itsecuriteer's tweets (I)

  • DKoller on TED talk http://t.co/gE1EB9HO online education as a way to personalise content to the audience, maybe the way to teach security?Nov 18, 2012 
  • @SebastianSeung on TED: the complexity of genetics http://t.co/XV10L0fI compared to it, infosec is a kid's game, or not? any genetic link? Nov 16, 2012 
  • Daphne Koller on TED talk http://t.co/gE1EB9HO using peer grading in their Internet wide educational offer, similar idea used by @martinvarsNov 14, 2012 
  • @eldsjal spotify co-founder at Stanford: innovation is solving a problem with existing things, wisdom pill for infosec http://t.co/EdIXKoH8 Nov 11, 2012 
  • @eldsjal spotify co-founder: focus at a thing and try to solve the use of that, learning pill to fully apply in infosec http://t.co/EdIXKoH8 Nov 09, 2012 
  • S&R Nov 2012 blog post: A security/privacy site to bookmark, with real personal data loss samples: http://t.co/BrpZsH8N http://t.co/k82MmBkiNov 08, 2012 
  • Daniel Ek @eldsjal spotify co-founder at Stanford: sensors + smartphones + gadgets is the future let's add sec on time! http://t.co/EdIXKoH8 Nov 07, 2012 
  • is privacy dead in our current society? Presumably, however there are initiatives such as this from @maltespitz http://t.co/iqlM44HD Nov 04, 2012 
  • creating security in the 21st Century via open source and networked communication? possible according to @stavridisj http://t.co/1R72tITN Nov 02, 2012 
  • entrepreneur talk Samara-Rubio and @YouNoodle at Stanford "look for obsessiveness when recruiting" http://t.co/ND0L5wFU applicable to...Oct 31, 2012 
  • #linux an encrypted home drive and connecting via ssh using keys? take .authorised_keys file outside the crypto zone http://t.co/712oMO8R Oct 28, 2012 
  • #ubuntu hassle with the network? do not forget #service network-manager restart & /etc/network/interfaces & /etc/init.d/firestarter status Oct 26, 2012 
  • #ubuntu need to configure network without network-manager? http://t.co/jNEtkyRQ otherwise check /etc/NetworkManager/NetworkManager.confOct 24, 2012 
  • #ubuntu encrypted personal home and access via ssh? create a .profile file owned by the user & ecryptfs-mount-private http://t.co/d7ZMPWiXOct 21, 2012 
  • #ubuntu piece of wisdom: shutting down an ubuntu box via ssh? #poweroff or #reboot really do that, however #shutdown maybe hangs xwindows Oct 19, 2012 
  • u prefer a 50% increase in quantity or a 33% reduction in price? http://t.co/O26Nshry human intuition ;-)as it happens with risk perception Oct 16, 2012 
  • #linux sshd_config man page http://t.co/FQfeIUYI "DEBUG log level violates the privacy of users and is not recommended" in /var/log/auth.logOct 14, 2012 
  • #linuxsecuritypearl u need to know who and how long used a linux machine in the last 4 days? type last -F -i -x and check /var/log/auth.log Oct 12, 2012 
  • #linuxlittlesecuritypearl open an xterm and type history > historyfiledate.txt every month to keep your commands at hand, increase readiness Oct 10, 2012 
  • grading strategy in @martinvars classes qualify as an strategy for a business to select an infosec stance? worth trying http://t.co/zLvAg6Kx Oct 07, 2012 
  • Ms hurd at Stanford: A failure is an opportunity to learn to succeed, is being owned in infosec also a learning opp? http://t.co/W2ogoohN Oct 05, 2012 
  • chess players have greater memory at chess only http://t.co/t9UTGdWa, infosec pros have greater risk management skills only in their job?mmm Oct 02, 2012 
  • Sec&Risk Oct 2012 blog post on how can we use psychological studies on human intuition to improve sec at the workplace http://t.co/FLmAgoXbOct 01, 2012 
  • current economic failures stem from lacking risk management, time to imbricate economics with infosec and grow a better risk manag control?Sep 29, 2012 
