Making security a more welcoming field for women

Read Time:39 Second

Alethe Denis was on maternity leave when she decided to participate in DEF CON’s Social Engineering Capture the Flag competition in 2019. She took her three-month-old daughter and her husband to Las Vegas and planned the trip to the finest detail.

“Things could have gone wildly wrong,” Denis says. “It was extremely exhausting just to be there, let alone to compete.”

Bringing an infant to a security conference, where crowds are loud and rooms are filled with cigarette smoke, is not something she recommends. “I found myself standing in a bathroom stall nursing quite frequently, which is pretty gross, or changing her quick enough that nobody would walk by and potentially see and be alarmed or disgusted,” she says.

To read this article in full, please click here

Read More

Leaked hacker logs show weaknesses of Russia’s cyber proxy ecosystem

Read Time:33 Second

For nearly four decades, states have used proxy actors to conduct cyber operations. In doing so, they profit from diverse low-intensity efforts that harass, subvert and burgle foreign competitors, often shaping favorable conditions without risking escalation. Using proxies, from mercenary groups to criminal elements and so-called “patriotic hackers,” creates a degree of plausible deniability for states and can bring other benefits as well. In some cases, for instance, criminal organizations have better access to job-specific coding talent or hacking infrastructure than the state, thus saving the state from having to commit resources to develop new capacity.

To read this article in full, please click here

Read More

Post Title

Read Time:24 Second

A vulnerability has been discovered in Sophos Firewall’s user portal and Webadmin that could allow for arbitrary remote code execution. Sophos Firewall is a next generation firewall product which enables users to manage, detect and respond to threats on the network. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the web application. Depending on the privileges associated with the application, an attacker could view, change, or delete data.

Read More

What is SSL? How SSL certificates enable encrypted communication

Read Time:44 Second

SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.

The decades-long history of these protocols has been marked by continuous updates that aim to keep pace with increasingly sophisticated attackers. The next major version of the protocol, TLS 1.3, will soon be finalized — and most anyone who runs a website will want to upgrade, because cybercriminals are catching up.

Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that made the most popular Web browser at the time. SSL 1.0 was never released to the public, and SSL 2.0 had serious flaws. SSL 3.0, released in 1996, was completely revamped, and set the stage for what followed.

To read this article in full, please click here

Read More

What is ethical hacking? Getting paid to break into computers

Read Time:43 Second

Ethical hacking, also known as penetration testing, is legally breaking into computers and devices to test an organization’s defenses. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. 

Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester’s point of view, there is no downside: If you hack in past the current defenses, you’ve given the client a chance to close the hole before an attacker discovers it. If you don’t find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn’t break into it.” Win-win!

To read this article in full, please click here

Read More