SANS ISC StormCast – mention of two new NMAP diary entries which I want to look into more.
Cubicle Sins: 10 Coworkers Who Drive You Crazy – Not quite a LOL article, but we all know those people – I think they forgot the blogger. 😛
HP Plans Split Into 2 Separate Businesses – I think this is great for the enterprise line, which is likely where most of their profit is from. I’m not sure how this will help their consumer line, which frankly I could care less about. I’ve never been impressed with HP, and I kinda regret purchasing a couple of their laptops simply because of price.
AT&T Hit By Insider Breach – AT&T employee improperly accessed personal customer info such as socials, names, addresses, etc. I expect if you are affected, you’ve already been informed via a letter.
Professor Kevin Fu Answers Your Questions About Medical Device Security – This was an excellent Q&A from an expert in the field. Most of the issues here apply to the utility industry with one big exception – the vendors actually care about the issues.
Readable Passphrase Generator – A nice looking plugin for KeyPass to generate a pass-phrase instead of simple passwords or random gibberish. I haven’t tried this plugin, but I use a similar principle when coming up with passwords.
ConEmu – Windows console with tabs – I just downloaded this, and so far I really like it. I constantly have multiple consoles open, sometimes running as other users. ConEmu handles that very well so far. I will put it through it’s paces.
Hackers using Shellshock to spread Kaiten Mac OS DDoS malware – If you haven’t patched your Mac, better do it now!
SC’s article on cyber espionage insurance gives a pretty good summary of what this type of insurance is and why you might need it.
Project SHINE Reveals Magnitude of Internet-connected Critical Control Systems – No real surpise here other than the sheer magnitude of stupidity when it comes to connecting control systems and devices to the internet. If I was a CIO and discovered my company had done this, someone would be fired. Here’s a awesomely scare animation of the results: https://ics-radar.shodan.io/
Here’s an even scarier map – the NORSE Attack Map is a graphical representation of a small percentage of attacks processed by their IPS platform. I don’t think a computer could keep up with a complete representation.
Shellshock-like Weakness May Affect Windows – looks like this has been possible for a long time, but I’m not sure how technically feasible it would be for a non-admin to exploit. My question – how would one audit insecure use of environment variables?