Security


Latest News

  • 26-07-2017: Russia passes bill banning proxies, TOR, VPNs.  [HardOCP]  [Info Security]
  • 26-07-2017: How to improve your privacy in Windows 10.  [Stuff]
  • 26-07-2017: Spies, cops don't need to crack WhatsApp: they'll just hack your smartphone.  [The Register]
  • 26-07-2017: The great Ethereum hack.  [Russ White]  [FreeCodeCamp]
  • 22-07-2017: Letting cyberattack victims hack back is a very unwise idea.  [Wired]
  • 20-07-2017: Cisco 2017 midyear cybersecurity report.  [Cisco]  [THG]
  • 19-07-2017: Let's harden Internet crypto so quantum computers can't crack it.  [The Register]  [Wired]
  • 19-07-2017: China's 'future-proof' crypto.  [The Register]  [BBC News]
  • 18-07-2017: Leaked memo says hackers may have compromised UK power plants.  [Engadget]
  • 18-07-2017: Quantum computing could make today's encryption obsolete.  [DC Knowledge]
  • 17-07-2017: Inside the cyber-attack on the UK parliament.  [BBC News]
  • 13-07-2017: AlphaBay taken down by law enforcement across 3 countries.  [Ars Technica]  [Gizmodo]  [The Register]  [The Verge]  [Wired]
  • 10-07-2017: 2FA is a mess.  [The Verge]  [The Register]
  • 09-07-2017: Trump talked to Putin about creating a 'Cyber Security unit'.  [Engadget]  [Gizmodo]  [Ars Technica]
    • 10-07-2017: Donald Trump backtracks on Russia joint cybersecurity unit.  [BBC News]
  • 07-07-2017: US military will finally start encrypting soldiers' emails.  [Engadget]
  • 07-07-2017: Hacking Team is back.  [Engadget]
  • 06-07-2017: Why isn't everyone running DNSSEC?  [Russ White]  [APNIC Blog]
  • 06-07-2017: It's easier than ever to steal someone's keys.  [Schneier]  [KeyMe]
  • 06-07-2017: After criticism, US Defense Department will implement new encryption standards next year.  [Gizmodo]
  • 06-07-2017: Let’s Encrypt to support wildcard certificates starting January 2018.  [THG]  [The Register]  [Ars Technica]
  • 06-07-2017: Drugs and manufacturing equipment imported over the dark web.  [Stuff]
  • 05-07-2017: Hackers are targeting nuclear power plant operators in the US.  [The Verge]  [ReadWriteWeb]  [Ars Technica]  [Wired]  [The Register]
  • 05-07-2017: A major Dark Net market is down and users are worried they got scammed.  [Gizmodo]
  • 03-07-2017: HTTPS Certificate Revocation is broken.  [Ars Technica]  [HardOCP]  [Scott Helme]
  • 03-07-2017: What it's like when pro phishers assail your inbox.  [Wired]
  • 01-07-2017: The biggest cybersecurity disasters of 2017 so far.  [Wired]
  • 30-06-2017: The encryption debate should end right now.  [Wired]  [ITP Blog]
  • 30-06-2017: Google's Project Zero.  [Schneier]  [Fortune]
  • 30-06-2017: Latest ransomware techniques show need for layered security.  [PacketU]  [Voxy]
  • 29-06-2017: Shadow Brokers hike prices for stolen NSA exploits.  [The Register]
  • 29-06-2017: Let’s Encrypt issues 100 million certificates to help secure the web.  [THG]
  • 28-06-2017: Why you'll be sorry when encryption is broken.  [NZ Herald]
  • 27-06-2017: GoldenEye ransomware campaign spreads throughout Europe.  [THG]
  • 27-06-2017: The DAO Ethereum hack.  [Schneier]  [Bloomberg]
  • 27-06-2017: Idea to encrypt stuff on the web at rest hits the IETF's Standard Track.  [The Register]
  • 26-06-2017: The FAA is arguing for security by obscurity.  [Schneier]  [Federal Register]
  • 24-06-2017: Windows 10 source code leak is an embarrassment for Microsoft.  [Engadget]  [Gizmodo]  [HardOCP]  [The Register]
    • 27-06-2017: Microsoft confirms Windows code leak, but size, details disputed.  [ExtremeTech]
  • 24-06-2017: Hackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attack.  [Graham Cluley]  [Stuff]  [Engadget]  [The Verge]  [The Register]
    • 26-06-2017: UK Parliament hack a brute-force attack.  [The Register]
    • 26-06-2017: UK Parliament maintains restrictions after hacking.  [DC Knowledge]
  • 23-06-2017: If these universities had run an ad blocker they might have been saved from ransomware attack.  [Graham Cluley]
  • 21-06-2017: The simple trick used by hackers to pinch your mobile number and wreak havoc on your life.  [NZ Herald]
  • 20-06-2017: A new way to deal with DDoS.  [Russ White]  [ECI Telecom]
  • 20-06-2017: Many companies have been ‘hacked’, but please don’t make it THIS easy.  [Graham Cluley]
  • 19-06-2017: Bot attacks getting more difficult to detect.  [HardOCP]  [Dark Reading]
  • 19-06-2017: New techniques to hijack social media accounts.  [Schneier]  [AccessNow]
  • 19-06-2017: What the average worker doesn't know about security will scare you.  [DC Knowledge]
  • 19-06-2017: Backdoor backlash: European Parliament wants better privacy.  [The Register]
  • 16-06-2017: Brit hacker admits he siphoned info from US military satellite network.  [The Register]  [Graham Cluley]  [BBC News]
  • 15-06-2017: Inside a porn-pimping spam botnet.  [Krebs]
  • 14-06-2017: Data vs analysis in counterterrorism.  [Schneier]  [The Guardian]
  • 14-06-2017: Internet hygiene still stinks despite botnet and ransomware flood.  [The Register]
  • 13-06-2017: Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers.  [Ars Technica]  [The Verge]  [The Register]  [THG]  [ExtremeTech]  [Engadget]
    • 21-06-2017: Is continuing to patch WinXP a mistake?  [Schneier]
  • 13-06-2017: Hovering Over Links Can Install New Malware.  [ExtremeTech]
  • 13-06-2017: Who’s afraid of the big, bad botnet?  [The Register]
  • 11-06-2017: How your mouse movement could be used to stop identity theft.  [Gizmodo]
  • 07-06-2017: Internet cameras have hard-coded password that can’t be changed.  [Ars Technica]
  • 06-06-2017: DDoS trends in the last 20 years.  [NANOG YouTube]
  • 06-06-2017: Latest on spear phishing attacks.  [Schneier]  [PDF]
  • 06-06-2017: Following the money hobbled vDOS attack-for-hire service.  [Krebs]  [Russ White]
  • 06-06-2017: Telegram is the 'app of choice' for terrorists.  [Stuff]
  • 05-06-2017: Leaked NSA report says Russians tried to hack state election officials.  [Ars Technica]  [Engadget]  [Schneier]
  • 05-06-2017: Recovering a stored password from a web browser.  [Network Computing]
  • 02-06-2017: Fireball malware's flames infect a quarter of a billion computers.  [Graham Cluley]  [Wired]  [HardOCP]
  • 31-05-2017: If you think WannaCry was huge, wait for EternalRocks.  [DC Knowledge]
  • 30-05-2017: How to get away with hacking the Department of Homeland Security.  [Graham Cluley]
  • 30-05-2017: Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service.  [The Register]  [Ars Technica]
    • 30-05-2017: Shadow Brokers move bitcoins after hacking tool auction.  [BBC News]
    • 30-05-2017: Who are the Shadow Brokers?  [Schneier]
  • 29-05-2017: The impact of encryption.  [Russ White]  [Network Collective]  [YouTube]
  • 29-05-2017: NTP updated to spook-harden user comms.  [The Register]
  • 27-05-2017: Internet providers have backdoor access to customers' modems.  [NZ Herald]
  • 23-05-2017: The future of ransomware.  [Schneier]
  • 17-05-2017: 560 million email credentials have been leaked.  [Lifehacker]
  • 16-05-2017: 'Shadow Brokers' threaten to release more hacking tools in June.  [Engadget]
    • 17-05-2017: Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft.  [Ars Technica]
  • 16-05-2017: Security and IoT.  [ipSpace]  [Schneier]
  • 11-05-2017: US spymasters trash Kaspersky: AV tools can't be trusted.  [The Register]
    • 12-05-2017: US intelligence chiefs don't trust Kaspersky - but why?  [Graham Cluley]
  • 11-05-2017: Persirai IoT botnet threatens to hijack over 120,000 IP cameras.  [Graham Cluley]
  • 10-05-2017: SS7 flaws exploited to hack smartphone 2FA systems.  [Schneier]
  • 09-05-2017: NSA confirms Russia hacked French election infrastructure.  [Wired]
  • 09-05-2017: Corsa adds IPv4 blacklist to support DDoS appliances.  [Packet Pushers]
  • 09-05-2017: I side with the 'bad guys' on encryption.  [Stuff]
  • 06-05-2017: The hijacking flaw that lurked in Intel chips is worse than anyone thought.  [Ars Technica]  [ExtremeTech]
  • 05-05-2017: Modern phishing attempts look more legit, but the methods haven't changed much.  [Lifehacker]
  • 05-05-2017: Tips for World Password Day.  [Voxy]
  • 03-05-2017: Watch hackers sabotage an industrial robot arm.  [Wired]
  • 02-05-2017: Email hackers cost couple their new home.  [Graham Cluley]  [Krebs]
  • 01-05-2017: FIDO: multi-factor authentication should be included in NIST’s cybersecurity framework.  [THG]
  • 30-04-2017: Secure messaging app showdown: WhatsApp vs. Signal.  [Lifehacker]
  • 29-04-2017: Hacker holds Netflix to ransom over ‘Orange is the New Black’.  [Graham Cluley]  [HardOCP]  [DataBreaches]  [The Verge]  [Gizmodo]  [BBC News]  [Ars Technica]
    • 30-04-2017: Hackers may have stolen 36 other shows.  [Engadget]
    • 01-05-2017: That Orange is the New Black leak was never going to pay off.  [Wired]
  • 27-04-2017: A vigilante is putting a huge amount of work into infecting IoT devices.  [Ars Technica]
  • 26-04-2017: Interpol unplugs nearly 9,000 Asian command and control networks.  [The Register]
  • 22-04-2017: US court hits Russian PoS hacker with record 27 year jail sentence.  [Graham Cluley]  [Krebs]
  • 21-04-2017: Why I hacked the government.  [BBC News]
  • 19-04-2017: The Hajime IoT worm fights the Mirai botnet for control of your devices.  [Graham Cluley]  [BBC News]  [ExtremeTech]
