A basket of interesting security articles

A few things that have crossed my desk:

Social engineering framework

An wiki site that has a host of details around social engineering.  The site is certainly a worthwhile bookmark as it has great details on each category (such as pretexting) and common vectors of attack.  This would be a useful site to leverage when considering training and communication materials within corporations.

Direct Link to the Social Engineering Framework


This tool is an installable Firefox plugin that allows users to ‘sniff’ an open network and capture / hijack in-secure web site connections.  The proof is demonstrated with such popular sites as Facebook and Flickr.  Certainly worthwhile checking out the author’s site, slides from ToorCon 12.  This is not a vulnerability in encryption, but one of deployment decisions.  The attack vector and ability to execute this attack has always existed, the author simply has created an elegant piece of code to show it in a simple form.

Check out the site from the author here.

Hoff’s write up on Too Much Security .. Cloud

Hoff wrote a post on October 17th that has had me thinking intently on the concept that Cloud infrastructures and ecosystems are layered with a multitude of security technologies, and this can be both good and bad.  Good as in the old onion defense, and bad in the natural result of too many buttons to hit and gears to move with few hands and eyes.  Check out his article and continue the discussion on his site – exceptional perspective and has plenty of impact to those trying to attest to an environment’s security and the operator’s ability to balance security / agility.

Link to Hoff’s article

Cheers to all, and apologies for the sabbatical.  I launched a new adventure with a new firm and the worldwide whirlwind has been all absorbing.  I have landed now, and with feet on the ground back to posting practical thoughts and useful snippets as they come across my screen.  To that point, I will still have a heavy focus on all things information technology security and controls – PCI, NERC 4.0, ISO 27002, etc…  I will also aim to publish non-technical writings.  So with that… Looking forward to hearing your opinions and continuing the dialogue,

James DeLuccia

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s