  • Inet business ideas from @martinvars air passenger social net & consumer helping bots http://t.co/zLvAg6Kx and a security user helping bot?Sep 27, 2012 
  • The importance of context and environment in language learning by @dkroy http://t.co/m44wvly6 infosec is also context-dependent, ideas? Sep 26, 2012 
  • Google audience @joshuafoer talk Is Internet bringing lack of critical thinking? Signal to noise ratio in searches? http://t.co/MaLrypxr Sep 23, 2012 
  • Google audience @joshuafoer talk expertise in most fields takes 10 years to arrive I'd add... also in infosec http://t.co/MaLrypxr Sep 21, 2012 
  • Google audience @joshuafoer talk google search based on popularity, freedom of opinion but not freedom of truth http://t.co/MaLrypxr Sep 19, 2012 
  • @joshuaklein in SEpod personal space in an ATM queue gets smaller if the one waiting is talking through the phone ;-) http://t.co/BgLGxnWtSep 16, 2012 
  • @joshuaklein in SEpod better than training people in an engagement, use those behaviours they are already trained at http://t.co/BgLGxnWtSep 14, 2012 
  • @Malcgladwell on variability and how, more than being asked, we need to try out! idea to apply to infosec stakeholders http://t.co/ndt1nvDO Sep 12, 2012 
  • DGeer RB227 http://t.co/bLfGoJy3 infosec as a complex job, linked with Dan Kahneman concept of scarce expert intuition http://t.co/1oOhV1G5Sep 08, 2012 
  • Dan Geer on RB226 http://t.co/o8d9LXb5 those not caring about privacy arguing that have nothing to hide are + detrimental to keep privacy Sep 07, 2012 
  • T Chevalier @tedtalks suggests a novel way to enjoy art http://t.co/coMjjowp let's look for a new way to explain infosec to business users Sep 07, 2012 
  • aapl IPv4 net range 17.0.0.0/8 http://t.co/XZn07eIW hp, 15.0.0.0/8 and 16.0.0.0/8, let's not forget to secure ipv6 http://t.co/o8d9LXb5 Sep 05, 2012 
  • Dan Geer on @riskybusiness episode 226 sigint example - identifying traffic jams counting the number of cellular phones connected to a pointSep 02, 2012 
  • S&R Sep 2012 blog post on how to survive success, if such a thing exists in itsecurity ;-), enjoy Stanford podcast! http://t.co/LltXNGwu Sep 01, 2012 
  • @rkurzban talks with @eduardpunset, our mind is worried about survival, not about finding the truth input source for SE http://t.co/CJkMmtb1Aug 29, 2012 
  • @rkurzban writes on human brain modularity, idea worth exploring to bring to infosec: modular & independent sec measurehttp://t.co/22mFpMdz Aug 26, 2012 
  • @humanhacker & Dr Ekman our feelings affect us when reading others' , this can be a decisive point in an infosec meetup http://t.co/KzSVPJsUAug 23, 2012 
  • @humanhacker & DrEkman, we believe we identify trustfulness even in a photo e.g.via face symmetry,why are we so naive?http://t.co/KzSVPJsU Aug 21, 2012 
  • @humanhacker & Dr Ekman, trustful people live happier than distrusting, distrusting jobs bring less health,and infosec? http://t.co/KzSVPJsUAug 19, 2012 
  • alternative tweet: introduce the non IT day in your week and... your security thoughts will be much more human, durable ... and effective Aug 16, 2012 
  • for years we thought stress provoked ulcers but it was a bacteria http://t.co/cfdYwQ0m how many years we need to add sec in SW engineering?Aug 14, 2012 
  • mini robots that can fly & cooperate, algo coding is still valuable for mankind, I miss a similar innovation in infosec http://t.co/JXoXphg3 Aug 12, 2012 
  • big data, key for successful companies, customer-centric, maybe infosec needs to adapt instead of reject this trend http://t.co/WTVVgWlZ Aug 10, 2012 
  • as author of http://t.co/FPvXlkle it's great to listen to @RealGeneKim saying that security needs to enable business http://t.co/5WFzEvBL Aug 08, 2012 
