If you haven’t heard by now, Amazon recently announced a new self-contained cloud region specifically customized for U.S. government customers. Think of it as their normal set of services (e.g., EC2, S3, etc.) but set up in their own special area only accessible to U.S. persons. They aren’t the first cloud provider to claim...
Read more »
We’ve written about a Skype 0-day earlier this year as well as another post regarding a XSS vulnerability in their client (the second to be reported recently). Since Skype’s acquisition by Microsoft, problems appear to be popping up more. Coincidence? Well it’s happened again … another XSS bug has been found. This time the...
Read more »
This past week CSO Online put out an update post on the National Strategy for Trusted Identities in Cyberspace (NSTIC) program that National Institute of Standards and Technology (NIST) set up this past spring. I hadn’t recently heard much about this effort until @manicode mentioned that blog post on Twitter. RT @manicode .. NSTIC...
Read more »
Here’s an interesting position from Fannie Mae. They’re looking for someone with a few years experience to do a wide range of security testing and evaluations. Sounds fun to me! The Company Fannie Mae exists to expand affordable housing and bring global capital to local communities in order to serve the U.S. housing market....
Read more »
It’s that time of the week again where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night. If you would like your event listed in our...
Read more »
I came across an article over at GovInfoSecurity.com where they interviewed Ron Ross about the future of Special Publication 800-53. As most of you have probably heard there is a draft appendix that contains a bunch of new privacy controls. We discussed this a while ago, mentioning how in most cases new controls are...
Read more »
If you haven’t heard, NIST has recently published Special Publication 800-128: Guide for Security Configuration Management of Information Systems. Local NoVA blogger Chris “@cyberhiker” Burton recently put out a detailed post with his thoughts on this newly release document. Based on Chris’s review, it looks like a step in the right direction … but...
Read more »
