After a great time in Nashville (minus all the problems caused by snow the week prior) I’m heading to Toronto to teach another round of 566. If you are looking to implement or audit the 20 Critical Controls, you need to register for this class. The SANS material is excellent and gives you plenty of tools to start the process on your own. The Toronto course runs April 13-17, details here.
Tag educational
Teaching Update
A quick teaching update. SANS MGMT512 in Ottawa/Gatineau was a great group last month, thanks to those of you who attended. If you’re interested in implementing the 20 Critical Controls, I’ll be teaching SANS SEC566 (Implementing and Auditing the 20 Critical Controls) in Nashville starting March 9. If you’re in Canada, watch for Canadian events coming soon.
Securosis Blog | Building an Enterprise Application Security Program: Use Cases
This looks like it is going to be a great blog post series.
Securosis Blog | Building an Enterprise Application Security Program: Use Cases.
The 5 Biggest Cybersecurity Myths, Debunked | WIRED
This is my favourite –
Myth #3 This Is a Technology Problem
via The 5 Biggest Cybersecurity Myths, Debunked | Opinion | WIRED.
What are you doing? – DSEncrypt Malware | FireEye Blog
“Have you ever downloaded and installed a large Android application that had very few actual UI elements or functionality? Recently, FireEye Labs mobile security researchers have discovered a new kind of mobile malware that encrypts an embedded Android application with an attachment in an asset folder – concealing all malicious activities within a seemingly benign application.”
Understanding Role Based Access Control: Advanced Concepts
This hits the nail on the head – “There are many systems which contribute to roles and privileges, so what may seem basic in theory is often quite complex in practice.”
Securosis Blog | Understanding Role Based Access Control: Advanced Concepts.
A Little Bird Told Me: Personal Information Sharing in Angry Birds and its Ad Libraries | FireEye Blog
This is a really good analysis of what a mobile app is collecting and sharing.
Want to Know How a RAT Works?
This article does a really good job of breaking down a common Remote Access Trojan (RAT). If you’ve never seen a deep dive like this I highly recommend you take a look.
XtremeRAT: Nuisance or Threat? | FireEye Blog.
Friends Don’t Let Friends Mix XSS and CSRF – from The State of Security
This is a good article that explains the difference between cross site scripting attacks and cross site request forgery attacks.
Friends Don’t Let Friends Mix XSS and CSRF | The State of Security.