If there are any vendors out there…