    • 03-05-2017: Hajime malware is turning 300,000 IoT devices into zombies.  [ReadWriteWeb]
  • 14-04-2017: How to spot a link you shouldn't click on.  [Gizmodo]
  • 13-04-2017: Criminals getting closer to state actors.  [Russ White]  [Halbheer]
  • 12-04-2017: For a while the infamous Mirai botnet could have exploited your IoT devices to mine Bitcoins.  [Graham Cluley]
  • 11-04-2017: Feds deliver fatal blow to botnet that menaced world for 7 years.  [Ars Technica]  [Wired]
  • 10-04-2017: How HTTPS website security is making the Internet safer from snoopers.  [Gizmodo]
  • 10-04-2017: Security threats keep network teams busy.  [Network Computing]
  • 10-04-2017: Internet Society to G20 nations: The web must be fully encrypted.  [The Register]
  • 08-04-2017: Forget Mirai – Brickerbot malware will kill your crap IoT devices.  [The Register]  [Engadget]
  • 06-04-2017: Advanced Chinese hacking campaign infiltrates IT service providers across the globe.  [HardOCP]  [ZDNet]
  • 06-04-2017: This hacker can talk his way into a data center.  [DC Knowledge]
  • 05-04-2017: How hackers hijacked a bank's entire online operation.  [HardOCP]  [Wired]  [Schneier]
  • 04-04-2017: Google and Lookout detail super-sophisticated 'Chrysaor' Android malware.  [Android Police]
  • 04-04-2017: Botnets in the cloud.  [Russ White]  [Microsoft Azure]
  • 03-04-2017: Russian hackers have used the same backdoor for two decades.  [Wired]
  • 31-03-2017: When the 'S' in HTTPS also stands for shady.  [Engadget]
  • 29-03-2017: Strange Mirai botnet brew blamed for powerful application layer attack.  [The Register]
  • 28-03-2017: Odds are in favour of quantum encryption.  [Russ White]  [CSA]
  • 27-03-2017: Encryption is a good thing.  [Graham Cluley]
  • 21-03-2017: Fix crap Internet of Things security, booms Internet daddy Cerf.  [The Register]
  • 19-03-2017: Phishing scams even fool tech nerds - here's how to avoid them.  [Wired]  [HardOCP]  [US DoJ]  [The Verge]
  • 15-03-2017: Sound waves can be used to fool your phone's motion sensors.  [Engadget]  [HardOCP]
  • 14-03-2017: 'Walnut' attack uses sound to trick sensors in cars, phones, and other devices.  [THG]
  • 13-03-2017: Most people still don't know how to protect themselves online.  [The Register]
  • 13-03-2017: The CIA's "Development Tradecraft DOs and DON'Ts".  [Schneier]  [WikiLeaks]
  • 11-03-2017: 'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows.  [The Register]  [Coding Horror]
  • 10-03-2017: Google’s new bot-stopping reCAPTCHA is completely invisible.  [ExtremeTech]  [Gizmodo]  [Google]  [HardOCP]  [NZ Herald]  [THG]
  • 08-03-2017: This is why you shouldn’t trust flashy crypto apps.  [The Verge]
  • 07-03-2017: The dark web is disappearing.  [Gizmodo]
  • 05-03-2017: For true cyber security, using a USB firewall is essential.  [Gizmodo]
  • 03-03-2017: How to snoop-proof any phone or tablet.  [Gizmodo]
  • 03-03-2017: The golden age of email hacks is only getting started.  [Wired]
  • 03-03-2017: Jumping air gaps with blinking lights and drones.  [Schneier]  [ZDNet]  [Wired]  [BGU PDF]
  • 30-01-2017: Half the web is now encrypted, making everyone safer.  [Wired]
  • 30-01-2017: DC police surveillance cameras were infected with ransomware before inauguration  [Ars Technica]
  • 27-01-2017: Quantum computers vs hackers, round 1.  [Wired]
  • 18-01-2017: Who is Anna-Senpai, the Mirai Worm Author?  [Krebs]  [Schneier]  [Engadget]  [The Register]
  • 18-01-2017: IPv6 vulnerable to fragmentation attacks that threaten core internet routers.  [The Register]
  • 13-01-2017: Blocking attacks from the Incredibly Insecure Internet of Things -- IIIoT.  [Secure64]
  • 13-01-2017: WhatsApp vulnerability allows snooping on encrypted messages.  [The Guardian]  [Android Police]  [BBC News]  [The Register]  [HardOCP]  [Schneier]
    • 14-01-2017: Reported “backdoor” in WhatsApp is in fact a feature, defenders say.  [Ars Technica]  [Lifehacker]  [Gizmodo]
    • 14-01-2017: WhatsApp vulnerability could allow Facebook and others to read messages.  [Graham Cluley]
    • 14-01-2017: Open Whisper Systems defends Whatsapp against 'backdoor' claims.  [Engadget]
  • 13-01-2017: Google wants to make encryption easier for everyone.  [Engadget]  [The Register]
  • 13-01-2017: NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage.  [Ars Technica]  [Engadget]
  • 11-01-2017: Bible verses are easy to guess, so don't use them as your password.  [Lifehacker]  [BoingBoing]
  • 11-01-2017: The state of DNS security.  [Russ White]
  • 11-01-2017: Shamoon disk-wiping attackers can now destroy virtual desktops.  [Ars Technica]
  • 09-01-2017: The Orphaned Internet – Taking Over 120K Domains via a DNS vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean.  [EtherealMind]
  • 06-01-2017: US grid in ‘imminent danger’ from cyber-attack, study says.  [DC Knowledge]
  • 05-01-2017: 20+ VPNs rated on privacy and security side-by-side.  [CompariTech]
  • 05-01-2017: The back-door feature problem.  [Russ White]  [CAIDAPDF]
  • 02-01-2017: The biggest security threats coming in 2017.  [Wired]

Useful Articles

  • What's the most secure way to lock your smartphone?  [Gizmodo]
  • Alternatives to government-mandated encryption backdoors.  [Schneier]  [Scribd]  [Lawfare]
  • How to use a password manager - and why you really should.  [The Verge]
  • Implementing security as a set of services.  [Russ White]  [APNIC Blog]
  • Checklist for getting a grip on DDoS attacks and the botnet army.  [DC Knowledge]
  • How I learned to stop worrying (mostly) and love my threat model.  [Ars Technica]
  • Your phone is your most valuable gadget -- protect it now.  [Wired]
  • How to protect your digital self.  [Wired]
  • Getting serious about security: how MSPs can deliver.  [DC Journal]
  • The hidden risks of WiFi.  [PocketNow]
  • What is steganography?  [Wired]
  • How to spot and remove stalkerware.  [Gizmodo]
  • How to spring clean your digital clutter to protect yourself.  [Wired]
  • How to build your own VPN if you’re (rightfully) wary of commercial options.  [Ars Technica]
  • Ransomware and IoT.  [Schneier]
  • Network-sniffing, automation, machine learning: how to get better threat intel.  [The Register]
  • Site-to-site IPSec VPN.  [Packet Pushers]
  • Password and security recommendations.  [Russ White]  [CircleID]
  • Faking domain names with unicode characters.  [Schneier]  [Xudong Zheng]
  • PDoS attacks.  [Russ White]  [Radware]
  • Firewall reviews from the frontlines.  [Network Computing]  [IT Central Station]
  • Defence in Depth: A 'layered' strategy can repel cold attackers.  [The Register]
  • Building better ransomware.  [Russ White]  [Cryptography Engineering]
  • History of US information warfare.  [Schneier]  [The Strategy Bridge]
  • 18 ways to make your online accounts more secure.  [Gizmodo]
  • Cybersecurity tips for the mildly paranoid.  [Stuff]
  • Hacker lexicon: what is an attack surface?  [Wired]
  • A one-stop guide to zero-day exploits.  [Wired]
  • Defence against doxing.  [Schneier]
  • All about the dark web, and how to use it.  [ExtremeTech]
  • Botnets.  [Schneier]
  • DDoS mitigation:
  • Top 10 ways to stay safe on public Wi-Fi networks.  [Lifehacker]
  • How Google fought back against a crippling IoT-powered botnet and won.  [Ars Technica]  [Krebs]
  • Running from DDoS.  [Russ White]  [Arbor Networks]
  • DDoSing has evolved in the vacuum left by IoT's total absence of security.  [The Register]
  • Dispersing a DDoS: initial thoughts on DDoS protection.  [Russ White]
  • Hacker lexicon: what is the attribution problem?  [Wired]
  • Firewalls 101: how to choose the right one.  [Network Computing]
  • I’m throwing in the towel on PGP, and I work in security.  [Ars Technica]  [Schneier]
  • A guide to VPN basics.  [Network Computing]
  • Why your password is still important - even if you use multi-factor authentication.  [Graham Cluley]
  • Blocking DDoS at domain registration.  [Russ White]  [CircleID]
  • Why DDoS mitigation solutions must address small-scale attacks.  [DC Knowledge]
  • New strategies for securing our personal lives.  [Russ White]  [Lawfare]
  • How to stop hackers from spying with your webcam.  [Gizmodo]
  • How to protect your home network.  [Stuff]
  • Stop trying to deter cyber criminals.  [Russ White]  [ACM]
  • The psychology of bad password habits.  [Schneier]  [HelpNetSecurity]  [Russ White]
  • Do I need redundant firewalls?  [ipSpace]
  • Elliptic curve cryptography and DNS.  [Russ White]  [Geoff Huston]
  • The difference between two-factor and two-step authentication.  [Lifehacker]  [StackExchange]
  • Using DNS names in firewall rulesets.  [ipSpace]  [Russ White]
  • Infographic: common ways scammers try to phish your account.  [Lifehacker]  [Digital Guardian]
  • Security tips: stop trying to fix the user.  [Schneier]
  • Exploring the cybercrime underground:
  • The trick to choosing a password that's easy to remember but hard to crack.  [Stuff]
  • Inside ‘The Attack That Almost Broke the Internet'.  [Krebs]  [CloudFlare]
  • Tracking the hackers.  [Russ White]  [The Smoking Gun]
  • How to protect yourself from mobile ID theft.  [Graham Cluley]
  • What is the dark web?  [BBC News]  [NZ Herald]
  • How hackers get your passwords in non-technical ways - and what to do about it.  [Lifehacker]  [TheMediaShow YouTube]
  • Frequent password changes is a bad security idea.  [Schneier]  [Ars Technica]  [HardOCP]