  • a measure against programmed obsolescence is not patching or upgrading, certainly an alternative way of thinking here! http://t.co/8fZUgFD2Aug 05, 2012 
  • @RealGeneKim security in Dev-OpS: a quality of the common work by development and operations,an idea with potential thxhttp://t.co/PY0G5rF5 Aug 03, 2012 
  • Alison Hardingham on coaching, a human process mainly oriented 2 give hope 2 a human being - what about coaching for infosec professionals? Aug 01, 2012 
  • Sec&Risk Aug 2012 blog post on WPA password strength & the role of special characters in WPA passphrases enjoy entropy!http://t.co/jgu1F1Kw Jul 31, 2012 
  • @simplenomad at @pauldotcom ep267 first patch and then test, controversial & effective, sometimes infosec overcomplicates things Jul 29, 2012 
  • DLD conf 2012: soon our mobile will be our wallet, time for infosec to jump on this train on time in a friendly manner http://t.co/lEMBggx6 Jul 27, 2012 
  • DLDconference 2012: tablets r mostly used in the evenings. Is infosec making use of global mobile statistics 4 defence? http://t.co/lEMBggx6 Jul 25, 2012 
  • rapport is getting emotional closeness with someone, so far from infosec & so essential to succeed http://t.co/xuOQmtZE http://t.co/g8Ghh9Z7Jul 22, 2012 
  • C Kleineidam @QSDeutschland at 28c3 talk on reading brain waves using open source the prologue to biohacking? http://t.co/S8Xrlgw7 Jul 20, 2012 
  • looking for the bootanimation in an android, not in /system/media? not in /data/local? look for a bootanimation binary in /system/bin voila! Jul 18, 2012 
  • CSumner at SE podcast agreeable people use more speech fillers in FB (60% stat chance) http://t.co/7NffoEbm personality profiling soon? Jul 15, 2012 
  • CSumner at SE podcast extroverts use longer sentences and have more friends in facebook (60% statistical chance) http://t.co/7NffoEbm Jul 13, 2012 
  • Thanks to #i4s organisers and presenters, a real itsecurity and tech risk think-tank, an eye-opener, worth the visit! Students, seize it! Jul 11, 2012 
  • CSumner from http://t.co/MTuih3NT at SE podcast profanity in facebook indicates less conscientiousness(60% stat chance) http://t.co/7NffoEbmJul 11, 2012 
  • what about using the business process canvas to infosec processes? http://t.co/6k56fSJj and http://t.co/dLwwTnCu a way to sync with businessJul 08, 2012 
  • July 2012 http://t.co/RBfo8lnk post is out! Pieces of wisdom from Dr. Taher ElGamal in 2010. Still current and relevant Jul 02, 2012 
  • DHopkins @ecorner banks competitors are Internet megaplayers like amazon, apple, google http://t.co/Wn3poiNv how do they approach security? Jul 01, 2012 
  • DHopkins @ecorner talks about design thinking applied to banks http://t.co/Wn3poiNv lets apply it to infosec, effective breakthroughs neededJun 29, 2012 
  • DHopkins @ecorner seniors: the fastest growing age segment in Inet see http://t.co/g0DHLpWX who makes them sec aware? http://t.co/Wn3poiNv Jun 23, 2012 
  • 28C3 keynote by Evgeny Morozov middlemen get wealthier in times of nations' embargo including surveillance gear trade http://t.co/8x2v7U21Jun 22, 2012 
  • JHarbinger on SE podcast check your body posture, straight, no tension and hips leaned forward, every doorway you cross http://t.co/6GYIyQ5kJun 20, 2012 
  • JHarbinger on SE podcast keep eye contact until you identify eye colour http://t.co/6GYIyQ5k powerful tip, happy to learn its effectiveness Jun 17, 2012 
  • JHarbinger on SE podcast emotions cloud judgement let's have that in mind when presenting proposals to CxOs http://t.co/6GYIyQ5k a challenge Jun 15, 2012 
  • JHarbinger on SE podcast we need the right mix of authority and friendliness when proposing an SE action http://t.co/6GYIyQ5k this is an artJun 13, 2012 
