Internet Security Blogs
In the wake of long-overdue media attention to revelations that a business unit of credit bureau Experian sold consumer personal data directly to an online service that catered to identity thieves, Experian is rightfully trying to explain its side of the story by releasing a series of talking points. This blog post is an attempt to add more context and fact-checking to those talking points. Experian has posted several articles on its Web properties that lament the existence of “inaccurate information about Experian circulating in news outlets and other Web sites.” “It’s no surprise that cybercrime and data breaches are hot topics for media and bloggers these days,” wrote Gerry Tschopp, senior vice president of public affairs at Experian. “Unfortunately, because of all the attention paid to these topics, we’ve seen some inaccurate information about Experian circulating in news outlets and other Web sites. Krebs on Security
Why Privacy Is Actually Thriving Online By Nathan Jurgenson Monday, March 31 74 Comments The explosion of personal information online is giving rise to new mysteries, new unknowns. From Danger Room From Danger Room Threat Level
User-targeted attacks, such as XSS, often involve manipulating the server or browser into behaving in a manner not originally intended. While this has always been a serious risk, new HTML5 technologies enhance browser capabilities enough to make client-side attacks an increasingly inviting attack vector. For a web developer, protecting the client has traditionally been limited to preventing client-side injection and browser manipulation. Beyond that, there was not much more that could be done other than helping users to make smart security decisions. Xato
I am a passionate information security professional with over 25 years of experience working in a wide variety of global roles. My leadership skills and responsibilities cover a broad range of work experience in large enterprises within high security environments of electronic payment services, banking and financial services, consumer goods products, health care and government organizations. Specifically, I deliver pragmatic solutions and consultations to business stakeholders by aligning work tasks to achieve business objectives and to deliver successful outcomes within aggressive timelines. It is my “can-do” attitude, quick and dynamic actions that deliver best practices to reduce security risks to an acceptable level for the business. Sawu Bona
My portscanner, masscan, also does ARP scanning. Sure, there exists other ARP scanning tools (like arpscan), but I'm too lazy to learn how they work, so I just added the functionality to my tool. Here's how you use it. Errata Security
Stack Exchange Security Blog This one is a slightly different Question of the Week. Makerofthings7 asked a list-type question, which generally doesn’t fit on the Stack Exchange network, however this question generated a lot of interest and some excellent answers containing a lot of useful information, so it is probably worthwhile posting an excerpt of that content here. If you are a budding cryptographer, or a developer asked to implement a crypto function, read these guidelines first! D.W., one of our resident high-rep cryptographers provided a number of the highest scoring answers. Don’t roll your own crypto.