  • Which form of 2FA should I use?  [Lifehacker]
  • How to check if someone else is using your social media accounts.  [Gizmodo]
  • Thwarting APT attacks.  [Network Computing]
  • How to protect your data in hotels, airports and public spaces when traveling.  [NZ Herald]  [Stuff]
  • DNS cookies and DDoS attacks.  [Russ White]
  • Why complex password requirements don't necessarily make you safer.  [Lifehacker]
  • Encryption is a red herring.  [Russ White]  [Real Clear Policy]
  • Sophisticated hack attack? Don't believe the hype.  [Engadget]
  • How to stay safe on public WiFi.  [Gizmodo]
  • You may take password security seriously now, but your past can haunt you.  [Graham Cluley]  [Stuff]  [Wired]  [NZ Herald]
  • Seven password experts on how to lock down your online security.  [Wired]
  • How to evade the NSA: OpSec guide for journalists also used by terrorists.  [The Register]  [Trend Micro]
  • Encryption explained for the less tech savvy.  [Lifehacker]
  • The untold story of the teen hackers who transformed the early Internet.  [Gizmodo]
  • Hacker lexicon: what are white hat, gray hat, and black hat hackers?  [Wired]
  • Botnets.  [Computerphile]
  • Securing a Cisco router: the basics.  [Network Computing]
  • Top 10 tech security basics every person should follow.  [Lifehacker]
  • Confused by crypto? Here's what that password hashing stuff means in English.  [The Register]
  • Cryptography is harder than it looks.  [Schneier]
  • There can be no middle ground on encryption.  [ExtremeTech]
  • Cyberthreat: how to respond...and when.  [The Register]
  • Should we stop encryption? Can we?  [Russ White]
  • 1981 US document on encryption policy.  [Schneier]  [ITS, PDF]
  • How social engineering attacks happen, and how you can avoid them.  [Lifehacker]  [Smart]
  • Ransomware: anatomy of an attack.  [EE Times]
  • Two-factor authentication (2FA) versus two-step verification (2SV).  [Graham Cluley]
  • Classifying data structures security.  [Russ White]  [DC Journal]
  • Research - TEMPEST edition.  [Russ White]
  • What happens when you dare expert hackers to hack you.  [HardOCP]  [YouTube]
  • Password length does matter.  [Network Inferno]
  • Security by obscurity.  [Network Guru]
  • Security vs surveilance.  [Schneier]
  • Should firewalls track TCP sequence numbers?  [ipSpace]
  • Horrible story of digital harassment.  [Schneier]  [Fusion]
  • Hacker lexicon: what are DoS and DDoS attacks?  [Wired]
  • Security starts with the network.  [Network Computing]
  • 1981 CIA report on deception.  [Schneier]  [Government Attic PDF]
  • Different kinds of encryption and why it’s so important in today’s mobile lifestyle.  [PocketNow]
  • More writings on the second crypto wars.  [Schneier]  [Huffington Post]  [CQure]
  • Why 30-year-old computer hacking methods still work.  [Gizmodo]
  • How close are you to your passwords?  [Graham Cluley]
  • A use case for an SSH bastion host.  [Scott Lowe]
  • NSA lectures on communications security from 1973.  [Schneier]
  • Five security best practices for cloud and virtualization platforms.  [DC Knowledge]
  • These are Snowden's favorite security tools -- that anyone can use.  [THG]
  • How to create an untraceable messaging device with an old phone.  [Lifehacker]
  • Create complex passwords you'll always remember with poetry.  [Lifehacker]  [ISI PDF]
  • Don't kill the password -- change the password.  [Wired]
  • Must read: James Mickens on security.  [ipSpace]  [Usenix PDF]
  • The benefits of endpoint encryption.  [Schneier]  [FTC]
  • How security flaws work: the buffer overflow.  [Ars Technica]
  • How to stop a domestic abuser stalking you via your smartphone.  [Graham Cluley]
  • Sysadmins who fail to change default configurations, leave petabytes of data at risk.  [Graham Cluley]
  • The outing of ECHELON.  [Schneier]  [The Intercept]
  • Why the password hackers never trigger an account lockout.  [Graham Cluley]
  • Using secure chat.  [Schneier]  [The Intercept]
  • TEMPEST attack.  [Schneier]  [TAU]  [Wired]
  • Why we encrypt.  [Schneier]
  • History of the first crypto war.  [Schneier]  [OTI]
  • How to hack into an email account, just by knowing your victim's mobile number.  [Graham Cluley]
  • The Dark Web as you know it is a myth.  [Wired]
  • Why using security questions to reset your online password is unsafe.  [Stuff]
  • How I learned to stop worrying and embrace the security freeze.  [Krebs]
  • What to do when you lose your phone.  [PocketNow]
  • This video explains everything you need to know about DDoS attacks.  [Lifehacker]  [YouTube]
  • Net of insecurity: the making of a vulnerable internet:  [Schneier]
  • Why firewalls won't matter in a few years.  [EtherealMind]
  • What I do as an ethical hacker.  [Lifehacker]
  • How DDoS has evolved into new threats against a data center.  [DC Knowledge]
  • IdentityTheft.gov shows you how to recover from a stolen identity.  [Lifehacker]  [identitytheft.gov]
  • Who's scanning your network?  Answer: everyone.  [Krebs]
  • Web Served: How to make your site all-HTTPS, all the time, for everyone.  [Ars Technica]
  • Encrypting your laptop demystified.  [BoingBoing]  [The Intercept]
  • What's your security maturity level?  [Krebs]
  • The life of an ex-hacker who is now banned from using the Internet.  [Gizmodo]
  • How to detect sneaky NSA 'quantum insert' attacks.  [Wired]  [The Register]  [Schneier]
  • Why sharing your security secrets is a good thing.  [Wired]
  • Why the entire premise of Tor-enabled routers is ridiculous.  [Ars Technica]
  • Hacker lexicon: what is phishing and spear phishing?  [Wired]
  • Cellphone OpSec.  [Schneier]  [FastCompany]
  • How to combat online scam artists.  [Stuff]
  • Automating network security.  [ipSpace, YouTube]
  • Your strong password may be weaker than you think.  [ReadWriteWeb]
  • NSA-proof passwords.  [BoingBoing]  [Gizmodo]  [The Intercept]
  • Snowden-approved: The ‘Citizenfour’ hacker’s toolkit.  [ExtremeTech]
  • Paper on digital intelligence.  [Schneier]  [Cigi]
  • A history of internet spying.  [Gizmodo: part 1part 2, part 3, part 4, part 5]
  • How we become habituated to security warnings on computers.  [Schneier]  [BYU PDF]
  • Automating network security.  [ipSpace, ipSpace]
  • Evaluation guide: encryptors for metro and carrier ethernet.  [ipSpace]  [Christoph Jaggi: PDF]
  • 9 facts about computer security that experts wish you knew.  [Gizmodo]
  • Three steps to save ourselves from firmware attacks.  [BoingBoing]  [EFF]
  • How to sabotage encryption software, and not get caught.  [Wired]
  • Companies should never try to intercept their users' encrypted traffic.  [BoingBoing]  [EFF]
  • Being hacked is good for business - or why you need to do security detection not security prevention.  [EtherealMind]
  • How hackers can hijack your website and read your email, without hacking your company  [TripWire]
  • The most common numbers in 10 million passwords.  [Gizmodo]
  • A history of Internet spying.  [Gizmodo: part 1, part 2, part 3, part 4, part 5]
  • The root of the problem: how to prevent security breaches.  [Wired]
  • Stop trolls stealing your online identity.  [BBC News]
  • Securing a logging environment.  [Network Inferno]
  • The real impact of surveillance.  [BoingBoing]  [Open Rights Group]
  • What's the best file encryption tool?  [Lifehacker]
    • Five best encryption tools.  [Lifehacker]
    • Most popular file encryption tool: VeraCrypt.  [Lifehacker]
  • Today's hackers are more sophisticated than you think.  [ReadWriteWeb]
  • The industrialisation of hacking.  [Cisco]
  • Securing your connection anywhere you go.  [PacketU]
  • Here is EFF's master plan for ending global mass surveillance.  [Gizmodo]  [EFF]
  • Accountability as a security system.  [Schneier]
  • How to protect your information from the Internet.  [Kotaku]
  • How to stop data thieves from stealing information off your old gadgets.  [Gizmodo]
  • The EFF’s secure messaging scorecard. Which app will you use?  [Lumension]  [EFF]
  • The importance of deleting old stuff -- another lesson from the Sony attack.  [Ars Technica]
  • How browsers store passwords.  [Schneier]  [RaiderSec]
  • What's the best password manager?  [Lifehacker]
    • Five best password managers.  [Lifehacker]
    • Most popular password manager: LastPass.  [Lifehacker]
    • The best password managers, compared.  [Lifehacker]
    • What to do if you lost the master password to your password manager.  [Lifehacker]
  • Traveling with two-factor: how to access your accounts abroad.  [Gizmodo]
  • Attributing cyberattacks.  [Schneier]  [TFO]
    • Attack attribution in cyberspace.  [Schneier]
    • Attack attribution and cyber conflict.  [Schneier]
  • How to keep your internet-connected home safe and secure.  [Lifehacker]
  • Doxing as an attack.  [Schneier]
  • Five ways to delete yourself from the Internet.  [HardOCP]  [cNet]
  • How DDoS attacks work, and why they're so hard to stop.  [Kotaku]
  • Spam was changed by a Moscow car wreck.  [Stuff]
  • Vendor marketing as a security risk – badge scans and sign-up attack vectors.  [EtherealMind]
  • Explore the world’s biggest data breaches with this interactive chart  [Lifehacker]  [Information is Beautiful]
  • Cyberwarefare mapped in real time.  [HardOCP]  [IP Viking]
  • The business of security is business.  [Wired]
