A great article from Sophos Naked Security Blog. It is a must read to understand, yet another SSL vulnerability. You will also see why learning a bit more about crypto is necessary to understand such attack. It does bring the knowledge you learned in the Cryptography domain to good use.
This is the official VUPEN Vulnerability Research Team blog covering technical analysis and advanced exploitation of critical vulnerabilities on Windows, Linux, and Mac OS X. They are the one of the most active team in the world when it comes to finding zero day vulnerabilities.
People are not proactive, they are reactive and sometimes plain negligent. There are still people and even people who are working in security that have not heard of Heartbleed and they don't even know what it is. Opportunities for the crackers for sure....
Great paper from IOActive on weaknesses within key satellite communication systems.
The following courses are available through Idaho National Laboratory NSTB program.
ISA certification provides an objective, third-party assessment and confirmation of a person’s skills, and gives them the opportunity to stand out from the crowd and be recognized.
SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is equipping security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills needed
The information security field is full of certifications – CompTIA, GIAC, CHE, ISC2 CISSP, CISM, with a vast number of areas and directions within these families. In the industrial space, the most “unsecured” enterprise sector compared to well-established information security practice
More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week.
Another great video by Sam Bowne on how to exploit IP V6 vulnerabilities.
Acunetix is once again confirmed as one of the leaders in web application scanning with a 100% detection accuracy and 0% false positives for Reflected Cross-Site Scripting and SQL Injection vulnerabilities, together with a leading WIVET assessment score.
This is Domain 3 of the CompTIA Security+ CBK. It is 21% of the exam.
The NVD was established in 2005 to provide a U.S. government repository of data about software vulnerabilities and configuration settings