This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-02T16:13:26+00:00 www.secnews.physaphae.fr UncommonSenseSecurity - Blog Uncommon Sense Security 2021-06-21T09:00:56+00:00 http://blog.uncommonsensesecurity.com/2021/06/ten-years-how-time-flies.html www.secnews.physaphae.fr/article.php?IdArticle=2959535 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2021-01-25T10:13:55+00:00 http://blog.uncommonsensesecurity.com/2021/01/finally-results-of-employer-support.html www.secnews.physaphae.fr/article.php?IdArticle=2242224 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security The survey is here]]> 2020-12-01T15:39:14+00:00 http://blog.uncommonsensesecurity.com/2020/12/are-you-getting-support-you-need.html www.secnews.physaphae.fr/article.php?IdArticle=2070910 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security Tenable. I have worked at Tenable for nine years, and they have always been extremely supportive of my community projects and volunteerism, including Security BSides, The Shoulders of InfoSec, The InfoSec Burnout Project, and this exploration of education in our industry. My lawyer would probably like me to add that my community and volunteer work is done through Tiki Tonk, LLC.]]> 2020-04-07T11:55:51+00:00 http://blog.uncommonsensesecurity.com/2020/04/quotable-quotes.html www.secnews.physaphae.fr/article.php?IdArticle=1642966 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security https://1drv.ms/x/s!ADU9TlQrSzm4h8cc And here's a .csv https://1drv.ms/u/s!ADU9TlQrSzm4h8cd If you play with the data and decide to do anything with it, please let me know so I can share it here and elsewhere. The survey is still open at https://docs.google.com/forms/d/e/1FAIpQLSfztzGL2ludN9qm7dAcOb6bjUy_Y9WCwHtJd0kg6MlSn4WAHQ/viewform, I will share more data files once the results have grown enough to be significant beyond this set of 438 respondents. ]]> 2020-03-30T14:51:39+00:00 http://blog.uncommonsensesecurity.com/2020/03/and-heres-raw-data.html www.secnews.physaphae.fr/article.php?IdArticle=1628785 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2020-03-30T14:12:50+00:00 http://blog.uncommonsensesecurity.com/2020/03/a-few-more-numbers-and-thats.html www.secnews.physaphae.fr/article.php?IdArticle=1628786 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2020-03-25T13:43:49+00:00 http://blog.uncommonsensesecurity.com/2020/03/initial-survey-demographics.html www.secnews.physaphae.fr/article.php?IdArticle=1619719 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security Which non-security certifications have you earned (current or lapsed)? Please add certs not listed under “Other”.Have you done any of the following self-study or non-traditional training? Please use the “Other” option to add other methods.These answer say a lot about many people drawn to the security realm, we study and learn in a wide variety of ways. As the past NOC lead for a hacker con, I am really pleased to see so many folks helping run networks at events, it is a great way to help the community, and to learn in the process.  The survey is still open, and the answers keep coming in. Next week we will take a look at demographics.]]> 2020-03-20T14:21:17+00:00 http://blog.uncommonsensesecurity.com/2020/03/certifications-and-self-study.html www.secnews.physaphae.fr/article.php?IdArticle=1609996 False Guideline None None UncommonSenseSecurity - Blog Uncommon Sense Security Question two is "What is the highest level of formal education you have achieved?"And here Jay has compared the first two questions:And jumping ahead, question nine is: "If you are a recruiter or hiring manager, do you require degrees for candidates in infosec/cybersecurity roles?"More to come later this week.Note: this post is cross-posted from the project website at https://www.careerstudy.org/]]> 2020-03-20T13:43:52+00:00 http://blog.uncommonsensesecurity.com/2020/03/well-it-says-lot-of-things-and-as.html www.secnews.physaphae.fr/article.php?IdArticle=1609936 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security https://docs.google.com/forms/d/e/1FAIpQLSfztzGL2ludN9qm7dAcOb6bjUy_Y9WCwHtJd0kg6MlSn4WAHQ/viewform And please share the survey with anyone or any group you feel may be appropriate so that we can gather more responses and gain more insights.]]> 2020-03-06T08:47:19+00:00 http://blog.uncommonsensesecurity.com/2020/03/survey-on-degrees-and-education-in.html www.secnews.physaphae.fr/article.php?IdArticle=1584679 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2017-12-21T12:47:28+00:00 http://blog.uncommonsensesecurity.com/2017/12/blog-ified-tweetstorm.html www.secnews.physaphae.fr/article.php?IdArticle=453994 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security Jack]]> 2017-04-04T11:08:36+00:00 http://blog.uncommonsensesecurity.com/2017/04/doing-it-wrong-or-us-and-them.html www.secnews.physaphae.fr/article.php?IdArticle=360974 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security In a world where most of us face a constant threat from phishing we need to better educate folks, and we need to make it easier to be secure. And since the latter isn't that easy, we need to teach better. Also, “don't click stuff” really defeats the point of the web, so while I understand the sentiment, it is not practical advice. The padlock can mean a variety of things, but what it really signifies is that your web traffic is encrypted. It does not mean that all of the traffic on the page is encrypted, or