A few things that have crossed my desk:
Social engineering framework
An wiki site that has a host of details around social engineering. The site is certainly a worthwhile bookmark as it has great details on each category (such as pretexting) and common vectors of attack. This would be a useful site to leverage when considering training and communication materials within corporations.
This tool is an installable Firefox plugin that allows users to ‘sniff’ an open network and capture / hijack in-secure web site connections. The proof is demonstrated with such popular sites as Facebook and Flickr. Certainly worthwhile checking out the author’s site, slides from ToorCon 12. This is not a vulnerability in encryption, but one of deployment decisions. The attack vector and ability to execute this attack has always existed, the author simply has created an elegant piece of code to show it in a simple form.
Hoff’s write up on Too Much Security .. Cloud
Hoff wrote a post on October 17th that has had me thinking intently on the concept that Cloud infrastructures and ecosystems are layered with a multitude of security technologies, and this can be both good and bad. Good as in the old onion defense, and bad in the natural result of too many buttons to hit and gears to move with few hands and eyes. Check out his article and continue the discussion on his site – exceptional perspective and has plenty of impact to those trying to attest to an environment’s security and the operator’s ability to balance security / agility.
Cheers to all, and apologies for the sabbatical. I launched a new adventure with a new firm and the worldwide whirlwind has been all absorbing. I have landed now, and with feet on the ground back to posting practical thoughts and useful snippets as they come across my screen. To that point, I will still have a heavy focus on all things information technology security and controls – PCI, NERC 4.0, ISO 27002, etc… I will also aim to publish non-technical writings. So with that… Looking forward to hearing your opinions and continuing the dialogue,