  • JHarbinger on SE podcast men are visual and women look for safety in relations, could this be applied to teach infosec? http://t.co/6GYIyQ5kJun 10, 2012 
  • H Gardner 8 intels: linguistic, logic-math, musical, spatial, kinesthetic, interpersonal, intrapersonal & naturalistic http://t.co/5DsizMOv Jun 08, 2012 
  • SE podcast with BBarker from thehalocorp, gait analysis a non-intrusive alternative to traditional biometrics http://t.co/mHTPy8vG promising Jun 06, 2012 
  • SE podcast with BBarker from thehalocorp, the way to deal with anything is the way to deal with everything, http://t.co/mHTPy8vG wise wordsJun 03, 2012 
  • SE podcast with BBarker from thehalocorp, the way things start is the way things end, http://t.co/mHTPy8vG intelligence gathering is the key Jun 01, 2012 
  • June 2012 http://t.co/RBfo8lnk post is out! Through the IT forum jungle: an example with an Android smartphone, enjoy&improve May 31, 2012 
  • F Rieger and Ron in 28c3 a demographic KPI: # of WLANs within your PC's range, from 0 to 50, countryside or city center http://t.co/cvSPS1cHMay 30, 2012 
  • Urbach & willowbl00 on 28c3 designing sw for crisis/disaster/revs? keeping some groups outside is a needed feature http://t.co/MSOKqxcx May 27, 2012 
  • C Nickerson @indi303 at source: ask your CEO what terrifies them and focus on avoiding that terror http://t.co/ySu2xHPH powerful strategy May 25, 2012 
  • C Hadnagy on social-engineer podcast: the best social engineers make people feel good about themselves http://t.co/mHTPy8vG infosec needs SE May 23, 2012 
  • C Nickerson: consider home field advantage when protecting business infosec http://t.co/ySu75hQB CSIRTs, consider it! cool idea thx @indi303May 20, 2012 
  • C Nickerson @indi303 at source barna: the patch for human stupidity is experience http://t.co/ySu75hQB let's focus on real threats in sec May 18, 2012 
  • C Nickerson @indi303 at source barna: setup and forget, bad idea in sec http://t.co/ySu75hQB prefer setup, run, learn, tweak and get value May 16, 2012 
  • 28c3 JAppelbaum @ioerror and R Dingledine where there is censorship, there is first surveillance infosec can get shady http://t.co/MGnzbrDQMay 13, 2012 
  • 28c3 KNohl & LMelette Q&A trick, phone 112 or 911 in Europe or US before your critical call to avoid a fake GSM BS ;-) http://t.co/p5ebBzBJMay 11, 2012 
  • 28c3 JAppelbaum @ioerror and R Dingledine some countries do content filtering per dsl line requiring lots of manpower? http://t.co/MGnzbrDQMay 09, 2012 
  • 28c3 JAppelbaum @ioerror and R Dingledine more than 400K tor users worldwide any other crowdsourcing security project?http://t.co/MGnzbrDQ May 06, 2012 
  • 28c3 KNohl & LMelette mobile operators do not authenticate every call attempt & nice competitor map http://t.co/oeKatNFr... May 04, 2012 
  • 28c3 S Schultz on DNA databases and forensic use, analysis outcome is a probability, not a 100% match in most cases http://t.co/RvOvbMIDMay 02, 2012 
  • May 2012 http://t.co/RBfsFVoe post is out! 3 "network detective" activities enjoy the reading and send comments&proposals thx Apr 30, 2012 
  • Ken Robinson on creativity: creating something original with value, for that, we need an element, control and passion http://t.co/KaKOBe8s Apr 29, 2012 
  • 28c3 S Schultz on DNA law enforcement databases, more than 50% of entries in some key countries are petty crime entrieshttp://t.co/RvOvbMID Apr 27, 2012 
  • S Conheady in SE podcast on SE pen tests, stereotypes as male IT technician and female admin staff are still usual http://t.co/5gXfXXCj Apr 25, 2012 
  • Dean Hamer: VMAT2 gene contributes to spirituality, what about looking for the security gene? reality or fiction? http://t.co/hxikbuqj Apr 22, 2012
