HackDig : Dig high-quality web security articles for hackers

P2P Session: Metrics for Managing and Understanding Patch Fatigue

At RSA 2015, I facilitated my first Peer-2-Peer session, “Vulnerability and Risk Scoring: What Ratings Really Mean” in front of full audience. I went into the event not really certain what a Peer-2-Peer was and what I would take away, but I knew I was very interested in discussing vulnerability scoring and metrics with a group of like-minded individuals.Whil
Publish At:2017-02-09 18:00 | Read:4568 | Comments:0 | Tags:Off Topic Metrics peer-2-peer RSA 2017

Autofill FUD

Last week, while browsing various news feeds and websites, I took a scroll through Facebook and saw this video posted from our local morning show, Breakfast Television. They were talking about a Lifehacker post that referenced a github repository belonging to Viljami Kousmanen. The doom and gloom statements of the video are pretty clear evidence of what’s wr
Publish At:2017-02-07 10:45 | Read:4504 | Comments:0 | Tags:Featured Articles Off Topic FUD PCI Compliance Phishing

Integrating IT and OT: Design Challenges in Critical Infrastructure Security

Will you be attending the 2017 RSA conference this month? Do you like information technology (IT)? Do you like operational technology (OT)? Do you like critical infrastructure and security? If you answered yes to any of these questions, then I’d love to meet you at my Learning Lab session at RSA 2017 where I’ll be facilitating discussions about the design ch
Publish At:2017-02-07 10:45 | Read:4237 | Comments:0 | Tags:Off Topic cybersecurity IT RSA 2017

Digging for Security Bugs in Python Code

Python is a great development language for so many reasons. Its developers enjoy huge library support. Do you want to deploy a simple web server or implement a RESTful API? There are modules for that. Capture, analyze, and visualize network traffic flow? There are simple and free modules for all of that, too.Developers using Python can create a prototype in
Publish At:2017-01-25 09:35 | Read:4667 | Comments:0 | Tags:Off Topic Bandit BsidesSF python

Consumer Carelessness Leaves Sensitive Data in Returned Devices

My boyfriend works a demanding day job at a major Canadian big box furniture and appliance retailing chain. Knowing that I write about information security for a living, he had an interesting story to tell me:“An LG Smart TV was returned to us by the customer, and it had their credit card credentials in it! Why didn’t they do a factory reset firs
Publish At:2017-01-23 02:15 | Read:4961 | Comments:0 | Tags:Off Topic consumer data factory reset

Drones, OSINT, NLP and Sherlock Holmes

15 January 2017 was yet another treat for me. I watched the most excellent Benedict Cumberbatch playing the part of the brilliant yet crazed Sherlock Holmes.Granted, this is an imaginative and fictitious portrayal of the character created by Arthur Conan Doyle. But I am wondering, if you also watched it, did you note the crossover from fiction to the cyber r
Publish At:2017-01-18 11:45 | Read:4926 | Comments:0 | Tags:Featured Articles Off Topic Drones OSINT security

Is Hacking in Your Blood?

I am a hacker. I get hired by companies to break into their systems, a job commonly referred to as pentesting. I’m a “good guy” hacker. My definition of “good guy” versus “bad guy” is that good guys only hack with permission and they get paid less. ;-)I LOVE my job! Often times I have to force myself to stop working in order to do other more important things
Publish At:2017-01-17 17:20 | Read:5053 | Comments:0 | Tags:Featured Articles Off Topic hacking pentesting Information S

5 Tips to Get an “A” on Research Papers & Advance Your Infosec Career

John Callahan’s October article “4 Reasons to Get Your Masters in Cyber Security” made me think about how to help students and cyber professionals strengthen a critical soft skill: written communication.Research synthesis and analysis papers are common in academic environments. These critical thinking assignments require students to conduct research on speci
Publish At:2017-01-12 08:25 | Read:5328 | Comments:0 | Tags:Off Topic academic browser communication Infosec Patching se

The Top 13 Information Security Conferences of 2017

2017 is finally here. You know what that means: another information security conference season is upon us. We couldn’t be more excited!Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security for 2017. We hope you’ll have the chance to attend at least one of these events this
Publish At:2017-01-11 12:55 | Read:6328 | Comments:0 | Tags:Off Topic Conferences CTF hacking Information Security pente

Top 10 State of Security Articles of 2016

With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year.6 Stages of Network Intrusion and How to Defend Against ThemIn June, David Bisson wrote up an article around a
Publish At:2016-12-29 23:50 | Read:6639 | Comments:0 | Tags:Off Topic Hacker ics NERC CIP Phishing ransomware scam

Infosec in Review: Security Professionals Look Back at 2016

2016 was an exciting year in information security. There were mega-breaches, tons of new malware strains, inventive phishing attacks, and laws dealing with digital security and privacy. Each of these instances brought the security community to where we are now: on the cusp of 2017.Even so, everything that happened in 2016 wasn’t equally significant. So
Publish At:2016-12-21 11:00 | Read:6825 | Comments:0 | Tags:Featured Articles Off Topic Infosec IoT malware Mirai ransom

Women in Information Security: Zoё Rose

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us.So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson–five different women from different parts of the English-speaking world and from different areas of IT.For my sixth and final interview, I
Publish At:2016-12-05 06:40 | Read:5007 | Comments:0 | Tags:Off Topic computing Cyber hacking Information Security Open

Women in Information Security: Jess Dodson

Women in information security are a fascinating group of people. I should know, being one myself. But being female in a quickly growing male-dominated industry poses its own challenges. And those of us who pursue security and IT in spite of gender stereotypes have unique strengths and insight.I first interviewed Tiberius Hefflin, a Scottish security analyst
Publish At:2016-11-23 18:20 | Read:5168 | Comments:0 | Tags:Off Topic Information Security IT sysadmin women

Women in Information Security: Kat Sweet

Women are vital to the information security field, but there are relatively few of us. Speaking to women in our industry gleams insights about how we’ve ended up in that male dominated field and perhaps how to attract more of us.I first interviewed Tiberius Hefflin, a Scottish security analyst who’s working in the United States. Then I spoke to T
Publish At:2016-11-17 14:50 | Read:4053 | Comments:0 | Tags:Off Topic Information Security IT Network Security women

Women in Information Security: Tracy Maleeff

Information security really needs female professionals. There aren’t a lot of us, but all the women in infosec I’ve met so far have been fascinating. In my first interview, I spoke with Tiberius Hefflin, a Security Assurance Analyst.The second woman I spoke to was Tracy Z. Maleeff, who is well known on Twitter as @InfoSecSherpa.Kim Crawley: How w
Publish At:2016-11-01 19:05 | Read:4389 | Comments:0 | Tags:Off Topic Information Security Infosec women

Tools