Thursday, March 12, 2015
Updated CISSP Domains
- Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
- Asset Security (Protecting Security of Assets)
- Security Engineering (Engineering and Management of Security)
- Communications and Network Security (Designing and Protecting Network Security)
- Identity and Access Management (Controlling Access and Managing Identity)
- Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
- Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
- Software Development Security (Understanding, Applying, and Enforcing Software Security)
Saturday, August 02, 2014
TECH NEWS RADIO PODCAST #373 | 2014-08-02 | NMAP #DDOP
Friday, May 30, 2014
Tracking News Related To TrueCrypt
Here are some links to stories about TrueCrypt shutting down:
- Reddit's SysAdmin
- Reddit's NetSec
TrueCrypt is a key tool in our toolkit for protecting data and we use it everyday. If it is actually going to go away then it will leave a big whole in end-user security options for data encryption.
Monday, August 12, 2013
DEFCON 21 (and 20 oops!)
We have a detailed report (PDF) from the sessions attended if you are interested. Just drop us an email to get the full report or a request via message on Twitter. A podcast summary is planned but not promised at this time.
Things that we are "worried about" from an Enterprise computing perspective:
- Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
- You can't secure what you don't manage.
- Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
- USB is not your friend.
- Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
- Cloud computing could be your friend but probably won't.
- Developers writing code for an organization without a security focus is just asking for trouble.
- If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
- In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.
Saturday, September 10, 2011
Updates from Twitter - iPad, DEFCON 19, Podcasts, Mobile, Amazon, Etc
The following items were recently posted on @technewsradio:
- USB hub allows simultaneous syncing of 49 iPads http://t.co/OO9H7HW
- DEFCON 19 Podcast Review #security #news #research #hacker #conference http://t.co/rbCr7hK
- SpokenWord.org gets about 1000 new programs every day & they are looking for curators of categories to make the content more organized
- BigBlueButton is a open source collaboration and training system that integrates a bunch of open source projects http://t.co/mEL5dDS
- PC World has more details on the recent news from Qualcomm about their planned updated Snapdragon mobile processor http://t.co/lQQO8y4
- YouTube has a great overview presentation on how "Prezi for iPad" works http://t.co/sHFJBSo
- Amazon EC2 is now supporting Virtual Machine (VM) Import to Amazon EC2 instances http://t.co/35n2UtJ
- IObit has announced a freeware version of Game Booster v2 for Windows that is geared for improving game performance http://t.co/Q0lWB4D
- Via Box.net ... you can get e-signatures features via DocuSign services integrated with documents stored on Box.net
- Getting started with project management? - "scope, time & "cost" - a good reference at Wikipedia http://t.co/oVIzQIX
- "Heroes of the Computer Revolution" original book looked at hackers & nerds from the late 1950s to the early 1980s http://t.co/H4Vz2kM
- arborjs.org - a graph visualization library using web workers and jQuery http://t.co/Zao0gyv
Monday, August 22, 2011
DEFCON 19 Podcast Review
DEFCON 19 was in Las Vegas, NV from August 4-5, 2011. This yearly computer network security and hacker conference is full of cutting-edge research, detailed demos, awesome presentations, and a lot of partying. The podcast coverage was pretty good also. Here are my recommendations:
- Network Security Podcast
- Southern Fried Security Podcast: #59 Defcon Review
- Social-Engineer.Org: Live at Defcon 19
- PaulDotCom Security Weekly - Episode 254 Part 2 (08-11-2011) [wiki]
- Exotic Liability: #78 Con-dom
- Eruo-Trash Information Security Podcast
If you are interested in hearing my thoughts about DEFCON 19 then check out the PaulDotCom.com podcast (08-11-2011). I am the boring "IT Guy" trying to avoid the topic of "hot" women visiting the PaulDotCom.com booth. If you'd like to see a copy of my notes (13+ pages) then drop me a personal email to: "s h o l d e n @pobox.com."
Another Week Of Recommended Podcasts Worth A Listen
- MacCast 2011-07-26: Review of Apple Mac OS X Lion Release (News, Tips & Tricks)
- Author Debriefing (August 16, 2011) - The Triple Agent: The al-Qaeda Mole Who Infiltrated the CIA
- Southern Fried Security Podcast: Interview with Andy Ellis @CSOAndy [#58] & Interview with Rich Mogull [#57]
- IT Pro Show by Same3Guys: Detailed look at OpenStack
- KPBS Midday Edition: Social Media - Can It Keep You From Getting A Job?
- This Week In Google (TWIG) #108: Excellent coverage of the Google & Motorola News
Saturday, August 20, 2011
TECH NEWS RADIO PODCAST #372 | 2011-08-20 | Browser Phishing, National Cyber Range & Microphone Hijack
Listen! (Size 2.9 MBs, Running Time 2m57s)
Today's podcast examines three stories about computer network security:
- New browser tab and window phishing attack threats.
- Barry Rosenber at Federal Computer Week examines DARPA's National Cyber Range plans.
- Tim Wilson at DarkReading.com has coverage of new microphone hijacking attack options.
Saturday, May 07, 2011
@technewsradio Roundup Posts for May 7th, 2011
The following is a summary of @technewsradio posts to Twitter:
- ASIS Bookstore (security pro organization) has announced over 26 new books via their online store
- SWFTools is a collection of open source utilities for working with Adobe Flash files (SWF files)
- Amazon online cloud services has a bunch of demos available - including Travel Log (Sample Java Web Application)
- Google has fixed a SketchUp 8 "dreaded shadow bug"
- Franklin Covey's PlanPlus for Outlook (version 7) is now on sale for $80 (vice $100)
- Looking for a open source mind mapping tool? Then check out Free Mind
- Microsoft Press has announced 3 more books in their Step By Step series: Microsoft Word 2010, Excel 2010 & Project 2010
- Wired.com has an interesting article "Wired—Geek Power: Steven Levy Revisits Tech Titans, Hackers, Idealists"
- Listening to "A Witness to a the Egyptian Revolution" by Doug Kaye (Executive Director, The Conversations Network) via http://bit.ly/i35GC7Delete
- Per Kevin Devin at FriendsInTech.com - A good tool for finding Creative Commons (CC) images on Flickr is here http://bit.ly/gOtgMPDelete
- the Microsoft & Nokia deal seems to leave HP WebOS, BlackBerry, and Intel out of the loop with Apple (#2) & Android (#1) being top dogsDelete
- red5 is an open source audio/video (FLV & MP3) server that also supports H.264
- Steven Levy's classic "Heroes of the Computer Revolution" has a new 25th Anniversary Edition
Tuesday, July 13, 2010
TECH NEWS RADIO PODCAST #369 | 2010-07-13 | OpenOffice.org News
Listen! (Size 3.0 MBs, Running Time 2m58s)
Today's podcast examines some recent news from OpenOffice.org that Petroleo Brasileiro SA is rolling out a big BrOffice.org deployment to over 90,000 systems; and that v3.21 of Open Office has been release with v3.3 expected this Fall 2010. Two additional links mentioned in this podcast include: Open Document Format (ODF) and Oracle.