It’s August already. The kids are off on their summer vacations telling me how bored they are every 5 minutes, and the annual security gathering in Las Vegas of Blackhat, Defcon, and BsidesLV is all but upon us.
There will be no recap next week because I’ll probably be getting ready to fly home - but normal service should resume the following week.
The Red Pill of Resilience in InfoSec
Another insightful write up by Kelly Shortridge, which happens to be the full text of her keynote on resilience. It touches on, and expands many concepts to uncover what it really means to be resilient in infosec, and what the industry can do.
- The Red Pill of Resilience in InfoSec | Medium, Kelly Shortridge
The Verizon Data Breach Report has become the staple go-to report for security professionals wanting to understand the breach landscape. But a once-a-year report is usually too long for most of us to wait to see what’s new.
So the good folk have created an interactive portal where you can explore the most common DBIR patterns.
- VDBIR Portal | Verizon enterprise
Reddit disclosed a breach and say they’re still investigating. It appears that the attacker was able to bypass SMS-based two-factor (two-step) authentication.
It’s worth revisiting this blog by Paul Moore on the difference between two-factor and two-step authentication.
Alex Stamos off to Academia
Facebook chief security officer Alex Stamos is leaving the social network to work on information warfare at Stanford University. The social network has not named any replacement.
- Facebook's security boss is offski. Not to worry, it has 'embedded security' in all divisions | The Register
CISCO + DUO = DISCO!
Cisco has announced it will be acquiring DUO Security for $2.35bn in cash it found lying behind the sofa.
- Cisco is buying Duo Security for $2.35B in cash | Tech Crunch
Amazon’s face surveillance technology is the target of growing opposition nationwide, and today, there are 28 more causes for concern. In a test the ACLU recently conducted of the facial recognition tool, called “Rekognition,” the software incorrectly matched 28 members of Congress, identifying them as other people who have been arrested for a crime.
Part 3 of an ongoing series of articles by Tanya Janca on secure system development lifecycle. Worth reading all parts with fun titbits such as, Threat modelling (affectionately known as ‘evil brainstorming’)
- Pushing Left, Like a Boss: Part 3— Secure Design | Medium, Tanya Janca
Other stories from broader tech and beyond that I enjoyed reading this week
- When a stranger decides to destroy your life | Gizmondo
- Meet the Anarchists Making Their Own Medicine | Motherboard
- How an Ex-Cop Rigged McDonald’s Monopoly Game and Stole Millions | The daily beast