Archive for March, 2016

RSAC 2016 Reading List

Friday, March 4th, 2016

Hello one and all, and I hope you’re in a security frame of mind. Here’s a list of things to read up on, as recommended by presenters at RSA Conference 2016: free proxy server for home use from Blue Coat. I’m using it now. Although I needed to open up YouTube for personal use, I like knowing that it’s leveraging that vendor’s ability to block malicious content. Proxies aren’t just for kids anymore. Every layer of personal security helps.

The Security Awareness Company: Lots of free stuff here, including humorous parody videos. Worth a visit or three, and there may be something useful for your enterprise here.

Google Hacking for Penetration Testers: A very juicy PDF with information on how to Google things up like you never dreamed possible. If you like it, consider buying the book.

How to Fool a GPS: suggested in the session that dealt with hacking the XBEE traffic in a commercial drone.

Janell Burley Hofmann’s Contract: This is for the kids and their parents. Parents would do well to sign a slightly modified version of the contract.

SFS.Gov: Instead of having ROTC pay for college, how about getting the NSF to pay, with the students working in the US Government cyber-security services after graduation? An excellent way to start a career in security.

CERT Guide to Insider Threats: PDF of contents, index, and sample chapter. If you want a complete picture of security, you need to look at the threat within, and the authors of this book really know their stuff.

ICS CERT Summary of Ukraine Power Grid Hack: Nice summary, should get you thinking, hopefully researching on this matter further. The means by which the hack was accomplished was not all that difficult to mitigate.

ASD Top 4 Mitigation Strategies: Your firm would do well to adopt these as standards.

I hope this helps you all to have some very paranoid fun.