A Secret World, Detailed →
Today MustRead details the secretive environment many vulnerability researchers and operatives live and labor within. Enjoy.
Trustwave Locates New VOIP Device Backdoor →
Meanwhile, in the Infosecurity.US What-Could-Possibly-Go-Wrong Department, comes this El Reg news item detailing a report published by researchers at Trustwave, of an undocumented backdoor account in DBLTek GoIP products. The kicker you ask? DBLTek has so far failed to remediate the issue, and has left the 'door' swinging on it's creaky hinges... Oops.
"Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure." - via the published Trustwave Report
Kicking the Certificate Habit →
Dr. Jaap-Henk Hoepman's security posts (via his blog), detailing his provocative yet fundamentally sound thoughts on the subject of terminating the utilization of certificates is today's absolute MustRead.
The basic idea - A few days ago I explained the idea including a mechanism to detect phishing attacks. This makes the protocol more complex, and creates confusion. So let’s try again, explaining the basic idea first. Whenever a browser sets up a new TLS connection with a domain, the web server serving that domain respond with its public key (instead of a certificate, as is currently the case) in the initial TLS handshake. (This is more precise than saying that the web server sends its public key in the header of every page it sends.)... Read more at Dr. Hoepman' blog
An Interview with Howard Schmidt →
Professor Barbara Endicott-Popovsky, Ph.D., interviews Howard Schmidt. This video originally aired via the International Conference on Cloud Security Management at The Information School of the University of Washington, in October 2013. The principles, patterns and anti-patterns discussed in the video remain evident today.
Requiescat in Pace, Howard Schmidt
Howard Schmidt, Former Supervisory Special Agent, Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corporation, Former Chairman of White House Critical Infrastructure Protection Board, VP and CISO eBay Inc., Special Agent, United States Army CID (Reserves), Law Enforcement Officer Chandler Police Department Arizona.
May He Rest In Peace.
Myctyris Longicarpus, Ratiocinor Infra Aedificium →
Via Futility Closet comes an outstanding computational methodology utilizing blue soldier crabs as the componentized logic delivery mechanism for a bio-computational device (in this case - a logic gate). Certainly today's MustRead.