One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 787114 |
| Date de publication | 2018-08-31 13:00:00 (vue: 2018-08-31 16:02:48) |
| Titre | Things I Hearted this Week, 31 Aug 2018 |
| Texte |
After a week in Vegas for Blackhat, and then a week’s vacation, I’m back with your favourite dose of security roundup. Giving you the security news and views you deserve, not need.
So, let’s just jump into it and make up for lost time.
Adventures in Vulnerability Reporting
Discovering vulnerabilities and getting rewarded for bugs is the new hotness. Being new, there are many teething problems as organisations and researchers struggle to get on common grounds as to how to best disclose them.
Natalie Silvanovich of Google’s Project Zero has documented her adventures and an example of a particularly poorly conceived vulnerability disclosure process in this blog:
Adventures in vulnerability reporting | Project Zero
Natalie raises some very valid points in her post about how researchers will sometimes abandon the disclosure process altogether if it becomes frustrating. As we saw when a Microsoft Windows 0day was disclosed unceremoniously through Twitter.
Microsoft Windows zero-day vulnerability disclosed through Twitter | ZDNet
And while we’re on the topic of vulnerabilities, Adrian Sanabria drops the truth (with stats) on patching. You should always patch when you can, but when you can’t, you need a plan B.
Another Year, Another Critical Struts Flaw | Nopsec
Twitter Bots
Twitter bots are spoken about frequently, usually in the same breath as fake news or disinformation. But how big a problem are bots, and do they actually influence public opinion or are they merely trolls?
The good folk over at SafeGuard cyber may be able to shed some light on it with a detailed report that looked at over 300k bots and tracked their behaviour and tactics - providing an analysis of how bots are deployed to reshape public perception.
How Russian Twitter Bots Weaponize Social Media | SafeGuard Cyber
A True Password Manager Story
I can neither confirm nor deny that I’ve ever blamed Graham Cluley for anything… but this is a good post by Stuart on the trials and tribulations of adopting a password manager.
I’m OK, but Graham Cluley made me do it | Hidden Text
While we’re discussing passwords, a different Stuart has written a very open and honest discussion on the use of two-factor authentication. It’s well worth a read.
Before You Turn On Two-Factor Authentication… | Stuart Schechter, Medium
Probably The Best Tech Keynote in the World
I’ll be honest, up until a couple of weeks ago, I hadn’t heard of James Mickens who is a professor at Harvard University.
I watched his keynote presentation at Usenix, and haven’t been this entertained and captivated by a technology talk in … well, never.
It’s well worth carving out 50 minutes out of your day to |
| Envoyé | Oui |
| Condensat | “the 0day 2018 300k abandon able about account actually adopting adrian adventures after ago altogether always amin analysis another any anything… approach are around attributes aug authentication authentication… back bad balance because becomes been before behaviour being best better big blackhat blamed blog: bots breath bring bugs built busy but buyers can can’t captivated career carving cluley common companies components conceived confirm connected connecting couple critical cso currently cyber cybersecurity dark day decisions deny deployed deserve detailed device different disclose disclosed disclosure discovering discussing discussion disinformation documented doesn't dose drops entertained entitled ever example factor fake favourite flaw folk following frequently frustrating fun get getting giving good google’s graham grounds habit hadn’t harvard has have haven’t heard hearted her hidden his honest hotness how hype i’ll i’m i’ve importance important improvement improving industry influence infosec infrastructure isn't it’s its james jobs jump just keep keynote let’s life light live lives looked lost made make manager many marketing may media medium merely mickens microsoft minutes models more most natalie need neither never new news none nopsec nor not one online open opinion organisations out over overhaul particular particularly password passwords patch patching perception personal plan platform platforms play plug points poor poorly possible post presentation probably problem problems process product products professor profit: project providing public raises read reading related report reporting researchers reshape rewarded role roundup russian safeguard same sanabria saw schechter security shares shed should silvanovich smashing social solutions some sometimes somewhat speakers spoken stack stats story struggle struts stuart suggesting supports tactics take talk tech technology teething text them then things through time times tips toll topic tracked trials tribulations trolls true truth turn twitter two unceremoniously university until use usenix usually vacation valid vegas very views vulnerabilities vulnerability watch watched way we’re weaponize week week’s weeks well wellbeing when wherever who whole why will windows working world worth written year your zdnet zero |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.