  • linux wisdom $df -h to see how space consumption on storage device & partitions in a human readable manner, sometimes we back to basicsApr 20, 2012 
  • linux humble wisdow - $ ls -aluR | grep filename helps to find that file u don't find but remember something from its name Apr 18, 2012 
  • 28C3 keynote video & image search is done (so far) by tagging in manually text in image elements, geopolitics and tech http://t.co/8x2zFubb Apr 15, 2012 
  • ubuntu wisdom - $sudo apt-cache showpkg packagename | less to get info and $dpkg -s packagename to see if installed and apt-cache search pn Apr 13, 2012 
  • @pentestit the website http://t.co/15Z1AWdo featured in the Spanish speaking IT Security press http://t.co/lD9k4qwC thanks for your site Apr 11, 2012 
  • linux wisdom - #rfkill block/unblock/list wifi/bluetooth/wwan useful command to disable rf in linux - u can add these lines in /etc/rc.local Apr 11, 2012 
  • linux wisdom - if u rename a script file in /etc/init.d/ folder the respective service will not start at bootup i.e. mv filename disablefile Apr 08, 2012 
  • Eurotrash e26 talk with wallofsheep crew and mention a nifty tool, driftnet http://t.co/vNcj8PNQ, to check your sanity http://t.co/G5IBArWl Apr 06, 2012 
  • R Gula in PDC, client side pen testing brings more legal woes than value & eventually we all know the result http://t.co/1iaSqhNf remember! Apr 04, 2012 
  • April 2012 http://t.co/RBfsFVoe post is out! Book review - Surviving Cyberwar by @stiennon http://t.co/WCPa2vNx Apr 01, 2012 
  • @jaysonstreet on NSP, social engineer your staff rightly before they are SE wrongly http://t.co/AoH6ccnD any of his talks show SE does work!Mar 28, 2012 
  • J Mah: intelligence-based hiring for start-ups is not smart, focus also on deadlines, communication and... http://t.co/2jzgaHiA also in sec! Mar 25, 2012 
  • thx @TheDarkTangent and @wh1t3rabbit so this is the time to be in sec! dnssec and ipv6 will be or are the foundations http://t.co/wLhDsTP7Mar 23, 2012 
  • thx @theprez98 @grecs @infojanitor @wh1t3rabbit 4 the privacy panel let's enable ghistory to know just as google does http://t.co/JuEDlrC8Mar 21, 2012 
  • oncologist F Calvo "we need to see the person and not only the tumor" http://t.co/kFpuW9Fe we need to see the business, not only the vuln!Mar 18, 2012 
  • @stiekes & @Wh1t3Rabbit propose: a small infosec lead team and itsecuriteers in business areas, sounds worth trying http://t.co/MubsT7o3Mar 16, 2012 
  • B Stiekes: infosec profs willing to progress in companies need to provide business value, good that the word is spread http://t.co/MubsT7o3 Mar 14, 2012 
  • B Stiekes: security teams get less love even that network team in companies - this is our PR&marketing improvable fail http://t.co/MubsT7o3 Mar 11, 2012 
  • J Fuster: cognition and memory reside on neuronal nets and not on the cells themselves, where does infosec reside? http://t.co/EJDQa2jl Mar 09, 2012 
  • a way to manage panic in hard times like sec incidents? rehearsals, following the steps before something happens gets u trained, remember itMar 04, 2012 
  • @Mike_Poor pyramid:policy, policy enforcers & audit tools, security can save $ and the London Tower crown jewel examplehttp://t.co/AAT6jA9Q Mar 02, 2012 
  • March 2012 http://t.co/RBfsFVoe post is out! A summary of R Anderson's security economics lecture in 2011 http://t.co/WCPa2vNx Mar 01, 2012
  • @Mike_Poor in pdce264p1 compliance is the reason why companies bring IDS into their networks BTW, test your apps! http://t.co/AAT6jA9QFeb 29, 2012 
  • #gsic2012 "the hedgehog" was dull? maybe "not ready for that yet…but your kids are gonna love it!" (adapted from a back to the future quote)Feb 26, 2012 
