A Must read Article on one of the Driving forces in the exponential rise in security threats.

A must read article from the UK edition of Ars Technica, a popular technology blog and one of my personal sources for solid tech writing,  (written by ) explores on one of the Driving forces in the exponential rise in security threats in recent years, the development of the zero day marketplace.  I highly recommend everyone read this to get an idea of the scope of the issues when it comes to security in the current technological climate.

 

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.
The rise of the zero-day market – arstechnica.co.uk/

Kill the Password: Why a String of Characters Can’t Protect Us Anymore

One of the seminal articles on passwords and their inherit insecurity, Kill the Password, written by Mat Honan of Wired Magazine,  is one of the most important articles for aspiring admins who have users in their environment with internet access  and the ability to connect to sites and resources online that require authentication.

There are some issues that our current system of internet security have not ironed out and the consequences of leaning and depending on a password for security at any level in the enterprise has known significant risks that must be addressed.

http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/?fb_action_ids=445573275505879,445572958839244

 

Originally Posted (9/3/2013)

Top Five Hacker Tools Every CISO Should Understand

While this Article is geared towards C-level  Information Security Officers, the core values of the article hold and ran are applicable to any professional that has information security as either a direct job  responsibility or as a extended professional concern . Security site tripwire.com brings us a list of their top five “hacker” tools we should all understand. Click here to open the Article in a new window

Just Delete Me Is a Massive List of Links to Close All Your Accounts

Just Delete Me Is a Massive List of Links to Close All Your Accounts

Have you ever signed up for a site or a webapp and had the hardest time trying find a way to get yourself off of that particular site later. Justdelete.me is a site that specializes in identifying the process of liberating your information from various sites around the web and could be an invaluable tool for you. Lifehacker.com (one of my favorite sites on the web) introduced me to this great resource of information and I highly encourage everyone to take a look at their article on just delete me.

Google Drive Now More Tightly Integrated Into Gmail: Lets You Share Files Up 10 GB

One of the main reasons i prefer gmail as my free email account of choice is the improving functionality Google seems to roll out consistently. This expansion of Google drive into gmail is one example, and while I am fairly certain that this will have very limited impact security wise, there should always be a concern when joining an email communication tool like gmail with a cloud storage solution like Google Drive, though the increased potential risks far outstripped by the potential gains.

Security Alert: Wifi Protected Setup Flaw

I just wanted to put this out there for everyone. bit of information out there regarding WPS being cracked and what it means for everyone. I first heard this on the Security Now Podcast Epistode 334,  but Episode 335 has a complete rundown of this wide spread vulnerably. The security Now Podcast does a great job of explaining in detail the entire scope of the problem and is an invaluable learning tool that I can not recommend enough to the full scope of the issue ( hence the links tot he Podcast itself)

This link shows the notification put out by the department of homeland security  regarding this rising threat.

This will link you to a running community compiled spreadsheet of the routers that  are verified to have the susceptible to this WPS attack.
I think the main take away from this as a IT Professional, specifically ones focused in and around networking technologies or in connected environment ( which is essentially everyone training at OSC to varying degrees) is  that security is one of the top if not the top level concern throughout your work cycle.

I suggest that you take your time and familiarize yourself with the ins and outs of your particular method of connecting to to the internet and take the time to secure it alongside any devicies you have on your home networks as well.