  • Implementing a zero-trust security architecture.  [Network Inferno]
  • How you can use the genetic code for passwords.  [Gizmodo]
  • How much your inbox is worth to cybercriminals.  [Gizmodo]
    • Five ways to make your email safer in case of a hack attack.  [NZ Herald]
  • The best privacy- and security-focused web browsers.  [Lifehacker]
  • What we can learn from the biggest corporate hacks.  [Lifehacker]
  • Understanding zero-knowledge proofs.  [Schneier]  [Cryptography Engineering]
  • What happens if I use two-factor authentication and lose my phone?  [Lifehacker]
  • Hacker lexicon: what is an air gap?  [Wired]
  • Don't use personal information in your WiFi network name.  [Lifehacker]  [Avast]
  • The tech that will kill passwords dead.  [Gizmodo]  [HardOCP]  [The Verge]  [The Register]
  • Password mistakes hackers hope you'll make.  [HardOCP]  [State of the Net]  [Gizmodo]
  • The security underpinnings of cryptography.  [Schneier]  [AMS PDF]
  • How splitting a computer into multiple realities can protect you from hackers.  [Wired]
  • What do your “keepsake passwords,” the ones drawn from life experience, say about you?  [BoingBoing]  [NYT]
  • Hacker lexicon: what Is the Dark Web?  [Wired]
  • Erroneous beliefs that could leave you susceptible to DDoS attacks.  [DC Knowledge: Part 1, Part 2]
  • How to stay safe on public WiFi networks.  [Lifehacker]  [letsencrypt.org]  [Voxy]
  • How to lock down your internet-enabled houseful of gadgets.  [Gizmodo]
  • See how secure most messaging systems are with this scorecard.  [Lifehacker]  [EFF]
  • How to steal data from an airgapped computer using FM radioi waves.  [TripWire]
  • Forging administrator cookies and crocking crypto... for dummies.  [The Register]
  • What you need to know about keeping your cloud data safe.  [The Register]
  • How hackers reportedly side-stepped Google's 2FA.  [Gizmodo]  [Hacker News]
  • Opsec, Snowden style.  [BoingBoing]  [The Intercept]
  • The history of Tor.  [The Register]
  • Create a USB password stealer to see how secure your info really is.  [Lifehacker]
  • How new types of DDoS affect the cloud.  [DC Knowledge]
  • How to boost your phishing detection skills and avoid email scams.  [Lifehacker]
  • Securing data needs to evolve beyond building moats around castles.  [Graham Cluley]
  • ECDSA and DNSSEC.  [Geoff Huston]
  • What hackers do with your data.  [HardOCP]  [Business Insider]
  • Even a golden key can be stolen: inside Apple’s encryption decision.  [Gizmodo]
  • Privacy and security -- five objectives.  [Geoff Huston]
  • There's no back door that only works for good guys.  [BoingBoing]  [The Guardian]
  • DDoS attacks: why hosting providers need to take action.  [DC Knowledge]
  • Security of SHA family of hash functions.  [Schneier]  [Konklone]
  • How to make sure no one's secretly stealing your home WiFi.  [Gizmodo]
  • How to protect yourself against big bank card hacks.  [Wired]
  • The start-to-finish guide to securing your cloud storage.  [Lifehacker]
  • Why social engineering should be your biggest security concern.  [Lifehacker]
  • Tor: explaining the web browser that hides its tracks.  [BBC News]
  • The future of security: zeroing in on un-hackable data with quantum key distribution.  [Wired]
  • Has the flawed password system finally had its day?  [BBC News]
  • The security of al Qaeda encryption software.  [Schneier]
  • The 8 worst security breaches in history.  [BGR]
  • The perfect password: is there such a thing, and how to choose it?  [PocketNow]
  • Turns out your complex passwords aren’t that much safer.  [Wired]  [HardOCP]
  • Botnets: what are they, and how can you protect your computer?  [Collaborista]
  • 7 steps to stronger, more secure passwords.  [NZ Herald]
  • How to protect your data before your phone gets stolen.  [Gizmodo]
  • How your security system could be used to spy on you.  [Forbes]
  • How hackers hid a money-mining botnet in Amazon’s cloud.  [Wired]  [Schneier]
  • Memorize complex sequences -- like passwords -- with spaced repetiton.  [Lifehacker]  [Wired]
  • An illustrated guide to the world's worst computer viruses.  [Gizmodo]  [Wired]
  • How elite hackers (almost) stole the NASDAQ.  [Ars Technica]  [Schneier]  [Business Week]
  • Inside Dark Wallet: two crypto-anarchists' user-friendly system for anonymous Bitcoin transactions.  [Wired]
  • Tips for crafting a strong password that really pops.  [Schneier]  [ClickHole]
  • Five computer security myths debunked.  [Lifehacker]
  • Four methods to create a secure password you'll actually remember.  [Lifehacker]  [BufferApp]
  • Routing considerations in DDoS protection environments.  [Lost in Transit]
  • Seven things you should know about Tor.  [BoingBoing]  [EFF]
  • The 5 biggest cybersecurity myths, debunked.  [Wired]
  • How to watch hacking, and cyberwarfare between the USA and China, in real time.  [ExtremeTech]  [Norse]
  • The risks of not understanding one-way functions.  [Schneier]  [Ars Technica]
  • Tech support scams and the wisdom of Solomon.  [Graham Cluley]
  • Paying people to infect their computers.  [Schneier]  [Engadget]  [Gizmodo]
  • Metro and carrier ethernet encryption.  [ipSpace]  [PDF]
  • If it sounds too good to be true...  [Krebs]
  • What to do when someone gets unauthorised access to your computer.  [Lifehacker]
  • Hacking into someone’s webcam isn’t funny.  [Graham Cluley]
  • Two-factor authentication is ruining my life, and it's all my fault.  [Gizmodo]
  • OpenStack security guide.  [OpenStack]
  • An introduction to Zero Trust virtualization-centric security.  [Brad Hedlund]
  • Should we think of hackers as the Internet's immune system?  [Gizmodo]  [TED]
  • Ransomware 101: FAQ for computer users and smartphone owners.  [WeLiveSecurity]
  • Backstage with the Gameover botnet hijackers.  [Krebs]
  • How to encrypt everything.  [Gizmodo]  [Stuff]
  • Data Fortress 101: Is it possible to make a computer that’s totally invulnerable to the NSA?  [ExtremeTech]
  • Peek inside a professional carding shop.  [Krebs]
  • Ne’er-Do-Well News, Volume I.  [Krebs]
  • Are all security vulnerabilities preventable?  [DC Knowledge]
  • Why it's impossible to make an NSA-proof computer.  [BGR]
  • Complexity as the enemy of security.  [Krebs]
  • Why security is terrible: computers, software, and the people who use them are broken.  [Medium]
  • Password encryption, hashing and salting explained with the help of a shoe.  [Graham Cluley]
  • The guy who invented computer passwords thinks they're a nightmare.  [Gizmodo]
  • Disclosing vs hoarding vulnerabilities.  [Schneier]
  • Two stupid password tricks.  [Stuff]  [NZ Herald]
  • Should US hackers fix cybersecurity holes or exploit them?  [HardOCP]  [The Atlantic]
  • Watch this: the changing face of malware.  [The Register]
  • How spammers spoof your email address, and how to protect yourself.  [Lifehacker]
  • 350 DBAs stare blankly when reminded super-users can pinch data.  [The Register]
  • Schneier: the NSA's offense leaves Americans undefended.  [BoingBoing]  [The Atlantic]
  • Could your mobile voicemail system help hackers unlock your online accounts?  [Graham Cluley]
  • Pervasive monitoring as network attack.  [Schneier]  [RFC7258]
  • Why you are your best cyber security.  [Stuff]
  • Teach children good password habits by making it a game.  [Lifehacker]  [WSJ]
  • How to stop an insider from stealing all your secrets.  [Schneier]  [CACM]
  • Is antivirus dead?  [Schneier]  [WSJ]  [Krebs]
  • Espionage vs surveillance.  [Schneier]
  • How to better secure your Twitter account.  [Graham Cluley]
  • Internet subversion.  [Schneier]
  • Why Cleo is a terrible name for your cat, but Cn3tqz is just fine.  [Graham Cluley]
  • Tor: network security for domestic abuse survivors.  [BoingBoing]
  • Data center security lessones from Heartbleed and Target.  [DC Knowledge]
  • The Federal Reserve System's cyberdefense force.  [Schneier]  [Foreign Policy]
  • Here’s everything you need to stay secure on public Wi-Fi networks.  [BGR]
  • BYOD: bring your own danger?  [Vasco/Graham Cluley]
  • How computer attackers have changed.  [Vasco/Graham Cluley]
  • Add a second layer of protection online.  [Stuff]
  • How to securely erase your SSD without destroying it.  [HardOCP]  [MakeUseOf]
  • Why should passwords be encrypted if they’re stored in a secure database?  [Ars Technica]
  • Your clever password tricks aren't protecting you from today's hackers.  [Lifehacker]
    • This guide will teach you how to create stronger passwords.  [BGR]
  • Networking, security, and the grand unified theory.  [Network Computing]
  • Watch every cyber attack in the world in real time.  [Gizmodo]  [Kaspersky]  [HardOCP]  [Engadget]  [BGR]
  • Smarter people are more trusting.  [Schneier]  [Plos One]
  • Chilean drug trafficker pencil-and-paper code.  [Schneier]  [InSightCrime]
  • Why client-side encryption is critical for cloud privacy.  [Network Computing]
  • Computer network exploitation vs computer network attack.  [Schneier]
  • NTP and evil.  [Geoff Huston]
    • NTP and the winter 2013 network DDoS attacks.  [EtherealMind]
    • New kind of DDoS that could cripple the Internet.  [Gizmodo]
  • How NIST develop cryptographic standards.  [Schneier]  [NIST PDF]
  • Choosing secure passwords.  [Schneier]
  • Inside w00w00 -- the billion dollar hacking club.  [TechCrunch]
