Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
Unauthenticated self-service secure password reset - http://blog.leune.org/2014...
This Vox NetNeutrality article is wrong - http://blog.erratasec.com/2014...
There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox "explaining" NetNeutrality. It doesn't explain, it advocates.1. Fast LanesFast-lanes have been an integral part of the In... - Hacker News
This Vox NetNeutrality article is wrong - http://blog.erratasec.com/2014...
There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox "explaining" NetNeutrality. It doesn't explain, it advocates. 1. Fast Lanes Fast-lanes have been an integral part of the Internet since the beginning. Whenever somebody was unhappy with their speeds, they paid money to fix the problem. Most importantly, Facebook pays for fast-lanes, contrary to the example provided. One prominent fast-lanes is "channels" in the local ISP network to avoid congestion. This allows them to provide VoIP and streaming video over their own private TCP/IP network that won't be impacted by the congestion that everything else experiences. That's why during prime-time (7pm to 10pm), your NetFlix streams are low-def, while your cable TV video-on-demand are hi-def. Historically, all these channels were all "MPEG-TS", transport streams based on the MPEG video standard. Even your Internet packets would be contained inside the MPEG... - Hacker News
U.S. Postal Service Breach Impacts 800,000 Employees - http://www.tripwire.com/state-o...
The post U.S. Postal Service Breach Impacts 800,000 Employees appeared first on The State of Security. - Hacker News
Open Source World Opens Doors for Tech Jobs - http://www.phoenixts.com/blog...
November 10th, 2014 How are tech companies, universities and high school educators building the technical workforce here in the U.S.? The demand for tech related jobs continues to grow, but the demand outpaces the experienced and capable workforce available, especially in Maryland. If young graduates (high school or college) have the skills and degree, they may not hold the minimal or moderate experience employers desire. Employers will endure the wait for the right candidates who fit their requirements. In Maryland 4,514 cyber security jobs were posted in Baltimore alone in the past year and sixty percent of those positions required at least four years of experience. Where do these hungry tech professionals find experience? Earning work experience in the open source world Open source projects need individuals for testing, documentation, and even programming efforts to enhance projects on an ongoing basis. Contributors for these projects range in age from teenagers, college students,... - Hacker News
16 Tips for Moving Your Workloads to the Cloud - http://www.porticor.com/2014...
Got a plan for your move to the cloud? If you do, you’re in the minority. According to a recent study, a mere 31 percent of those planning a move to the cloud actually have a strategy for migrating data and applications. The rest don’t. To avoid the complexity and cost, we recommend heeding the […] The post 16 Tips for Moving Your Workloads to the Cloud appeared first on Porticor Cloud Security. - Hacker News
Thank You for the Review and Inclusion in Cybersecurity Canon - http://taosecurity.blogspot.com/2014...
Thank You for the Review and Inclusion in Cybersecurity Canon
Obama Asks FCC to Set Strong Net Neutrality Rules - http://windowsitpro.com/paul-th...
But common sense rarely cuts it in Washington D.C. President Obama on Monday issued a public plan for a free and open Internet, one in which Internet service providers are not allowed to restrict the best access... - Hacker News
EMET 5.1 Released, Contains Compatibility Fix for Internet Explorer 11 - http://windowsitpro.com/securit...
With Patch Tuesday just hours away, Microsoft is recommending updating the just revised and released Enhanced Mitigation Experience Toolkit. Content Classification:  Curated read more - Hacker News
ISO 27001 risk assessment: How to match assets, threats and vulnerabilities - http://www.iso27001standard.com/blog...
The 2013 revision of ISO 27001 allows you to identify risks using any methodology you like; however, the old methodology (defined by the old 2005 revision of ISO 27001), which requires identification of assets, threats and vulnerabilities, is still dominating. ... - Hacker News
Disks Not Online During Azure Migration - http://windowsitpro.com/azure...
Solve problems with disks not coming online in Azure. read more - Hacker News
Thoughts on Absolute Computrace - http://bartblaze.blogspot.com/2014...
Introduction Not too long ago my friend and colleague from Sweden, Jimmy, contacted me in regards to a strange issue. In the firewall, he saw tons of outgoing connections to a certain server: Each second outgoing connection to search.namequery.com A quick Google search revealed this was actually part of Absolute's Computrace tool - aka Absolute Persistence. Doesn't ring a bell? Try Lojack. From their website: List of BIOS & firmware compatibility: http://www.absolute.com/en... Why would this be an issue? First of all, there has been some excellent research by Anibal Sacco and Alfredo Ortega here: Deactivate the Rootkit, in which they describe attacks on BIOS anti-theft technologies, which Absolute also offers. An excerpt from their paper: In order to be an effective system, the anti-theft agent must be stealthy, must have complete control of the system, and most importantly, must be highly persistent because wiping of the whole system most often occurs in the... - Hacker News
Nevada Cybersecurity: Enterprise Solution Reduced Incidents by 80 Percent - http://www.govtech.com/securit...
When Nevada CIO David Gustafson joined the state's Enterprise IT Services as a deputy CIO in 2009, security was not seen as a priority, but he quickly set out to change that. "I learned early on that threats [were] increasing at an alarming rate -- so fast that we can barely keep up." By 2012, Nevada's cyberproblem had grown to millions of daily attacks, with a peak of 155 monthly security incidents, including failures of standard security components to keep out threats of all kinds. By this time, the state began a more in-depth monitoring for intrusions into the state's network. "What we found was that we were doing OK, nothing great, nothing groundbreaking and nothing newsworthy," Gustafson said. "But as we continued to monitor some key metrics, we learned that the security threats were evolving and our controls would no longer be as effective." A particularly challenging security issue for the state was accessing information from disparate systems or endpoints. "From our... - Hacker News
Microsoft updates EMET anti-hack tool - http://www.zdnet.com/microso...
