Tiny Subversions, Kazemi's Projects
So important, Mr. Kazemi's video is meets today's Must Watch criteria.
>
So important, Mr. Kazemi's video is meets today's Must Watch criteria.
Illustrating exactly why, Cyber Ranges are vitally important for training. After all, you will fight like you train.
Marc Rogers' take on the SONY [NYSE: SNE] incursions, with a step-by-step rebuttal of the ostensible involvement of the Government of North Korea. Mr. Roger's argument - bolstered by the opinions of other, highly respected security professionals - is hardly surprising, yet satisfying in it's diametric view of the Federal Bureau of Investigation's examination of the matter...
Reports of newly discovered targeted attack code harshed our collective holiday mellow late last week, with the notification via the ICS CERT of flaws in the Network Time Protocol (in this case, prior to NTP version 4.2.8). The NTP 4.28 tarball is here, for folks that need to update their NTP deployments.
"NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice for vulnerability and mitigation details, and the Network Time Foundation Blog for more information. (January 2014) " - via NTP.org
The United States Federal Bureau of Investigation has just issued an update to the Bureaus' ongoing investigation into the SONY [NYSE: SNE] breach, and the miscreants that committed the crime. The gist: North Korea has been implicated in the crime.
Astounding. The Litany of DRM exposed... This time, by that escapade ancienne - reuse. The POC has been published by KeurigHack. The enforcers may already be at your door.
The Electronic Frontier Foundations' Secure Messaging Scorecard is our Must Read. In a nutshell, the EFF has graded the anti-surveillance efficacy of an impressive number of providers and software packages. Enjoy!
In a well wrought thought piece crafted by Ellen Branagh, and published by Cable.UK (A UK based cable television and broadband inter-networking industry site), in which, the good Ms. Branagh converses with Olaf Kolkman, ISOCs' CITO, regarding the true nature and benefits brought to the networking table by our favorite integrity-guarantor of DNS queries, non-other than DNSSEC.
via the inimitable Dan Goodin, writing at Ars Technica, regales us with the latest POODLE attack news, this time, targeting TLS, and not your ankles...
Clerkendweller (aka Colin Watson) discusses an interesting ACM paper entitled 'Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals', presented last month at the ACM CCS 2014. The paper's authors, Frank Piessens, Tom Van Goethem, Nick Nikiforakis and Wouter Joosen present a fascinating take on the current crop of security seals, badges and what-not, attesting the security posture of whatever site the badges appear on.
Once again, Kim Zetters' superlative prose details the astounding story of Stuxnet; this time, in a new book titled 'Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon' [published by Crown Publishing Group a division of Random House]. Apparently, like many other 'infections' the vector [in this case] is the order-of-the-day... This month's MustRead.
Fascinating blog post at Trustwave SpiderLabs by Tom Neaves, detailing a deep interest in all things wireless, and in this case 802.11 wireless and covert channel exploitation. Today's Must Read.