Infosec Blogs/Podcasts

Talking to Kids about Infosec Using Stories

September 24, 2014
By
computer_kids

Saw this cute post last week on how one infosec pro is explaining cybersecurity safety to his young girls with stories. What’s nice is that he relates it to what he does day to day at work too so you can kill two birds with one stone. The author provides three conversation starters, including how...
Read more »

Tags: , , , ,
Posted in Infosec Blogs/Podcasts | 8 Comments »

Because Information Security Is Like a Steaming Pile of Dog Poo….

September 10, 2014
By
dog_poo

In the midst of all the news about the Home Depot breach, Bloomberg released an interesting follow-up story about the JPMorgan Chase compromise in June. For Greg Rattray, who had just started as CISO, it was an inauspicious beginning. The previous individual in that role had exited, following about five other senior execs, to...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 5 Comments »

Stop Blaming Users for Choosing Dumb Passwords

September 8, 2014
By
Stop Blaming Users for Choosing Dumb Passwords

Microsoft put out a nice paper (pdf) last week countering many of the common password authentication best practices. The main point is that we need to stop blaming users for choosing dumb passwords (they just don’t care) and instead beef up our defenses against password based attacks. The last paragraph pretty much sums up...
Read more »

Tags: ,
Posted in Infosec Blogs/Podcasts | 8 Comments »

Will Selling Your 0-Days Soon Be Illegal?

September 7, 2014
By
Will Selling Your 0-Days Soon Be Illegal?

We covered this Wassenaar Arrangement thing before. The latest version of the agreement included 0-days, exploits, and backdoors as regulated and export-controlled “dual-use” technologies. Previously, the US wasn’t recognizing these most recent additions but that is all changing come later this month according to a recent Federal Register notice (pdf). The notice states that...
Read more »

Tags: , ,
Posted in Infosec Blogs/Podcasts | 1 Comment »

The Sad Truth About Breaches: We’re All Target

September 6, 2014
By
schrodengers-cat-500

Recently, a writer from a B2B technical publication, who occasionally uses me for comments on the industry, emailed me a question about the epidemic of security breaches. She wanted to know if better network security could have prevented or mitigated many of them. I thought about my response a long time and then sent...
Read more »

Tags: ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

Recommended Presentations from Cyber Defense Summit 2014

September 4, 2014
By
SANS Cyber Defense Summit

I wasn’t at the SANS Cyber Defense Summit (full agenda – pdf) last month but found some of the presentations interesting as you might expect. No videos have been released as far as I know but here’s a quick link to the slides. My favorite decks included “OODA Security” by Kevin Fiscus, “Developing Cyber...
Read more »

Tags: , , , , ,
Posted in Infosec Blogs/Podcasts | 4 Comments »

Inventing Email

September 3, 2014
By
Email Blue

There’s a feud going on between The Huffington Post and some guy claiming to have invented email in 1978. Arguments aside … what I found interesting was a bit of history on the invention of email. Again, that might make for a nice story line if there were some factual basis behind it, but...
Read more »

Tags: ,
Posted in Infosec Blogs/Podcasts | 4 Comments »

Painful Lessons from the Cloud

September 1, 2014
By
Sad-Cloud-Partly-Cloudy-i

The media is in a tizzy over the latest celebrity kerfuffle. Seems that nude photos of some prominent actresses were posted on 4Chan on August 31st. The interesting part of the story is the claim that hackers obtained the material through an iCloud hack. Media reports have focused on a (recently patched) vulnerability in...
Read more »

Tags:
Posted in Infosec Blogs/Podcasts | 2 Comments »

No Clear Solutions in the Cybersecurity Hiring Crisis

August 27, 2014
By
Cyber Masterclass Will Shakleton

Here’s an excellent post on the infosec worker shortage by Violet Blue the other day with comments from the likes of Richard Bejtlich, James Arlen, and Chris Hoff. It’s like the Cybersecurity Dreamteam … but even they can’t offer any clear solutions. At no time in history has there been a greater need to...
Read more »

Tags: , , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »

You Probably Already Have Most of the Security Tools You Need

August 26, 2014
By
tools

Tools – information security is fecund* with them, but it never seems like we have what we need. So what’s a poor security analyst supposed to do? In a recent two-part article, I discussed the built-in security functionalities of many common products in our organizations and how we can use them for security. Via...
Read more »

Tags: , , , , ,
Posted in Infosec Blogs/Podcasts | 3 Comments »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.