A new version of the Enhanced Mitigation Experience Toolkit mostly improves compatibility with applications software, and specifically with Java and Chrome. - Hacker News
University "Accept your new raise" Phish - http://garwarner.blogspot.com/2014...
One of the best emails that an employee can get from their employer is the one that tells you that you have been awarded a raise! In certain industries, such as academia, this type of email is quite rare, so you can imagine what welcome news it would be! University Salary Phish Example Phishers have been attacking universities across the country with emails that look like this one (Example email from University of Chicago): ++++++++++++++++++++++ From: employeebenefits@uchicago.edu Subject: Your Salary Raise Confirmation Hello, The University is having a salary increase program this year with an average of 2.5%. The Human Resources department evaluated you for a raise on your next paycheck. Click below to confirm and access your salary revision documents: Click Here hxxp://kirovtourism.ru/www.uchicago.edu/Sign-In.htm to access the documents Sincerely, Human Resources The University of Chicago ++++++++++++++++++++++ Recent reports about Your Salary Raise Confirmation A google search... - Hacker News
Security flaw makes most iPhones, iPads vulnerable to ‘app replacement’ hack - http://www.zdnet.com/securit...
Researchers are warning genuine apps can be easily replaced with fake apps, which can be used to vacuum up a smartphone user's entire store of data. - Hacker News
The Most Overlooked Facet of Cloud Data Protection - http://perspecsys.com/overloo...
Introducing the Missing Third Piece When thinking about protecting data in the cloud, there are three areas of use that security and privacy professionals need to consider: data in motion, data at rest, and data in use. While the first two areas are generally well understood, the third is consistently overlooked. The first area, data […] The post The Most Overlooked Facet of Cloud Data Protection appeared first on Perspecsys. - Hacker News
Is the Information Security Skills Gap misidentified? - http://michaelonsecurity.blogspot.com/2014...
In recent postings, I've touched on the information security skills gap.  Many individuals and groups are pushing the idea that the large number of unfilled information security positions (40% is a number I've seen tossed around) is due to a "skil... - Hacker News
Moving from Windows 8.1 to Windows 10 with a Simple Update - http://windowsitpro.com/windows...
If you chose to deploy Windows 8.1 in your organization, your upgrade to Windows 10 will be much easier. Content Classification:  Curated read more - Hacker News
Is it time to Fire your network protection vendor? - http://blogs.bromium.com/2014...
I hereby solemnly promise that Bromium will never have a product with “fire” in its name.  By now every vendor in the  next-gen IDS / IPS / Firewall / honeypot-as-ultimate-defense-against-the-dark-arts market has a next-gen “fire”-branded product that claims to protect against APTs. “Fire” appliances are easy to sell, so Wall Street swooned for a while. […] - Hacker News
Ninja’s OpenVAS Reporting - http://blog.rootshell.be/2014...
Here is a quick blogpost which might be helpful to the OpenVAS users. OpenVAS is a free vulnerability scanner maintained by a German company. Initiality, it was a fork of Nessus but today it has nothing in common with the commercial vulnerability scanners. OpenVAS is a good alternative to commercial solutions when you need to deploy a vulnerability management process and you lack of a decent … Read More → - Hacker News
Radare – The Reverse Engineering Framework - http://www.darknet.org.uk/2014...
IoT Security Does Not Have to be an Oxymoron – Part 2 - http://blogs.microsoft.com/cybertr...
As my colleague Kevin Sullivan wrote in part 1 of this two-part series, the Internet of Things (IoT) holds great promise for organizations and consumers. But like many new technologies, it brings with it a number of security and privacy challenges. The industry can work to help address many of these challenges by building on some of the lessons learned from decades of experience connecting traditional computing devices to the … Read more » - Hacker News
Obtaining Installation Media for Windows 8.1 - http://windowsitpro.com/windows...
If you need to install Windows 8.1 or refresh a PC already running Windows 8.1, Microsoft has a Media Creation Tool available for downloading the operating system to create installation media. read more - Hacker News
If the US Sneezes, Will APJ Catch a Cold? - https://blogs.rsa.com/us-snee...
Despite hearing news of breaches from several major household brands in the past year alone, recent research in the US has shown that consumers aren’t changing their security behaviors. But does that mean that businesses and consumers in Asia Pacific and Japan (APJ) will follow suit? The results of the US-based Ponemon Institute-developed research are… The post If the US Sneezes, Will APJ Catch a Cold? appeared first on Speaking of Security - The RSA Blog and Podcast. - Hacker News
IoT Security Does Not Have to be an Oxymoron – Part 2 - http://blogs.microsoft.com/cybertr...
How to Test the Security of IoT Smart Devices - http://resources.infosecinstitute.com/test-se...
Just when we thought we had our applications secured, they pull us back in. No, this isn’t a case of directory traversal bugs reappearing in IIS, access bugs resurfacing in Tomcat, or trained... Go on to the site to read the full article - Hacker News
Three Practical steps to help your employees prevent data loss…Part 3 - http://www.clearswift.com/blog...
StingRay Technology: How Government Tracks Cellular Devices - http://resources.infosecinstitute.com/stingra...
StingRay Technology StingRay is an IMSI-catcher (International Mobile Subscriber Identity) designed and commercialized by the Harris Corporation. The cellular-surveillance system costs as much as... Go on to the site to read the full article - Hacker News
Other ways to read this feed:Feed readerFacebook