95 Percentile →
Reported by Security Week, comes the revelation that 95% of all HTTPS servers do not possess HTTP Strict Transport Security (aka HSTS) deployments.
As Netcraft’s Paul Mutton explained in a recent blog post, these vulnerabilities can be exploited in phishing, pharming and man-in-the-middle (MiTM) attacks when a user unintentionally attempts to access a secure site via HTTP, meaning that the attacker does not have to spoof a valid TLS certificate to be successful. These attacks are easier to be carried out compared to those targeting TLS, such as the DROWN attack. - via SecurityWeek
Sunday Security Maxim
Putt’s Law: Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Saturday Security Maxim
Ginsberg’s Laws from the beat poet Allen Ginsberg (1926-1997):
The First Law of Thermodynamics: "You can't win."
The Second Law of Thermodynamics: "You can't break even." The Third Law of Thermodynamics: "You can't quit." Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
USENIX Announces ENIGMA 2017 →
USENIX’s Enigma Conference is slated for January 30th through February 1st, 2017 at the Oakland, CA Marriott City Center. David Brumley and Parisa Tabriz also reprise their roles as Program Co-Chairs. Most certainly a Must Attend Conference in 2017.
NIST, Attackers Honing In On Teleworkers? →
The National Institute of Science and Technologies (NIST) has released two draft publications — Special Publication 800-46 Rev. 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (Draft), and Special Publication 800-114 Rev. 1 User’s Guide to Telework and Bring Your Own Device (BYOD) Security (Draft). Enjoy!
XKCD, United States Map
Spelling, The Billion Dollar Error →
Sunday Security Maxim
Byrne’s Law: In any electrical circuit, appliances and wiring will burn out to protect the fuses. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Saturday Security Maxim
Shaw’s Law: Build a system that even a fool can use, and only a fool will want to use it. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Judah Levine, Time Lord
Global Data Geeks, Blalock Interview →
Verizon's Cookie
Sunday Security Maxim
Firestone’s Law: Chicken Little only has to be right once. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.