  • thx to #gsic2012 @mgesteiro @diervo et al., open spirit, sec kungfu and exchange of ideas & thx to those who enjoyed "the hedgehog dilemma"Feb 26, 2012 
  • J Granick on pdce260 the bigger the audience of your security publication, the less likely that it is an unlawful act http://t.co/gZpRj5Hg Feb 26, 2012 
  • @joshcorman on defendable systems, wise concept to consider from the idea phase - what about defendability assessments?http://t.co/MhDwDcxs Feb 24, 2012 
  • @joshcorman on infosec "if u r a little far behind u need to work harder, if u r far far behind u need to work smarter" http://t.co/MhDwDcxs Feb 22, 2012 
  • @joshcorman thanks for the retweet - lots of juice can be squeezed from that episode, lady&sir! stay tuned;-) @451wendy Feb 20, 2012 
  • http://t.co/MhDwDcxs @joshcorman on NSPe257 "we want a finite list, the shorter the better... so that we can finalise it but infosec isn't" Feb 19, 2012 
  • @carlos_perez in pdce6 espanol $sudo nmap -sS -P0 -p3389 -ofile 10.10.10.1/24 creates a grepable file - useful line! http://t.co/rgDwzVjd Feb 17, 2012 
  • Jasmine SJ on SE podcast a tool to identify someone's way: what do u expect it will happen? the answer will be telling! http://t.co/AuLN2dZl Feb 15, 2012 
  • Brad Feld on entrepreneurship: learning every day should be the mantra http://t.co/V5dq4L51 nice proposal also for infosec professionals Feb 12, 2012 
  • weather-based insurance for agriculture http://t.co/S7ZyJtMv sooner or later the infosec related insurance market for business will take off Feb 10, 2012 
  • Phil Libin at Stanford, we live in a IT geek meritocracy, or sort of http://t.co/UyGClj0H is this also true for IT security? Comments? Feb 08, 2012 
  • Phil Libin, security products are not sexy, they don't thrill customers http://t.co/UyGClj0H we need 2 find ways to 4 security to inspire Feb 05, 2012 
  • HDMoore voice-based hacking, use the default voice in the phone voicemail, avoid recording a message with your voice http://t.co/pdaTee9RFeb 03, 2012 
  • Neal Gabler and "the elusive idea", "we prefer knowing to thinking" in this info age http://t.co/kMdujspu I do miss innovation in infosec! Feb 01, 2012 
  • new Security and Risk blog post on building rapport - http://t.co/JE4ERFnE crew interviews Robin Dreeke http://t.co/WCPa2vNx enjoy it! Feb 01, 2012 
  • Demographer JVaupel "we will work more years but less hours a day, more time for leisure" http://t.co/d8kqzSqx personal infosec will be key!Jan 29, 2012 
  • rabbit podcast: a security vulnerability is a security defect in QA terms, names in security confuse CIOs, keep it easy http://t.co/y4PnqJNF Jan 27, 2012 
  • Chris Nickerson in DerbyCon, "decisions on what to secure transcend our salary level, ask business owners" http://t.co/embd4MO4 and listen!Jan 25, 2012 
  • Chris Nickerson in DerbyCon, "focus your security efforts into what brings/keeps your company alive" http://t.co/embd4MO4 the rest is noise Jan 22, 2012 
  • Chris Nickerson in DerbyCon, "any change modifies your threat surface, either increasing it or decreasing it" http://t.co/embd4MO4 remember!Jan 20, 2012 
  • Chris Nickerson in DerbyCon, "complexity decreases security" http://t.co/embd4MO4 write it close to your diary ;-) keep your systems easy Jan 18, 2012 
  • CNickerson in DerbyCon, Mike Tyson quote "everybody has a plan until they get punched in their head", plan = guess http://t.co/embd4MO4 #inJan 15, 2012 
  • J. E. Street at Derbycon, users are not stupid, IT security teams that do not train their users are, let's remember http://t.co/rVY03EYV #in Jan 13, 2012 
  • the importance of a down to Earth & effective SIEM, gather only a few meaningful logs -last fragment of biz sec pod http://t.co/pPjLxHht #in Jan 11, 2012 