  • What are the dangers of using an untrusted USB drive?  [Lifehacker]
  • Decoding the Voynich manuscript.  [Schneier]  [Medievalists]
  • The perils of passwords – and how to avoid them.  [WeLiveSecurity]
  • What is Tor and should I use it?  [Lifehacker]
  • Building an information security policy:
  • You need to take mobile security seriously.  [Collaborista]
  • Fend off collateral damage of DDoS attacks.  [DC Knowledge]
  • Apple's Secure Coding Guide is an invaluable tool for new and veteran developers alike.  [TUAW]  [Apple PDF]
  • The insecurity of secret IT systems.  [Schneier]
  • Lifting the lid on a Colossal secret.  [BBC News]  [BBC News]
  • 1971 social engineering attack.  [Schneier]  [BoingBoing]
  • Stopping the Edward Snowden in your organisation.  [CollaboristaBlog]
  • My $50k Twitter username was stolen thanks to PayPal and GoDaddy.  [Medium]  [Wired]
    • Another credit-card-as-authentication hack.  [Schneier]
    • Picking up the pieces after the @N Twitter account theft.  [Ars Technica]
    • Stolen Twitter username returned.  [BBC News]
  • Securing the distributed network perimeter.  [Network Computing]  [Dark Reading]
  • A beginner's guide to encryption: what it is and how to set it up.  [Lifehacker]
  • Secure networks: how to develop an information security policy.  [Network Computing]
  • Five steps to take immediately if you're the victim of identity theft.  [Lifehacker]
  • Shape-shifting software 'defends against botnet hacks'.  [BBC News]
  • Zombie botnets: Why some crime networks refuse to die.  [BBC News]
  • New cyber-attack model helps predict timing of the next Stuxnet.  [Ars Technica]
  • This is why passwords need to die.  [BGR]  [Wouter Smet]
  • Want to develop information security skills?  Capture the flag.  [Network Computing]
  • Security risks of embedded systems.  [Schneier]  [Wired]
  • Six New Year’s resolutions for better home computer security.  [Graham Cluley]
  • Joseph Stiglitz on trust.  [Schneier]  [NYT]
  • Operation Vula.  [Schneier]  [ANC]
  • Three key security threats seen during 2013 – and how to protect against them.  [Graham Cluley]
  • Cisco Security Group Access: an introduction.  [Network Computing]
  • Security vulnerabilities of legacy code.  [Schneier]  [ACSAC]
  • WWII anecdote about trust and security.  [Schneier]  [Red Team Journal]
  • Check if you’re the victim of a database breach with ‘Have I Been Pwned?’.  [Graham Cluley]  [HaveIBeenPwned]  [HardOCP]  [Geek]  [Gizmodo]
  • Inside the effort to kill a web fraud "botnet".  [WSJ ATD]  [WSJ]
  • Guide to protecting Internet accounts.  [Stuff]
  • Telepathwords: a new password strength estimator.  [Schneier]  [Microsoft Research]
  • The problem with EULAs.  [Schneier]
  • The gentle art of cracking passwords.  [BBC News]
  • Security needs to focus on architecture, not products.  [Network Computing]
  • A switch as a security device?  [Juniper]
  • How somebody forced the world's Internet traffic through Belarus and Iceland.  [WSJ ATD]
  • Security tents.  [Schneier]  [The Age]
  • Another Snowden lesson: people are the weak security link.  [Schneier]  [Reuters]
  • Service provider vs enterprise security -- is there a difference?  [Juniper]
  • Risk-based authentication.  [Schneier]  [WSJ]
  • What are the top IPv6 security risks?  [IPv6 Act Now]  [Network World]
  • IP addresses and traceback.  [Geoff Huston]
  • How are robots beating my CAPTCHAs?  [Ars Technica]
  • How to avoid CryptoLocker ransomware.  [Krebs]
    • How to fight CryptoLocker and evade its ransomware demands.  [ReadWriteWeb]
  • How not to get tricked: your favorite online safety tips.  [Google Blog]
  • How to crack a WiFi password.  [Lifehacker]
  • Do NIST information security standards matter?  [Network Computing]
  • How to break into a computer.  [Lifehacker]
  • MPLS vs encrypted VPNs -- traffic security?  [StackExchange]
  • Understanding threats in cyberspace.  [Schneier]
  • A (relatively easy to understand) primer on elliptic curve cryptography.  [Ars Technica]  [Schneier]
  • Can I be trusted?  [Schneier]  [Slashdot]
  • Next-generation data centers require next-generation security.  [DC Knowledge]
  • How to design -- and defend against -- the perfect security backdoor.  [Wired]  [Schneier]
  • Why is IPSec so complex?  [ipSpace]
  • The big bad Internet.  [Geoff Huston]
  • Fingerprinting burner phones.  [Schneier]  [Ars Technica]
  • Air gaps.  [Schneier]  [BoingBoing]
  • WTF is a SQL injection?  [Gizmodo]
  • How to defeat the 'Great Firewall of  China' with an iPhone.  [TUAW]
  • How does nmap distinguish closed ports from filtered ports?  [StackExchange]
  • EFF: NSA has endangered us all by sabotaging security.  [BoingBoing]  [EFF]
  • Is cybersecurity a profession?  [Schneier]  [CSO]  [NAP]
  • How many of these simple security tips do you actually use?  [Gizmodo]
  • On secrecy.  [Schneier]  [National Security Archive]
  • Schneier on TEDx.  [Schneier]  [TEDxTalks YouTube]  [BoingBoing]
  • When biometrics fail.  [PacketU]
  • Are fingerprint scanners really more secure?  [Lifehacker]
    • Unlike passwords, fingerprints are fair game to law enforcement.  [Lifehacker]
  • Understanding the business value behind DDoS protection.  [DC Knowledge]
  • Seven questions about security for Kleiner Perkins’ Ted Schlein.  [WSJ ATD]
  • How to make your entire Internet life more secure in one day.  [Lifehacker]
  • Understanding encryption: here's the key.  [ReadWriteWeb]
  • Long passwords are good, but too much length can be a DoS hazard.  [Ars Technica]
  • How websites keep passwords safe.  [Stuff]
  • Take back the Internet.  [Schneier]  [The Guardian]
  • Fingerprint authentication.  [Schneier]
    • Why fingerprints make lousy authentication tokens.  [BoingBoing]
  • Human-machine trust failures.  [Schneier]
  • Stick-figure AES: crypto explanations for the rest of us.  [BoingBoing]  [Moserware]
  • Our newfound fear of risk.  [Schneier]
  • Thwart DNS hijackers: 5 tips.  [Network Computing]  [Information Week]
  • Online attack leads to peek into spam den.  [NYT]
  • How many leakers came before Snowden?  [Schneier]
  • Who built the SEA?  [Krebs]
  • How to avoid getting your DNS hacked like the NYT.  [ReadWriteWeb]
  • “thereisnofatebutwhat­wemake”—Turbo-charged cracking comes to long passwords.  [Ars Technica]
  • Protecting against leakers.  [Schneier]
  • Hacking consumer devices.  [Schneier]
  • How security becomes banal.  [Schneier]  [BJC]
  • Measuring entropy and its application to encryption.  [Schneier]
  • How not to DDoS your former employer.  [Krebs]
  • The cryptopocalypse.  [Schneier]
  • Taking down “the largest child pornography conspiracy ever prosecuted”.  [Ars Technica]
  • Stories from MI5.  [Schneier]  [BBC]
  • Self-encrypting drives aren't magic security dust.  [Network Computing]
  • Response: morals in IT security.  [EtherealMind]
  • What is "top secret"?  [BoingBoing]  [NYT]
  • Focus on recovering from social engineering hacks, not prevention.  [Lifehacker]  [The Verge]
  • Dual-stack security exposures.  [ipSpace, video]
  • Why everyone needs to read this jihadist manual for web safety.  [ReadWriteWeb]
  • Neighbourhood security: feeling vs reality.  [Schneier]  [The Atlantic]
  • Really clever bank card fraud.  [Schneier]  [The Guardian]
  • Mail from the (velvet) cybercrime underground.  [Krebs]  [BBC News]  [Schneier]
  • When smart homes get hacked: I haunted a complete stranger's house via the Internet.  [Forbes]  [BoingBoing]
  • Secret information is more trusted.  [Schneier]  [NYT]
  • Security vendors: do no harm, heal thyself.  [Krebs]
  • Hacker explains tricks of the trade.  [Stuff]
  • ANCHORY: NSA's 1990s catalog of spook assets.  [BoingBoing]  [MuckRock]
  • Haunted by the ghosts of ZeuS & DNSChanger.  [Krebs]
  • Toward a greater mobile mal-awareness.  [Krebs]
  • The Google of vulnerability search.  [Juniper]
  • One-stop bot chop-shops.  [Krebs]
  • The Secret Service agent who collared cybercrooks by selling them fake IDs.  [Wired]
  • Effective attack techniques series.  [Juniper: part 1, part 2part 3part 4part 5part 6part 7]
  • Who's behind the Styx-Crypt exploit pack?  [Krebs]
    • Styx-Crypt makers push DDoS, anti-AV services.  [Krebs]
  • Tapping submarine cables.  [Schneier]  [The Atlantic]  [Washington Post]
  • All eyes on the Five Eyes.  [Stuff]
  • Walls around nations.  [Schneier]  [The Atlantic]
  • F2P monetisation tricks.  [Schneier]  [Gamasutra]
  • How elite security ninjas choose and safeguard their passwords.  [Ars Technica]
  • NSA's project SHAMROCK.  [Schneier]  [Ars Technica]
  • Koru Club -- where secrets are spilled.  [Stuff]
  • Musing on secret languages.  [Schneier]  [The Junket]
  • What is a distributed firewall?  [Brad Hedlund]
  • Protecting email from eavesdropping.  [Schneier]
  • Is cryptography engineering or science?  [Schneier]
  • Protect yourself from sneaky cyber crooks.  [Stuff]
  • Use multiple large words as passwords to boost spelling and security.  [Lifehacker]  [Reddit]
  • Malware that foils two-factor authentication.  [Schneier]  [American Banker]
  • Lessons from biological security.  [Schneier]  [HBR]
  • MAD in cyberspace.  [Schneier]  [Rod Beckstrom: YouTube, PDF]
  • Aging infrastructure and evolving threats -- Data Center 2.0 is redefining security.  [DC Knowledge]