that it is encrypted well. It also doesn't assure you that the traffic isn't being decrypted, inspected, and re-encrypted. Or maybe it isn't encrypted at all and someone just used a padlock as a favicon on the website (this varies somewhat by web browser). The padlock doesn't prove the identity of the site owner unless it is an EV(extended validation) certificate, and even then the validation is imperfect. When we just say “look for the padlock” we are giving people bad information and a false sense of security. It makes us less secure, so we need to kill this message. Even though it isn't entirely true if we are going to oversimplify this I think we're better off telling folks that the padlock doesn't mean a damn thing anymore, if it ever did. While we're on the subject of browsers, you know the average computer user is just trying to do something, so the warnings they see are mentally translated to “just keep clicking until we let you go where you want”. I did find a few things which made me think of typical browser warnings: This means it's OK to trespass up to this point, but no further? Is that like this website is unsafe? No, because if you look around this sign you can see the end of the pier is missing, if you click past the browser warning you will not fall into the ocean. And this, you know what it means, but what does it say? That's right, it says don't P on the grass. Just because you know what something means does not mean you can assume others do, we need to do a better job of explaining things. Reminding folks of the invention of indoor plumbing when what you want is to keep cars off the grass, sounds like a browser warning to me. ]]> 2017-03-24T13:21:06+00:00 http://blog.uncommonsensesecurity.com/2017/03/i-thought-everyone-knew-this-by-now.html www.secnews.physaphae.fr/article.php?IdArticle=360975 False None APT 32 None UncommonSenseSecurity - Blog Uncommon Sense Security 2017-03-23T13:16:19+00:00 http://blog.uncommonsensesecurity.com/2017/03/wheres-jack.html www.secnews.physaphae.fr/article.php?IdArticle=360976 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security Spaf has written eloquently on the passing of Kevin Ziese, Howard Schmidt, and Becky Bace. I never met Kevin, and I only met Howard a couple of times, but I know of them and their impact on our industry and people in our field. Becky had become a friend over the past several years, and her loss has hit me hard. Becky has a long and storied history in InfoSec and cybersecurity (and damn, could she tell great stories). Becky was instrumental in nurturing the fledgling fields of network analysis and IDS when she was at NSA, but more importantly than her technical work she was  a great friend and mentor to so many in our field that it is hard to overstate how many people she touched in her life and career. For a glimpse into what Becky was like, check out Avi's very personal and touching remembrance of meeting Becky. Once again, we take time to remember lost friends. While natural to mourn their passing we must remember that there are still many in our communities who need the kind of friends and mentors that Kevin, Howard, and Becky were to those of us who knew them. It is our responsibility to them and many others we've lost in our young field to remember them, but more importantly to fill those roles of friends and mentors to those who never knew them.   Jack]]> 2017-03-19T23:06:07+00:00 http://blog.uncommonsensesecurity.com/2017/03/on-loss-and-responsibility.html www.secnews.physaphae.fr/article.php?IdArticle=360977 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 10 Ways for a conference to Upset their speakers on his blog. I mostly agree with Troy's list and it adds to my series of rants about conferences from last fall. It's worth a read if you are interested in conferences and speaking and you haven't  already read it.   Jack]]> 2017-02-01T11:56:53+00:00 http://blog.uncommonsensesecurity.com/2017/02/what-upsets-troy-hunt-about-conferences.html www.secnews.physaphae.fr/article.php?IdArticle=360978 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2017-02-01T06:11:06+00:00 http://blog.uncommonsensesecurity.com/2017/02/a-few-words-about-ovarian-cancer.html www.secnews.physaphae.fr/article.php?IdArticle=360979 False Guideline None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016 was a rough year for many of us and 2017 is presenting us with new challenges, but (forgive my optimism) together we can make things suck less, personally and professionally. For me 2017 is about friends old, new, and as yet unmet. I still love technology, I love abusing technology and solving problems with technology, but this year is about people. I'll be at most of the usual events, and a lot of smaller ones, all around the world. If our paths cross please find me, say hello, maybe share coffee or a cocktail and conversation. I was recently at Shmoocon, it is an event I have always enjoyed and this year it was especially good to reconnect with the Shmoocon crowd as I started my return to being active and engaged on the road. I'll be at BSides San Francisco and RSA in a couple of weeks, after that I'm regrouping before hitting the road again, but more on that later. Thank you Jack]]> 2017-01-31T12:42:49+00:00 http://blog.uncommonsensesecurity.com/2017/01/thank-you-is-not-enough.html www.secnews.physaphae.fr/article.php?IdArticle=360980 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016-10-26T13:57:06+00:00 http://blog.uncommonsensesecurity.com/2016/10/wrong-about-presentations.html www.secnews.physaphae.fr/article.php?IdArticle=360981 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security Tales of the Cocktail, a site you would expect me to link to from my, ahem, travel blog. This article is specifically about submitting a cocktail seminar to Tales of the Cocktail, but several points in the list of seventeen items apply to a wide variety of events, regardless of topic or venue. Also, it has been said many times by many people and in many ways- one of the best tips for getting your proposal accepted at any event is to follow the rules. Really, read the rules/guidelines for submission, and follow them.  