  • rabbithole podcast: hacked companies have a tougher time if they are B2B and not B2C - worth considering thought! http://t.co/e5ig9D9s Jan 08, 2012 
  • rabbithole podcast: hacked companies, if smart & customer-focused, can even use a hacking incident to increase sales http://t.co/e5ig9D9s Jan 06, 2012 
  • risk hose podcast idea - assess security in business processes and not only in servers or applications - idea for 2012 http://t.co/u7g7XsD0 Jan 04, 2012 
  • the risk hose podcast - IT security focus on control effectiveness but not so much on threat analysis - let's add that! http://t.co/u7g7XsD0 Jan 01, 2012 
  • infosec people i.e. itsecuriteers also eat ;-) enjoy the first 2012 securityandrisk blog post http://t.co/qZ21P3rc feedback welcome! Jan 01, 2012 
  • depression comes accompanied or is caused by unrealistic expectations - in information security, could job frustration have the same origin?Dec 30, 2011 
  • Martin Varsavsky at TED "entrepreneurship is all about assessing risks" http://t.co/3X4S5kJN nice similarity with information security Dec 28, 2011 
  • Alex Hutton in pauldotcom on security upstream communications within companies "don't be scared and don't scare people"http://t.co/XF2OuIHB Dec 25, 2011 
  • Alex Hutton in pauldotcom "we understand possible threats but we don't focus on probable ones" spot on! http://t.co/XF2OuIHB let's improveDec 23, 2011 
  • using a mem trick to build a pwd based on increasing a number or changing only some chars? if they get to the pwd, they will always know it!Dec 21, 2011 
  • CNickerson on wh1t3rabbit's 1 podcast - complexity breeds insecurity - a good message to convey to executives http://t.co/W6KDt4X8 Dec 18, 2011 
  • CNickerson on the 'one bear and men running ahead' metaphor for security, the prob is that the no. of bears grows http://t.co/W6KDt4X8 Dec 16, 2011 
  • Rik Ferguson from Trendmicro -share in social networks what u don't mind to shout out loud in the marketplace http://t.co/U2hJOzqi remember!Dec 11, 2011 
  • Rik Ferguson from Trendmicro - a million email addresses costs USD 8 in the spam industry http://t.co/U2hJOzqi keep the figure in mind! Dec 09, 2011 
  • Rik Ferguson from Trendmicro on plidpodcast - every 3 second a new piece of malware is created http://t.co/U2hJOzqi keep the figure in mind!Dec 07, 2011 
  • Rik Ferguson from Trendmicro on plidpodcast, we all overshare personal information http://t.co/U2hJOzqi is this a human trait? worth a studyDec 05, 2011 
  • TM on underground economy - a US credit card number plus CCV costs USD 3, a full identity around 10 USD http://t.co/U2hJOzqi@SecurityTwits Dec 05, 2011 
  • http://t.co/RBfsFVoe a summary of R Anderson's sec economics lecture in 2011 appears on March 1 2012, "with no incentive, no sec"! Dec 01, 2011 
  • December 2011 http://t.co/RBfsFVoe post! A summary of SSL And The Future Of Authenticity: A talk by Moxie Marlinspike http://t.co/WCPa2vNxDec 01, 2011 
  • defcon, bsides, blackhat,... sec cons ... good technologists...good presenters? communicating security is not easy http://t.co/PszvJQKB Nov 30, 2011 
  • @stiekes @Wh1t3Rabbit thx for the business side of security podcast, enjoyable and eye opening BTW check http://t.co/g8GlOK8h Nov 29, 2011 
  • Prof Peter Waldmann on terrorism -two types, generational and ethnic - you can also find both of them on cyberterrorism http://t.co/kCOwfTk7Nov 27, 2011 
  • ever wondered what stuff and IT elements are in a police patrol car? improvable usability, integration and.. security? http://t.co/Pg8MGhMn Nov 25, 2011 
  • Prof Zimring on crime, it is not as persistent and predictable as initially thought http://t.co/cJNEBK5f minute 25 is this also true in... Nov 23, 2011 