  • Not all data encryption is created equal.  [The Register]
  • NSA-proof encryption exists -- why doesn't anyone use it?  [Washington Post]
  • Declassified spy outpost lurks on the dark side of the Earth.  [Wired]
  • The value of a hacked email account.  [Krebs]
  • CIA releases analyst's fascinating tale of cracking the Kryptos sculpture.  [Wired]  [Schneier]
  • Cyberwar: the silent war.  [Vanity Fair]
  • Eugene Spafford answers questions on CNN.  [Schneier]  [CNN]
  • Security and human behaviour.  [Schneier]
  • The security risks of unregulated Google search.  [Schneier]
  • How tech made the Boston bombing manhunt possible.  [Gizmodo]
  • How to boost your Internet security with DNScrypt.  [Lifehacker]
  • Quantum encryption isn't as unbreakable as you think.  [ExtremeTech]
  • Why we lie.  [Schneier]
  • Helping passwords better protect you.  [Google]
  • This Pentagon project makes cyberwar as easy as Angry Birds.  [Wired]
  • Are we finally thinking sensibly about terrorism?  [Schneier]
  • The politics of security in a democracy.  [Schneier]
  • Nassim Nicholas Taleb on risk perception.  [Schneier]
  • Anatomy of a hack: how crackers ransack passwords like "qeadzcwrsfxv1331".  [BoingBoing]  [Ars Technica]
    • Ars readers react: cracking passwords with 90% success.  [Ars Technica]
    • A really good article on how easy it is to crack passwords.  [Schneier]
  • Forget the word 'cyberwar' says Marcus Ranum.  [The Register]
  • Experts: network security deteriorating, privacy a lost cause.  [The Register]
  • Inside GCHQ: welcome to Cheltenham's cottage industry.  [The Register]
  • DDoS as civil disobedience.  [Schneier]  [Scribd]
  • "The Global Cyber Game".  [Schneier]  [MoD DA]
    • PDF attached below: The Global Cyber Game.pdf
  • Surveillance and internet of things.  [BoingBoing]  [Schneier]
  • How do I know if my VPN is trustworthy?  [Lifehacker]
  • Security risks of too much security.  [Schneier]  [Global Post]
  • Conversations with a bulletproof hoster.  [Krebs]
  • How to hack a nation's infrastructure.  [BBC News]
  • Google: users are still tech's largest security flaw.  [GottaBeMobile]  [HardOCP]  [cNet]
  • Ragebooter: 'legit' DDoS service or Fed backdoor?  [BoingBoing]  [HardOCP]  [Krebs]
  • Is it wrong to use data from the world's first 'nice' botnet?  [Wired]
  • Transparency and accountability.  [Schneier]
  • It's official: password strength meters aren't security theater.  [Ars Technica]
  • Beware: we may be entering the age of cybersabotage.  [ReadWriteWeb]
  • Would you trust one company to oversee all of your passwords?  [Gizmodo]
  • Dear hacker: please let us eavesdrop on our customers.  [Ars Technica]
  • Use these secret NSA Google search tips to become your own spy agency.  [Wired]  [NSA PDF]  [Gizmodo]  [The Register]  [Schneier]
    • What you can learn from the NSA's declassified guide to online spying.  [ExtremeTech]
  • Intelligence analysis and the connect-the-dots metaphor.  [Schneier]
  • Honeywords.  [Schneier]  [MIT: PDF]
  • Risks of networked systems.  [Schneier]  [Science Daily]
  • Pinging the entire Internet.  [Schneier]  [MIT Technology Review]
  • Why your passwords can't have symbols, or be longer than 16 characters.  [Ars Technica]
  • Why security holes in critical infrastructure are so hard to fix.  [ReadWriteWeb]
  • What a DDoS attack looks like.  [Gizmodo]  [HardOCP]  [Mashable]
  • Six open source security myths debunked.  [HardOCP]  [ZDNet]
  • Urban myths of staying safe online.  [BBC News]
  • A discussion of redaction.  [Schneier]  [Nuclear Secrecy]
  • SWATting incidents tied to ID theft sites?  [Krebs]
  • Developing a framework to improve critical infrastructure cybersecurity.  [Secure64]
  • Fueled by super botnets, DDoS attacks grow meaner and ever more powerful.  [Ars Technica]
    • DDoS attacks are getting bigger and badder.  [WSJ ATD]
  • Hacking and how to protect yourself.  [Stuff]
  • A beginner's guide to building botnets -- with a little assembly required.  [Ars Technica]
  • How a single Android smartphone can crash an airplane.  [BGR]  [Help Net Security]  [Ars Technica]  [Engadget]  [Gizmodo]  [Schneier]
  • Security externalities and DDoS attacks.  [Schneier]  [Freedom to Tinker]
  • Botnet warlord: meet the man who will kill your computer.  [Gizmodo]
  • Nice security mindset example.  [Schneier]  [Tanya Khovanova]
  • Are you ready to change your security paradigm?  [ipSpace]
    • Compromised security zone = game over (or not).  [ipSpace]
  • Elite panic.  [Schneier]  [BombSite]  [BoingBoing]
  • Government use of hackers as an object of fear.  [Schneier]  [The Atlantic]
  • Fool me once...  [Krebs]
  • The dangers of surveillance.  [Schneier]  [SSRN]
  • Unwitting drug smugglers.  [Schneier]  [NYT]
  • You won't believe how adorable this kitty is -- click for more!  [WSJ]
  • Security awareness training.  [BoingBoing]  [Schneier]
  • VPNs: what they do, how they work, and why you're dumb for not using one.  [Gizmodo]
  • The NSA's Cryptolog.  [Schneier]  [NSA]  [BoingBoing]  [WSJ ATD]
  • The spectrum of firewall statefulness.  [ipSpace]
  • Our internet surveillance state.  [Schneier]
  • How I became a password cracker.  [BoingBoing]  [Ars Technica]
  • How whitehats stopped the DDoS attack that knocked Spamhaus offline.  [Ars Technica]
  • When technology overtakes security.  [Schneier]
  • Lessons from the FBI's Insider Threat Programme.  [Schneier]  [Dark Reading]
  • Our security models will never work -- no matter what we do.  [Wired]
  • Sharing stories of Bletchley Park: home of the code breakers.  [Google Blog]
  • Cloud computing's security pitfalls.  [BBC News]
  • The logic of surveillance.  [Schneier]  [Ian Welsh]
  • Meet the men who spy on women through their webcams.  [BoingBoing]  [Ars Technica]
  • The NSA's Ragtime surveillance programme and the need for leaks.  [Schneier]
  • What to do after you've been hacked.  [Wired]
  • Technologies of surveillance.  [Schneier]
  • The 5 easiest ways to get your identity stolen.  [Gizmodo]
  • Getting security incentives right.  [Schneier]
  • Can IPS devices and firewalls stop DDoS threats?  [DC Knowledge]
  • How complex systems fail.  [Schneier]  [CTLab PDF]
  • Security lessons from the battle of Hoth.  [Schneier]  [Wired]
  • The US cybersecurity's hired guns.  [Stuff]
  • Why IPS devices and firewalls fail to stop DDoS threats.  [DC Knowledge]
  • Making the case for DDoS protection.  [DC Knowledge]
  • Anti-cheating security in casinos.  [Schneier]  [The Verge]
  • Locking out the bad guys with asymmetric encryption.  [Ars Technica]
  • Our new regimes of trust.  [Schneier]
  • Preventing a botnet attack on your data center.  [DC Knowledge]
  • Platform fragmentation as a security issue.  [Schneier]  [Washington Post]
  • Five homeland security 'bots coming to spy on you -- if the aren't already.  [Wired]
  • Inauguration security.  [Schneier]  [Mystery Incorporated]
  • Security seals.  [Schneier]  [ANL PDF]
  • Viruses, trojans, and worms: the basics on malware.  [Ars Technica]
  • Jared Diamond on common risks.  [Schneier]  [NYT]
  • FixTracking shows you how to browse securely and privately on any browser.  [Lifehacker]  [fixtracking.com]
  • Complexity and security.  [Schneier]
  • Security companies: stop your scare-tactic marketing.  [ReadWriteWeb]
  • Dangerous security theatre: scrambling fighter jets.  [Schneier]
  • Inside the Gozi bulletproof hosting facility.  [Krebs]
  • Two-factor authorisation is awesome -- until you lose the token.  [ReadWriteWeb]
  • Thinking about obscurity.  [Schneier]  [The Atlantic]
  • Essay on FBI-mandated backdoors.  [Schneier]  [Wired]
  • Expect to see more attacks on cloud services.  [Voxy]
  • Design -- security involvement in design and audit stages.  [Network Sherpa]
  • How the most important code of WW2 was cracked.  [Gizmodo]  [YouTube]
  • Spam volumes: past & present, global & local.  [Krebs]
  • The FBI needs hackers, not backdoors.  [Wired]
  • How to avoid an Internet scam.  [Stuff]
  • Details of an Amazon MarketPlace scam.  [Schneier]  [RJS Smart Security]
  • Classifying a shape.  [Schneier]  [Nuclear Secrecy Blog]
  • Apollo Robbins, pickpocket.  [Schneier]  [The New Yorker]
  • Terms of service as a security threat.  [Schneier]
  • Becoming a police informant in exchange for a lighter sentence.  [Schneier]  [USA Today]
  • Public shaming as a security measure.  [Schneier]  [Balancing Jane]
  • Exploring the market for stolen passswords.  [Krebs]
  • How hackable is your bank account?  Call customer services to find out.  [Lifehacker]
  • Anonymous TSA "insider" blog.  [BoingBoing]  [Taking Sense Away]
  • 7 codes you'll never ever break.  [Wired]
  • How to bring down mission-critical GPS networks with $2,500.  [Ars Technica]
  • The 30-year-old prank that became the first computer virus.  [The Register]
  • Why and how to destroy your data.  [ReadWriteWeb]
  • The National Cyber Security Framework Manual.  [Schneier]  [CCDCOE]
    • PDF attached below: NationalCyberSecurityFrameworkManual.pdf
  • A closer look at two bigtime botmasters.  [Krebs]
  • How a browser worm slithered across a huge number of Tumblr accounts.  [Ars Technica]  [Stuff]
    • A few words on Tumblr's troll hack.  [Juniper]
  • Feudal security.  [Schneier]
  • How script kiddies can hijack your browser to steal your password.  [Ars Technica]
