WtRW

What to Read Wednesday: InfosecCynic Channel

by kriggins on October 19, 2011

in WtRW

Wait. What? Can it be?

Yup! What to Read Wednesday's is back. To refresh your memory, What to Read Wednesday posts are pointers to folks whom I think produce excellent content. You can see previous posts here.

This week's post is a bit different in that it isn't so much something you should read, but something you should watch. Javvad Malick's InfosecCynic Youtube channel is pure gold. You will laugh, you will cry and you will go 'what the....?', and in the process, you will get exposed to some great ideas and methods of conveying information security topics to various audiences.

A couple of my favorites.

Avoiding Security Budget Cuts: http://www.youtube.com/user/InfosecCynic#p/a/u/0/irRJdZo5x3U

Compliance vs. Security: http://www.youtube.com/user/InfosecCynic#p/u/11/CBdg0682Qzg

You can also follow Javvad on Twitter at @j4vv4d.

His website is here: http://www.j4vv4d.com/

 

As always, comments are welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

 

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

 

-Kevin

{ 0 comments }

What to Read Wednesday: 1 Raindrop by Gunnar Peterson

by kriggins on February 2, 2011

in WtRW

I have long been a fan of Gunnar Peterson's writing. He brings an interesting perspective to information security and looks at things from several different directions. He blogs at 1 Raindrop and is also a contributing analyst for Securosis.

Some recent entries you might find interesting:

Everyone Has a Plan Until They Get Hit

Heartland's Value Metrics

Of Gateways and Hedgehogs

You can also follow Gunnar on Twitter. He is @oneraindrop there.

As always, comments are welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 0 comments }

Jack Daniel, a self-professed curmudgeon and owner of a truly magnificent beard, has a very direct and non-nonsense perspective on the topics he chooses to write about. He is also a bit of a fibber about that curmudgeon part. Jack is a great friend and has done as much for the information security community as anybody I can think of.

He is actively involved in the Security BSides movement and sits on the board of the National Information Security Group (NSAIG.) He writes on a variety of topics and I enjoy his work. Pop his blog, Uncommon Sense Security, in the  must-read folder in your RSS reader.

Here are some recent contributions as a sample:

Who do you trust?

In Defense of FUD

Invoking 9/11, lies, and ignorance.

You can also follow Jack on Twitter. He is @jack_daniel there.

As always, comments are welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 1 comment }

You know you need to do some logging, but you are a bit lost on what to log, how to log it and where to store it. You need to head on over to Anton Chuvakin's blog, Security Warrior, and get to reading.

He also is the co-author of an excellent book on PCI compliance, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, second edition - updated for PCI DSS v 1.2. Although it is for version 1.2, it is still germane and I suspect an update is forthcoming at some point.

Some things to read from his blog archive:

Complete PCI DSS Log Review Procedures Series

Top 10 Things Your Log Management Vendor Won't Tell You

Checking My 2010 Security Predictions

You can also follow Anton on Twitter. He is @anton_chuvakin.

As always, comments are welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 0 comments }

What to Read Wednesday: Layer 8 by Shrdlu

by kriggins on January 12, 2011

in WtRW

There are quite a few good writers in the information security space, but few are able to turn a phrase quite like Shrdlu. I don't remember the first time I came across the Layer 8 blog, but I have been an avid reader ever since.

You will learn something every time Shrdlu decides to give us some of his or her stored up wisdom. (I know the proper pronoun, but am respecting Shrldu's anonymity) That, or you will rupture something laughing at his or her wit.  While I have not met Shrdlu in person yet, we are good friends online. Hopefully we can meet in meat space in the near future.

Some examples of Shrdlu's prose:

You say potato, I say false positive.

BSOFH Interview Questions. One of my favorites, probably because I participated :)

Audit instructions.

BSOFH:  the roar of the packets, the smell of the cloud. A must read :)

Want a little more wisdom from Shrldu? Follow on Twitter, @shrdlu.

As always, comments are welcome below or you can email me at kriggins@infosecramblings.com if you prefer.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

{ 0 comments }

What to Read Wednesday: Krebs on Security

by kriggins on January 5, 2011

in WtRW

Brian Krebs used to write for the Washington Post...and then he didn't. He started Krebs on Security just a year ago and has been churning out great content ever since. Brian brings great investigative journalism to the information security blogger space.

One of his focus areas has been bank crime, both ATM theft and EFT theft. That is not to say that he has a one track mind. He has penned articles on a variety of topics.

Here are some samples for you to check out.

Russian e-Payment Giant ChronoPay Hacked

Fallout from Recent Spear Phishing Attacks?

Why GSM-Based ATM Skimmers Rule

Pop his site in your RSS reader in the 'must read' folder. You will be better informed if you do.

Also give him  a follow on Twitter. He is @briankrebs there.

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe to have posts emailed to you if you prefer.

-Kevin

http://krebsonsecurity.com/2010/12/russian-e-payment-giant-chronopay-hacked

{ 0 comments }

What to Read Wednesday: Didier Stevens

by kriggins on December 22, 2010

in WtRW

Not to put Didier Stevens in a box, but he knows more about PDFs than Adobe does. It's really good that he is on our side :)

Didier also had a deep understanding of the security model for a number of systems and has provided a number of tools you can use to explore those models.

If you are interested in the technical aspects of privilege escalation/de-escalation, Didier also has you covered.

If you haven't figured it out yet, Didier is another one of my friends that is scary smart.

Here are a some posts you should check out.

HeapLocker: Private Memory Usage Monitoring

Password Auditing With a Password Filter

pdf-tools

Put his blog in your RSS reader "must read group" too! Didier is @didierstevens on Twitter if you would like to follow him there too. I do!

As always, comments welcome below or you can email me: kriggins@infosecramblings.com

If you are interested in getting my content regularly, go ahead and subscribe to my RSS feed. You can also subscribe have posts emailed to you if you prefer.

-Kevin

{ 0 comments }

For the inaugural post in the 'What to Read Wednesday' series, I am suggesting that you put Lori MacVittie's blog over at DevCentral in your reader...at the top...in your must read folder.

If you were a follower of the recently deceased IISB posts, you will recognize her site. Lori consistently pens excellent posts on a broad range of topics. Not all of her posts are information security centric, but you should read them anyway. They will make you a much more informed professional.

Besides that, they are fun to read.

Lori has  great voice and a wonderful way of getting her point across.

Some recent posts that I particularly enjoyed are:

There Is No Such Thing as Cloud Security

Like Load Balancing WAN Optimization is a Feature of Application Delivery

The Database Tier is Not Elastic

In case you didn't notice, those three posts represent quite a range of content.

Lori is scary smart.

You need to take advantage of that.

As always, comments welcome below or you can email me at kriggins@infosecramblings.com with your thoughts.

-Kevin

{ 2 comments }