What do you say when a non-technical friend or family member asks you how to stay secure on the Internet? My answer is usually to go search for Brian Krebs’ 3 basic rules. Although he is known for researching ATM…
Krebs’s 3 Basic Rules
Author: grecs
TLDR: NoVA Infosec Blogger/Tweeter/Event Finder at NovaInfosec.com. See bit.ly/whoisgrecs for more info. Grecs has over 17 years experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career since. Currently, he spends his days doing cybersecurity paperwork drills in building multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz.
The Java Plug-In Is Dead, Long Live HTML5!
As reported by Gizmodo recently the world has rejoiced at news of Oracle’s decision to deprecate the much-maligned Java Plug-In. It will still be around for a while but this announcement marks the beginning of the end of this vulnerable…
Tails 2.0 Released
We’ve talked about the Tails distro a while ago way back in 2012. Of course this was before Snowden and a lot of other privacy focused efforts that have arisen the past few years. Well, the maintainers have come a…
2 Steps Forward, 1 Step Sideways, 1 Step Back – The New Background Check System
We kind of expected news of a new background check system would be coming soon due to OPM’s failure to protect it in years past. There will be a more secure system for storing the data, a DoD effort to…
Pentagon Delays SBU Requirement for 10,000 Contractors
I wondered what ever happened to this. With the complexity involved in meeting these requirements, no wonder the proverbial can is being kicked down the road until late 2017. In the meantime contractors only have to report penetrations into their…
If You Can’t Configure It, You Can’t Secure It
I don’t know where I first heard this quote but I find it at the root of a lot of the security problems we have today. Basically, we have many newly minted information security professionals entering the market with so-called…
Venn Diagram of the Day – Commercial vs. Home Grown Threat Intel
Following up on our recent article regarding the best way to create relevant and actionable threat intelligence, I wanted to share this Venn diagram from my “Creating REAL Threat Intelligence” series of talks. Basically, you cannot buy relevant and actionable…
Shmoocon Firetalks 2016 Winners
For those that were not at closing ceremonies we just wanted to put out a post to announce the Shmoocon Firetalks 2016 winners. Before this though I would like to thank everyone that made Firetalks possible this year. First, I…
Online MASTIFF
We have talked about using MASTIFF several times before as part of your malware analysis process. It is a wonderful automated static analysis framework created by Tyler Hudak (@secshoggoth) from KoreLogic Security. For those not familiar with MASTIFF, here is…
Dear Vendors: Now Would Be A Great Time to Remove Dual_EC RNG
It was the NSA a while ago. Then RSA a few years back. Then NIST finally removed it from being an approved algorithm. And most recently Juniper got into the hang of things. If there are any vendors out there…