  • Forget disclosure -- hackers should keep security holes to themselves.  [Wired]
  • IT for oppression.  [Schneier]
  • Preventing catastrophic threats.  [Schneier]  [FAS PDF]  [FAS]
  • Use a unique, secure email address solely for password recovery.  [Lifehacker]  [Wired]
  • What do we do about untrustworthy certificate authorities.  [BoingBoing]  [Nature - PDF]
  • How to listen to real spy broadcasts right now.  [Lifehacker]
  • The truth about virtualisation security.  [Juniper]
  • How to plant a dead drop without everyone finding it.  [Lifehacker]
  • Petraeus affair offers unintentional lesson on password reuse.  [Ars Technica]
  • Encryption in cloud computing.  [Schneier]  [NextGov]
  • How terrorist groups disband.  [Schneier]  [RAND]
  • How crypto keys can be stolen across the cloud.  [Schneier]  [PDF]  [Ars Technica]  [Gizmodo]
  • Micromorts.  [Schneier]  [Stubborn Mule]
  • Rethinking computing and security.  [Juniper]
  • The risks of trusting experts.  [Schneier]
  • How to crack a Wi-Fi password.  [Lifehacker: WEP, WPA]
  • Managing security in transitioning to the private cloud.  [DC Knowledge]
  • Anatomy of a botnet.  [DC Knowledge]
    • PDF attached below: Anatomy of a Botnet.pdf
  • Protecting your DNS.  [Secure64]
  • Master keys.  [Schneier]
  • The scrap value of a hacked PC.  [Krebs]
  • "Ask nicely" doesn't work as a security mechanism.  [Schneier]  [Shanghaiist]
  • The insecurity of networks.  [Schneier]  [ScienceNews]
  • New encryption method avoids hacks by saving your password in multiple locations.  [ExtremeTech]  [Technology Review]
  • "I am calling you from Windows" -- a tech support scammer dials Ars Technica.  [Ars Technica]
  • In a zero-day world, it's active attacks that matter.  [Krebs]
  • Why best practices are important.  [Evil Routers]
  • Easily reveal hidden passwords in any browser.  [Lifehacker]  [Labnol]
  • Making the case for DDoS protection.  [DC Knowledge]
  • Quantum cryptography.  [Schneier]  [Ars Technica]
  • Homomorphic encryption.  [Schneier]  [American Scientist]
  • Which type of password manager is most secure?  [Lifehacker]
  • The NSA and the risk of off-the-shelf devices.  [Schneier]  [ACLU]
  • An accountable algorithm for running a secure random checkpoint.  [BoingBoing]  [Freedom to Tinker]
  • Stopping terrorism.  [Schneier]  [ForeignPolicy]
  • The hacker who isn't old enough to drive, but can destroy your digital life.  [Gizmodo]  [Wired]
  • Hacks that never happened.  [BoingBoing]  [Wired]
  • Why you should start using a VPN.  [Lifehacker]
  • HOWTO protect yourself from ATM skimmers.  [BoingBoing]  [Krebs]
  • How secure are you online: the checklist.  [Lifehacker]
  • Why security SaaS?  [Juniper: part 1, part 2]
  • How I cracked my neighbour's WiFi password without breaking a sweat.  [Ars Technica]
  • The importance of security engineering.  [Schneier]
  • How to hide data in plain sight.  [BBC News]
  • HOWTO survive a DDoS attack.  [BoingBoing]  [EFF]
  • Five "neglects" in risk management.  [Schneier]
  • Why passwords have never been weaker, and crackers have never been stronger.  [BoingBoing]  [Ars Technica]  [Gizmodo]  [Lifehacker]
  • Inside a 'Reveton' ransomware operation.  [Krebs]
  • How can I protect against social engineering hacks?  [Lifehacker]
  • I was a teenage hacker.  [Gizmodo]
  • How to stay safe in the cloud.  [HardOCP]  [MSN Blog]
    • 9 things you absolutely must do to keep your online identity secure.  [Gizmodo]
  • Woz predicts "horrible problems" with cloud computing.  [HardOCP]  [news.com.au]
    • Why Wozniak is right and wrong about the cloud.  [Wired]
  • A nightmare story about being hacked.  [Wired]  [GottaBeMobile]  [Emptyage]  [MacRumors]  [AppleInsider]
    • Apple tech support allows hacker access to journalist's iCloud account.  [AppleInsider]
    • Apple knows about a massive hack exploit -- and has done nothing.  [Gizmodo]
    • Matt Honan's tale of being hacked will make you think twice about Internet security.  [GottaBeMobile]
    • Amazon fixes security flaw hackers used against Mat Honan.  [Ars Technica]  [Wired]  [Gizmodo]
    • How not to become Mat Honan: a short primer on online security.  [Wired]
    • Please turn on two-factor authentication.  [Matt Cutts]
    • Strong passwords aren't enough: how to ensure the Apple and Amazon exploit never happens to you.  [Lifehacker]
    • After epic hack, Apple suspends over-the-phone AppleID password resets.  [BoingBoing]   [Wired]
      • Apple confirms suspension of over-the-phone password resets.  [Wired]
    • Apple really doesn't know how to fix its massive security exploit.  [Gizmodo]
    • Yet another risk of storing everything in the cloud.  [Schneier]
    • Is 'cloud security' an oxymoron?  [ExtremeTech]
      • What would it feel like to live in the cloud?  [ExtremeTech]
    • Please turn on 2-factor authentication.  [Lifehacker]
    • How a hacker can gut the core of your Apple digital life?  [Juniper]
    • How a digital life was recovered using 1Password, Dropbox, and DrivesSavers.  [iMore]  [Wired]
    • Kill the password: why a string of characters can't protect us anymore.  [BoingBoing]  [HardOCP]  [Wired]
  • Overreaction and overly specific reactions to rare risks.  [Schneier]  [CNN]
  • Tagging and tracking espionage botnets.  [Krebs]
  • Why changing your password isn't enough.  [Juniper]
  • Meeting security challenges in virtualised data centers.  [DC Knowledge]
  • Four vulnerabilities in infrastructure defense.  [Secure64]
  • Threat asymmetry and security posture.  [EtherealMind]
  • The evolution of DDoS attacks.  [BBC News]
  • Five ways to stop national security leaks -- but do you really want to?  [Wired]
  • Why "good enough" security really is good enough for most companies.  [ReadWriteWeb]
  • How can I prevent my ISP from tracking my every move?  [Lifehacker]
  • HOWTO become a security expert, Bruce Schneier style.  [BoingBoing]  [Krebs: SchneierGrossman, Miller]  [Schneier]
  • How to surf safely: from LastPass to tin foil hats, and everything in between.  [ExtremeTech]
  • How your passwords are stored on the Internet (and when your password strength doesn't matter).  [Lifehacker]
  • Move over, quantum cryptography: classical physics can be unbreakable too.  [ExtremeTech]
  • Cyberwar treaties.  [Schneier]
  • Understanding OAuth: what happens when you login to a site with Google, Twitter, or Facebook.  [Lifehacker]
  • Changing surveillance techniques for changed communications technologies.  [Schneier]  [SSRN]
  • Browse like Bond: use any computer without leaving a trace.  [Lifehacker]
  • Avoiding password breaches 101: salt your hashes.  [ReadWriteWeb]
  • The vulnerabilities market and the future of security.  [Schneier]
  • How a trio of hackers brough Google's reCAPTCHA to its knees.  [Ars Technica]
  • The problem of false alarms.  [Schneier]  [Washington Post]
  • Revealed: hundreds of words to avoid using online if you don't want the government spying on you.  [MailOnline]  [Lifehacker]
  • The trouble with airport profiling.  [Schneier]
  • Hide your most private files in a secret encrypted volume.  [Lifehacker]  [TinkerNut]
  • The ultimate counterfeiter isn't a crook -- he's an artist.  [Schneier]  [Wired]
  • How to share sensitive information over the Internet.  [Lifehacker]
  • Do I really need to worry about security when I'm using public Wi-Fi?  [Lifehacker]
  • Secret Alan Turing cryptanalysis papers released by GCHQ.  [BoingBoing]  [BBC News]
  • How to wipe a hard drive.  [ExtremeTech]
  • How thieves steal identity, and how you can protect yourself.  [Lifehacker]
  • Why do hackers want Facebook data?  [EtherealMind: part 1, part 2]  [Imperva: part 1, part 2]
  • Rise of "forever day" bugs in ICS threatens critical infrastructure.  [Ars Technica]
  • Five ways to keep your Google browsing private.  [ReadWriteWeb]
  • Infographic: social media security basics.  [ReadWriteWeb]
  • How safe is my data stored in the iCloud?  [Ars Technica]
    • Apple holds the master decryption key when it comes to iCloud security, privacy.  [Ars Technica]
  • Create a hidden encrypted volume on your computer to hide sensitive data when you're forced to decrypt.  [Lifehacker]  [CSO]
  • Data breaches increasingly caused by hacks, malicious attacks.  [Ars Technica]
  • Hacking critical infrastructure.  [Schneier]  [NYT]
  • DARPA seeks to free the world from passwords.  [ExtremeTech]
  • Avi Rubin on computer security.  [Schneier]  [TEDx YouTube]
  • How changing technology affects security.  [Schneier]
  • Contradiction in security perception vs reality -- report.  [Voxy]
  • Destroy digital evidence before it destroys you.  [HardOCP]  [Network World]
  • Your privacy kind of sucks; fix it up this weekend.  [Lifehacker]
  • You should probably change your PIN now: here's how to remember your new, secure PIN.  [Lifehacker]
  • How you're breaking the law every day (and what you can do about it).  [Lifehacker]
  • Access sensitive data remotely.  [Wired]
  • 15 February 1995: Mitnick arrested.  [Wired]
  • How advanced fraud detection services work.  [ReadWriteWeb]
  • The risk of using apps that access your Gmail account.  [BoingBoing]  [Wired]
  • DLP, an essential piece in network security.  [Juniper]
  • Your passwords suck.  [Gizmodo]
  • IOS zone-based firewall.  [PacketLife]
