Defend Your Systems
Yes as Veracode says: https://www.veracode.com/blog/2015/07/application-security-assessment-reviewing-your-testing-program-sw They list 3 misconceptions: QA (Quality Assurance) is when development is done. Third party software does not need testing Developers don’t care about security We…
I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html It is best to use good passwords, 2factor authentication, and patch your systems The first article points to how a…
Threatpost has the story: https://threatpost.com/court-rules-ftc-has-authority-to-punish-wyndham-over-breaches/114390 From the court brief http://www2.ca3.uscourts.gov/opinarch/143514p.pdf are some interesting snippets: Let’s list the cybersecurity problems that Wyndham had: Stored CC data (which is a violation of…
Grant Bugher with perimetergrid.com had a talk on the DEFCON101 track. “Obtaining and Detecting Domain Persistence” As the slide above states, it is not about _how_ to hack a domain.…
There are many sites with security policies on the Internet, such as Universities recommending what to do and not do. http://sites.gse.harvard.edu/its/top-10-security-dos-and-donts http://www.feinberg.northwestern.edu/docs/mis/General_Security_Policy.pdf A security policy is a guideline to employees…