Tuesday, January 7, 2014

Finalized: January InfoSec Links

Security

Researcher gets hacked and details how he investigated, mitigated, and responded to it.  Enjoyable 'mea culpa.'
https://securosis.com/blog/my-500-cloud-security-screwup

Sigh...It's not just Target that was a target over the holidays:
http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/

Krebs gets the details on how Target was compromised.  Malware on each POS relaying data back to the attackers:
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

Cryptography

Interesting perspective on RSA and NSA kerfuffle.  Emgage the community around RSAC to counter the actions of the company, RSA.
http://www.mckeay.net/2014/01/06/still-going-to-rsa/


CryptoLocker's new Sibling PowerLocker.  Back...up...everything:
https://www.schneier.com/blog/archives/2014/01/powerlocker_use.html

Privacy

Essay on Twitter's block/unfollow implementation. Serious insight into how public services chose to protect user privacy:

Well reasoned counter-arguments to the surveillance state excuses:
http://addxorrol.blogspot.de/2014/01/why-intelligence-reform-is-necessary.html

Internet governing bodies meet to discuss how to fight pervasive monitoring (seen as an attack on the internet):
https://www.w3.org/2014/strint/

Privacy concerns from Angry Birds?  Why aren't customer usage statsencrypted?  Anyone could read this information...
http://www.theregister.co.uk/2014/01/27/leaking_smartphone_apps_nsa_gchq/

Training

Matasano teams up with Square (the Credit Card Merchant Aggregators) for an exploit CTF through a web browser:
http://www.matasano.com/matasano-square-microcontroller-ctf/