Dear employer,
I’M A SECUIRTY ENGINEER. THIS IS WHAT YOU PAY ME TO DO. Please allow me to view “hacking” websites, considering it’s part of my effing job description.
kthnxbai
Establishing your social media presence with security in mind
The article starts on page 100 of the pdf and focuses on corporate security. Corporate use of social media brings some interesting risks, ones that traditional security defenses can’t necessarily protect you from.
Reputation damage is by far one of the most interesting risks businesses take in the SM realm, but the only real defense is to admit mistakes quickly, acknowledge a problem and offer effective solutions.
SpinHunters is part of the GNUCitizen network and specializes in reputation protection, which is like PR meets security.
While I’m on the topic, let me put some basic social media security tips out there for the individual.
-Don’t publicize your birthday. Many things require your birthday as a means to access your accounts. Utilities, banking etc. require this information to confirm your identity over the phone. Also, some websites only require a birthday to reset a password.
-Have a default answer for security questions and use it as a second password, not the actual answer to the question. So for example, if the website asks for the name of your first pet or mother’s maiden name to reset a password, use your secondary password as the answer. Extracting things like your first kiss, pet, car, etc. is relatively simple for a social engineer.
-Be aware of who you allow to see profiles where you divulge a significant amount of information about yourself. Examples include facebook and linkedIn. These can include school/work info, birthdays and photos (see: reputation protection). If you are going to add people you don’t know, try to take advantage of the network’s built in secuirty features like limited profiles.
-Be aware of the information you share. These ‘24 things about me’ surveys are a social engineer/phisher’s wet dream.
Article link via Liquidmatrix
JavaScript Encyrption - Take private blog posts to the next level
Check it out, using 256 AES encryption, you can make sure private posts are never crawled by bots, seen by site admins or stored on severs. The decryption is all done in the browser and your post will expire along with the session.
Example, key = C4S9XcRZ: (tumblr users will need to click through, as the javascript is referenced in my template but not the dashboard)
Also note that because tumblr escapes <div> tags out of your custom html, you will need to change the code provided by the encryption program. I just changed the <div> to a <p> tag, keeping the the id and title the same.
It turns into a car if I have to make a quick getaway.
— Obama on the security features of his Blackberry.
via The White House blog
Legal Threats Against Security Researchers
How vendors try to save face by stifling legitimate research
Evidently compiling programs counts as hacking.
So does installing spyware, deleting emails and RDPing into machines. The public perception of info sec. is baffling.
Smooth criminal? No.
A girl in my neighborhood asked me what I do for a living and I jokingly replied that I am a bank robber. If I say “I’m a Security Engineer” people usually assume I am a security guard or install security systems and I’m using a glorified title, kind of like how telemarketers are “Sales Engineers.” Knowing how to compromise bank security: socially, physically, and of course digitally is part of my job description so I use this line to get into the details of my profession.
She looked at me weird, rushed off and hasn’t talked to me since. That was over three months ago. I see her walking her dog when I head to work super early or when I come home late, all on days banks are closed. I try to give her a friendly wave but get ignored. I’m pretty sure she thinks I’m a criminal.
I haven’t had any visits from the police yet, so it may be all in my head.
This underground data center has greenhouses, waterfalls, German submarine engines, simulated daylight and can withstand a hit from a hydrogen bomb. It looks like the secret HQ of a James Bond villain.
And it is real. It is a newly opened high-security data center run by one of Sweden’s largest ISPs, located in an old nuclear bunker deep below the bedrock of Stockholm city, sealed off from the world by entrance doors 40 cm thick (almost 16 inches).
