Last Updated: 2015-03-28 00:59:25 UTC
by Russ McRee (Version: 1)
JS Malware uptick
Feel free to let us know if you've noticed similar, and send along samples via the diary submittal form for comparison (best submitted a password protected zip).
I was interviewed for Episode 411 of Paul Asadoorian's Security Weekly. While I had to often speak in sadly generic and vague terms, a few key takeaways popped out in the conversation.
We all largely agreed that the best tooling and datasets mean nothing when protecting organzations without applied context.
Consider the fact that one of the best ways for a security team to properly design and implement tooling and monitoring is to leverage the network architect to better understand design and layout. This allows goals to be established. Rather than a mission that is based on implementing a tool, the mission should be goal based. What are you trying to protect, not what are trying to install. The premise of operational threat modeling really factors here too. The practice can help prioritize area of importance (avoid boiling the ocean) and allow better goals determination.
Great talking with Paul and team, I appreciate the opportunity.
Wiley is offering a free download (for a limited time) of The Database Hacker's Handbook: Defending Database Servers http://bit.ly/HackersHandbook
GitHub has been under a brutal DDoS attack for 24 hours +.
Keep an eye on https://twitter.com/githubstatus for updates.
Overheard by a pentester after a recent pentest:
Passwords.doc is a bad idea :-)
Have a great weekend!