Use Goohackle as a quick and dirty deconfliction tool
Defense _is_ sexy

Top 5 #InfoSec Reads: May 27-June 4

APWG and Cyveillance publish phishing reports,  data protection for mobile users on an SD card, Steve Albini on music and copyrights, and a web hacking methodology are this week's Top 5 #infosec reads.

APWG Publish Global Phishing Survey H2 2014

Another fine study by Greg Aaron and Rod Rasmussen. Quick and sobering statistics: Phish domains at all time high. Top 10 most phished brands are attacked relentlessly but phishers are attacking more brands than ever. Phishing attack uptime increased. Phishing in new TLDs began slowly but is increasing. 

Cyveillance Phishing Report: Top 20 Targets - May 25, 2015

Cyveillance produces a weekly Top 20 most targeted brands, so this is a useful report to visit regularly. This week, AOL, Apple, Paypal, Google and Dropbox filled the Top Five. This report is  an indicator of weekly activity. How about business segments? Payment systems rank number one. 

Google’s Project Vault is a secure computing environment on a micro SD card, for any platform

Vault is Google's attempt to provide secure OS with data privacy and protection features on an SD card. Google chose SD so that the OS could be used in mobile devices, especially phones. Vault complements the security features embedded in mobile phone for mobile operator use by providing a similarly secure environment for data users want to safeguard. Google's releasing an open source development kit and an enterprise product first, with a consumer product soon to come.

Steve Albini: The music industry is a parasite... and copyright is dead 

Why is an article about copyrights a top infosec read? Because the music industry has enormous influence in policy and legislation and many bills (SOPA, CISPA, etc.) that security communities worldwide criticize as ill conceived, impossible to implement, or riddled with unintended consequences have origins in the music industry. Why this article in particular? Because Steve Albini is informed, factful, andadmirably frank. I like frank.

GironSec's Web hacking 101

Joe Giron hosts a white paper at that describes a methodology for tactical web application penetration. The methodology describes the sequence of pen testing actions that will rigorously examine all elements of a web application and hosting environment. Giron does a nice job of explaining not only the automated aspects of the pen test, but the manual (question asking) aspects as well. Where applicable, Joe helpfully includes links for selections of pen testing utilities that can be used to complete the phase. Use ethically please.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)