  • The best time to change all your passwords.  [Gizmodo]
  • How to build a (nearly) hack-proof password system with LastPass and a thumb drive.  [Lifehacker]
  • How can family sysadmins make a safe Internet playground for kids?  [The Register]
  • How to create a strong password and remember it.  [HardOCP]  [The Consumerist]
  • Tor opsec.  [Schneier]  [Cryptome]
  • Use this infographic to pick a good, strong password.  [Lifehacker]
  • Account hacked?  These password managers keep your everything safe.  [Gizmodo]
  • How can I found out why my email account just spammed my friends and family?  [Lifehacker]
  • How can I protect my computers and data when someone else is using my network?  [Lifehacker]
  • Top 10 ways to break into and out of almost anything.  [Lifehacker]
  • How to boost your phishing scam detection skills.  [Lifehacker]
  • How to encrypt your disks.  [BoingBoing]  [EFF]
  • Anonymous 101.  [Wired: part 1, part 2, part 3]  [BoingBoing]
  • Be careful who you friend on social networks.  [ReadWriteWeb]
  • Hacking Marconi's wireless in 1903.  [Schneier]  [New Scientist]
  • What does my ISP see when I'm downloading torrents?  [Lifehacker]
  • EFF releases guide to help travelers defend private data.  [Voxy]  [EFF]  [Schneier]
    • PDF attached below: EFF-border-search.pdf
  • Is NAT a security feature?  [ipSpace]
  • Recent developments in full disclosure.  [Schneier]
  • How to force a friendship on Facebook in three easy steps.  [Gizmodo]
  • Log the source ports of HTTP sessions.  [ipSpace]
  • The surveillance catalog.  [WSJ ATD]  [WSJ]
  • Full disk encryption is too good, says US intelligence agency.  [ExtremeTech]  [Schneier]
  • How to protect yourself from online fraud and identity theft.  [Lifehacker]
  • Keep sensitive info out of your chat logs and email.  [Lifehacker]
  • How to create a personal encryption scheme to easily hide your data in plain sight.  [Lifehacker]
  • APT -- advanced persistent threat.  [Schneier]
  • IPv6 security: getting bored @ BRU airport.  [IOS Hints]
  • Anonymous -- a tale in 10 videos.  [Wired]
  • Want to avoid all private-data breaches, ever?  Here's how.  [The Register]
  • Concepts in IDP signature writing: why are there so many HTTP URL contexts and what do they do?  [Juniper]
  • When passwords attack: the problem with aggressive password policies.  [Ars Technica]
  • How to create a fake identity and stay anonymous online.  [Lifehacker]
  • How to convince someone you work in their building.  [Lifehacker]
  • How to break into a computer -- and prevent it from happening to you.  [Lifehacker]
  • A guide to sniffing out passwords and cookies, and how to protect yourself against it.  [Lifehacker]
  • The most common hiding places for workplace passwords.  [Lifehacker]
  • Mitigating intelligent DDoS attacks.  [DC Knowledge]
  • Security by obscurity not so bad after all, argues professor.  [The Register]
  • Why sandboxing alone is a false sense of security.  [Juniper]
  • How to beat terrorism: refuse to be terrorised.  [Wired]
  • How 9/11 completely changed surveillance in the US.  [Wired]
  • How do I securely wipe a computer?  [Lifehacker]
  • How to become the most wanted hacker in the world.  [Gizmodo]
  • Inside the secret world of hackers.  [The Guardian]
  • Top 10 secret agent security tips and tricks.  [Lifehacker]
  • IPv6 security: 5 things you need to know.  [Fix6]  [Light Reading]
  • Software vulnerability management at Microsoft.  [Schneier]
    • PDFattached below: Software Vulnerability Management at Microsoft.pdf
  • Source MAC address spoofing DoS attack.  [IOS Hints]
  • The cyberwar arms race.  [Schneier]  [Business Week]
  • Introduction to virtual firewalls.  [IOS Hints]  [TechTarget]
  • ‘Some Will Call Me a Torturer’: CIA Man Reveals Secret Jail.  [Wired]
  • Free two-factor authentication for your servers and VPNs.  [Evil Routers]
  • NSA style manual.  [Schneier]
    • PDF attached below: NSA-SIGINT-style-manual_2010.pdf
  • Lifetimes of cryptographic hash functions.  [Schneier]  [Valerie Aurora]
  • It's time to abandon passwords.  [Gizmodo]
  • CIA chief Leon Panetta: the next Pearl Harbor could be a cyber attack.  [CS Monitor]
    • Panetta is wrong: the next Pearl Harbor will not be a cyber attack.  [Gizmodo]
  • Analysis of redaction failures.  [Schneier]
  • Steven Levy on the perils of cloud computing.  [Wired]
  • 10 simple privacy tricks everyone should use.  [Lifehacker]
  • DNS filtering: absolutely the wrong way to defend copyrights.  [Ars Technica]
  • Google Chrome OS: too secure to need security?  [The Register]  [Google]
  • Don't let your networks speak to strangers.  [The Register]
  • Lock down your computer like the NSA.  [Lifehacker]
  • Former NSA genius apologises for his super spying software.  [Gizmodo]  [The New Yorker]
  • BIOS protection.  [Schneier]  [Science Daily]
    • PDF attached below: NIST-SP800-147-April2011.pdf
  • Why firewalls don't have Telnet or SSH clients.  [EtherealMind]  [Jimmy's Cyber Corner]
  • Microsoft security intelligence report: cybercriminals increasingly targeting consumers.  [GeekZone]  [Microsoft]
  • What professional password guessers look for in your password.  [Lifehacker]
  • TED talk.  [Schneier]  [TED]
  • The cyberwar arms race.  [Schneier]  [Mercatus]  [Mercatus]
    • PDF attached below: 110421-cybersecurity.pdf
    • PDF attached below: beyond-cyber-doom-cyber-attack-scenarios-evidence-history_1.pdf
  • Are we talking "cyber war" like the Bush administration talked WMDs?  [Ars Technica]
  • Software as evidence.  [Schneier]
  • Schneier's law.  [Schneier]
  • Israel's counter-cyberterrorism unit.  [Schneier]  [The Register]
  • How did the CIA and FBI know that Australian government computers were hacked?  [Schneier]  [Daily Telegraph AU]
  • On the Internet, no one watched the wiretappers.  [Forbes]
  • Private browsing mode in web browsers.  [Juniper: part 1]
  • Authenticating the authenticators.  [Schneier]  [Slate]
  • Use Dropbox to locate your lost or stolen computer.  [Lifehacker]
    • How to track and (potentially) recover your stole laptop (or Android) with Prey.  [Lifehacker]
  • The only secure password is the one you can't remember.  [Lifehacker]
  • Threats vs vulnerabilities.  [Schneier]
    • PDF attached below: Threats vs Vulnerabilities.pdf
  • HTTPS is more secure, so why isn't the web using it?  [Wired]
    • HTTPS is great: here's why everyone needs to use it (so we can too).  [Ars Technica]
    • Tech insight: HTTPS is evil.  [Dark Reading]
  • Ask Ars: how can I secure data I need to carry with me?  [Ars Technica]
  • Ask Ars: where should I store my passwords?  [Ars Technica]
  • Full body scanners.  [Schneier]  [Wired: part 1part 2part 3]
  • The need for intelligent DDoS mitigation systems.  [DC Knowledge]
  • Embed a Truecrypt volume inside a playable video file.  [Lifehacker]
  • Flash drives dangerously hard to purge of sensitive data.  [The Register]
    • PDF attached below: Reliably Erasing Data From Flash-Based SSDs.pdf
    • Self-erasing flash drives destroy court evidence.  [The Register]
  • The computer attacks you've never heard of.  [Lifehacker]
  • 32 ways to secure your digital life.  [Gizmodo]
  • Some file-sharers leave trails to their front door.  [HardOCP]  [TorrentFreak]
  • Peep show: inside the world of unsecured IP security cameras.  [Ars Technica]
  • How to write down and encrypt your passwords with an old-school tabula recta.  [Lifehacker]
  • How to audit and update your passwords.  [Lifehacker]
  • Symmetric/Asymmetric encryption and hashing.  [PacketLife]
  • Internet quarantines.  [Schneier]
  • Changing passwords.  [Schneier]
  • The online threat.  [Schneier]  [The New Yorker]
  • How to choose and remember great passwords that live in your head (video).  [Lifehacker]
  • RFC 6018 : IPv4 and IPv6 greynets.  [IETF]
  • How dangerous is image file metadata?  [The Assurer]
  • IDS/IPS evasion with overlapping TCP segments.  [Juniper]
  • Microsoft cyber-security eBook.  [Lifehacker]  [Microsoft]  [Book attached below]
  • I don't need no stinking firewall... or do I?  [IOS Hints]
  • Don't trust private browsing modes.  [ Lifehacker]  [Ars Technica]
  • Cloud privacy heat map.  [Forrester Research]
  • Google threat network map.  [Google Postini]
  • Cisco annual security report.  [Cisco]  [Also see PDF attachments below]
  • Fictitious femme fatale fooled cybersecurity.  [Washington Post]
  • Internet kill switch.  [Schneier]
  • Data at rest vs data in motion.  [Schneier]
  • What would your ultimate network security look like?  [Network World]
  • IOS trojan: who really owns your router?  [EvilRouters]
  • Where does Juniper stand on security?  [Juniper: part 1]
  • NIST gives guidelines for securing IPv6.  [Network World]
  • Experimenting with VLAN hopping.  [PacketLife]
Ċ
Robert Larsen,
28 Apr 2011, 18:00
Ċ
Robert Larsen,
16 Oct 2012, 20:08
Ċ
Robert Larsen,
27 Jul 2010, 17:32
Ċ
Robert Larsen,
27 Jul 2010, 17:33
Ċ
Robert Larsen,
27 Jul 2010, 17:34
Ċ
Robert Larsen,
21 Dec 2011, 00:29
Ċ
Robert Larsen,
19 May 2011, 04:44
Ċ
Robert Larsen,
23 Jun 2011, 20:05
Ċ
Robert Larsen,
11 Dec 2012, 19:48
Ċ
Robert Larsen,
9 Sep 2010, 18:55
Ċ
Robert Larsen,
21 Feb 2011, 15:01
Ċ
Robert Larsen,
19 Jan 2010, 20:25
Ċ
Robert Larsen,
22 Aug 2011, 20:39
Ċ
Robert Larsen,
22 May 2013, 21:54
Ċ
Robert Larsen,
23 Mar 2011, 17:00