Hackin9

Investment Manager (Infosec Venture Capital)
e27
Portfolio management - Maintain updated operational, IP and financial reports for portfolio companies including milestone achievements, performance metric, financial projections etc... Track record of relevant investment experience within enterprise ...

and more »
 

Investment Manager (Infosec Venture Capital)
e27
Portfolio management - Maintain updated operational, IP and financial reports for portfolio companies including milestone achievements, performance metric, financial projections etc... Track record of relevant investment experience within enterprise ...

and more »
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

(credit: National Nuclear Security Administration )

In August, National Security Agency officials advised US agencies and businesses to prepare for a not-too-distant time when the cryptography protecting virtually all sensitive government and business communications is rendered obsolete by quantum computing. The advisory recommended backing away from plans to deploy elliptic curve cryptography, a form of public key cryptography that the NSA spent the previous 20 years promoting as more secure than the older RSA cryptosystem.

Almost immediately, the dramatic about-face generated questions and anxiety. Why would the NSA abruptly abandon a series of ECC specifications it had championed for so long? Why were officials issuing the advice now when a working quantum computer was 10 to 50 years away, and why would they back away from ECC before recommending a suite of quantum-resistant alternatives? The fact that the NSA was continuing to endorse use of RSA, which is also vulnerable to quantum computing, led some observers to speculate there was a secret motivation that had nothing to do with quantum computing.

On Tuesday, researchers Neal Koblitz and Alfred J. Menezes published a paper titled A Riddle Wrapped in an Enigma that compiles some of the competing theories behind the August advisory. The researchers stressed that that their paper isn't academic and at times relies on unsourced facts and opinions. And sure enough, some of the theories sound almost conspiratorial. Still, the paper does a good job of evaluating the strengths and weaknesses of the NSA's highly unexpected abandonment of ECC in a post quantum crypto (PQC) world.

Read 6 remaining paragraphs | Comments

 

iT News

The ATO's secret to keeping its infosec staff engaged
iT News
With a tight labour market for skilled infosec professionals, many CISOs and IT managers are struggling to recruit and retain talented employees. The ATO's solution to the situation, according to its senior director of vulnerability management and ...

 

BankInfoSecurity.com (blog)

Big Year-to-Year Jump in InfoSec Workforce
BankInfoSecurity.com (blog)
Information security analysts (see Defining InfoSec Analyst below) is the only occupation classification the BLS reserves for IT security employees, though many people working in other job categories - database administrators, network and computer ...

 
The National Cybersecurity Center of Excellence (NCCoE), in partnership with the National Strategy for Trusted Identities in Cyberspace National Program Office, is seeking comments on a new project focused on protecting privacy and ...
 

Posted by InfoSec News on Oct 22

http://www.zdnet.com/article/apple-fixes-security-bugs-in-ios-9-1-kills-jailbreak/

By Zack Whittaker
Zero Day
ZDNet.com
October 21, 2015

Apple has fixed 49 separate security vulnerabilities in iOS 9.1.

The company, which released the software on Wednesday for iPhones and
iPads, detailed the flaws in its updated security documentation.

Two of the fixes were credited to PanguTeam, a well-known jailbreak team
based out of China, which earlier...
 
TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
 

Nasdaq BWise releases information security package..
Finextra (press release)
Nasdaq's BWise (Nasdaq: NDAQ), a global leader in enterprise Governance, Risk Management and Compliance (eGRC), today announced the release of its new solution: BWise® Information Security (InfoSec), at its Global BWise Customer Summit in New ...

and more »
 

www.waterstechnology.com

Nasdaq announces BWise InfoSec
Automated Trader
New York - Nasdaq's BWise, a provider of enterprise Governance, Risk Management and Compliance (eGRC), has announced the release of its new solution: BWise Information Security (InfoSec), at its Global BWise Customer Summit in New York.
Nasdaq's BWise GRC Platform Adds Information Security Modulewww.waterstechnology.com

all 4 news articles »
 

Posted by InfoSec News on Oct 22

http://gawker.com/hero-teens-allegedly-hack-high-school-computers-during-1737935352

By Brendan O'Connor
Gawker.com
10/21/15

Three 17-year-old boys on Long Island have been arrested, NBC News
reports, after their high school’s computer system was breached over the
summer—schedules were altered and grades changed.

Authorities said that, in July, these three super-nerds hacked into the
Commack High School computer system and changed...
 

Posted by InfoSec News on Oct 22

http://arstechnica.com/security/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/

By Dan Goodin
Ars Technica
Oct 20, 2015

The cost and time required to break 512-bit RSA encryption keys has
plummeted to an all-time low of just $75 and four hours using a recently
published recipe that even computing novices can follow. But despite the
ease and low cost, reliance on the weak keys to secure e-mails,
secure-shell...
 

Posted by InfoSec News on Oct 22

HACKFEST 2015 - REGISTRATION & TRAININGS
Hackfest 2015, November 6-7th
Quebec City, Canada
www.hackfest.ca

REGISTRATION
Online registration close on November 1st.
- Current price is 80$CAD+tx 
- Register in group to have a discount
- Register now: www.hackfest.ca/en/register

TRAININGS
We have interesting trainings offered at Hackfest in Quebec city, Canada
this year.  
The price also includes admission to talks.

NOVEMBER 5th

Hunting...
 

Posted by InfoSec News on Oct 22

http://www.defenseone.com/threats/2015/10/even-dhs-doesnt-want-power-it-would-get-under-cisa/123015/

By PATRICK TUCKER
defenseone.com
OCTOBER 21, 2015

The Senate is currently debating a bill to give Department of Homeland
Security unprecedented access to personal information, a measure intended
to help to protect the nation from cyber attacks. Yes, that DHS, whose
director had his Comcast account hacked yesterday. Even stranger: DHS...
 
APPLE-SA-2015-10-21-8 OS X Server 5.0.15
 
APPLE-SA-2015-10-21-7 Xcode 7.1
 
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002
 
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
 
APPLE-SA-2015-10-21-2 watchOS 2.0.1
 
APPLE-SA-2015-10-21-3 Safari 9.0.1
 
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
 
APPLE-SA-2015-10-21-5 iTunes 12.3.1
 
APPLE-SA-2015-10-21-1 iOS 9.1
 
Internet Storm Center Infocon Status