Also, submit early.  Most event reviewers are volunteers and do it in their spare time, something which gets scarce when the deadline approaches.  Submit early and you're more likely to get non-bloodshot eyes looking at your paper.   Jack]]> 2016-10-13T14:08:46+00:00 http://blog.uncommonsensesecurity.com/2016/10/relevant-to-my-rants.html www.secnews.physaphae.fr/article.php?IdArticle=360982 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016-10-07T13:46:06+00:00 http://blog.uncommonsensesecurity.com/2016/10/wrong-about-conferences-part-3.html www.secnews.physaphae.fr/article.php?IdArticle=360983 False Guideline None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016-10-06T12:11:14+00:00 http://blog.uncommonsensesecurity.com/2016/10/wrong-about-conferences-part-2.html www.secnews.physaphae.fr/article.php?IdArticle=360984 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security But they are all wrong. Many of them aren't just wrong, they're also symptomatic of some of the things wrong with InfoSec, a failure to understand the importance of context and perspective. Let's start with this simple fact: Your experience is unique, it is not not universal.  Your perspective is therefore not a universal perspective. As with anyone offering The One True Answer to any question, allow me to suggest that It Isn't That Simple. In upcoming posts I'll dig into a few of theses topics, not to give The One True Answer, but to share some of my experiences and perspectives, and float a few ideas of my own.  I don't claim to be an expert on conferences or presentations (or much of anything else), but I am and have been involved in a lot of conferences- as an attendee, participant, program committee member, organizer, volunteer, vendor booth staff, speaker, and even bartender.  I also participate in events large and small, commercial and community, business- and hacker-centric. And I have opinions.  You may have noticed. Stay tuned.   Jack]]> 2016-10-05T13:34:12+00:00 http://blog.uncommonsensesecurity.com/2016/10/everyone-is-wrong-about-conferences.html www.secnews.physaphae.fr/article.php?IdArticle=360985 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016-09-30T06:45:19+00:00 http://blog.uncommonsensesecurity.com/2016/09/debunking-fuel-in-gas-tank-case-closed.html www.secnews.physaphae.fr/article.php?IdArticle=360986 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security my other blog.)  That would seem to thoroughly debunk the story by itself, and in modern vehicles in good condition it pretty much does. Modern, good condition… I just opened two interesting views into one angle to the tale. Second, modern (there's that word again) vehicles have very thorough fuel filtering which will prevent sugar granules from making it anywhere near the engine. And finally for this post, even if sugar did dissolve in gas (which it doesn't) and sugar made it through the filter(s) (which it won't), the sugared fuel would only flow through the fuel, intake, and exhaust systems.  I suppose it might make it into the lower parts of the engine if the pistons/rings/cylinder walls were junk but then the engine is already trashed. Let's talk about what could happen in the scenario above, assuming sugar did dissolve in gas and/or filtration didn't stop it.  It is a safe bet that fuel injectors wouldn't like it, they might gum up eventually as the sugar burned (caramelized?) due to engine heat.  I suppose, since we're suspending disbelief, that sugar could build up on the valves and contribute to burned valves- but the operating temperatures of modern valves are extremely high and  since they're designed to function at such temperatures that I doubt it would be a problem as the sugar would burn off without building up.  Continuing with the fantasy, maybe turbochargers and catalytic converters wouldn't enjoy the sugar solution- but again the extreme heat would burn the sugar somewhere in the process and probably burn it cleanly with no significant ill effects. So there we have it, thoroughly debunked.  Except maybe not.  What if we scale back the expected damage from catastrophic to annoying, and go back in time?  In the first post on debunking going back in time was also a key to understanding the battery myth. The rest of this story comes tomorrow (really).   Jack]]> 2016-09-29T14:37:24+00:00 http://blog.uncommonsensesecurity.com/2016/09/debunked-debunking-part-2.html www.secnews.physaphae.fr/article.php?IdArticle=360987 False None None None UncommonSenseSecurity - Blog Uncommon Sense Security 2016-06-14T19:31:09+00:00 http://blog.uncommonsensesecurity.com/2016/06/bad-analogy-bad-no-biscuit.html www.secnews.physaphae.fr/article.php?IdArticle=360988 False None None None