  • @martinvars ask Tim O Reilly on the 3 main drivers in information security for this decade - thx Nov 21, 2011 
  • Prof Zimring on the situational and contingential nature of criminality http://t.co/cJNEBK5f minute 18 is this also true in cybercrime? Nov 20, 2011
  • Brian Krebs on police-led intelligence podcast, credit card skimmer prices start at some USD hundreds http://t.co/2ab5dScQ Nov 18, 2011 
  • Brian Krebs on police-led intelligence podcast, according to Vint Cerf, 15 to 20% computers in Internet have a bot http://t.co/2ab5dScQ Nov 16, 2011 
  • @humanhacker a reference SE book your book! read a review in the November post of http://t.co/RBfsFVoe thanks! Nov 14, 2011 
  • nice reason to become police officer - being able to help people through one of their worst times http://t.co/qAtPYYsB similar to infosec? Nov 13, 2011 
  • SMEs find themselves in the middle of a hacking lake with no help, only the "I told u so" story works pdc epi252 http://t.co/3UVosOvH Nov 11, 2011 
  • hacking dna is far more complex than hacking bits - interesting talk at ccc camp - different laws in EU vs US http://t.co/N1B3U9In Nov 09, 2011 
  • Sonia Lupien on the recipe for stress: Novel Unexpected, Threat Sense of control (NUTS), http://t.co/7JM7EOle very applicable to infosec Nov 06, 2011 
  • @martinvars smart idea "business practices do not follow ideologies" (but pragmatism?) Varsavsky in Spanish http://t.co/lRdtNYMi and in sec?Nov 05, 2011 
  • "business practices do not follow ideologies" (but pragmatism?) Varsavsky in a 10 min video in Spanish http://t.co/lRdtNYMi - and infosec? Nov 04, 2011 
  • @mckeay @451wendy thx for the clarification, together with "security debt", they are powerful concepts Nov 03, 2011 
  • net sec podcast introducing the concept of the infosecurity poverty line in organisations http://t.co/dhWxUc6c juicy concept to play with Nov 02, 2011 
  • The November securityandrisk post is already available at http://t.co/RBfsFVoe, a review of a recent social engineering book Nov 01, 2011 
  • "I assume every single thing I post anywhere is public record forever" - wise words from Mr Moss - http://t.co/kvlIbghK Oct 30, 2011 
  • Raul Siles interviewed in PDC en espanol, pen tests in hospitals show how itsecurity can save lives http://t.co/JyWy1jpf let's remember it! Oct 28, 2011 
  • Ruben Santamarta interviewed in pauldotcom en espanol, his tools for reversing?Windbg, Ollydbg, IDA, a compiler and gdb http://t.co/2h5CxfwXOct 26, 2011 
  • u need to guide non-IT people through the process to eliminate malware on Win? Check the @RealSecurity guide http://t.co/ZRvm2Yfb saves time Oct 24, 2011 
  • interesting security awareness idea http://t.co/r4A3cDOZ listen to the creator on the RB podcast http://t.co/8XR9Ybya Oct 23, 2011 
  • N Myhrvold's unique way to present cooking is what infosec needs, a breakthrough to present everyday's sec topics http://t.co/bem9BTRA Oct 21, 2011 
  • E Pariser on Inet filter bubbles: customisation shows us a different realityt - could IT security help mitigating this? http://t.co/2PdHXdjp Oct 19, 2011 
  • DBrooks on human beings as social animals - People learn from people they love - do we use this in infosec? Not much http://t.co/fRPN72J0 Oct 16, 2011 
  • #ios5 upgrade, first backup settings, data and apps, then wipe firmware, install ios5 and last, restore backup and move back apps and booksOct 14, 2011 
  • propaganda is for the masses what social engineering is for the individual, interesting looking at propaganda history http://t.co/5ARHDRhi Oct 14, 2011 
  • thought, RB 197 podcast: u want to find 0-days in the wild? go to dubious sites, probably they are planted there by...? http://t.co/EIzdscSq Oct 12, 2011 
  • Josh Corman on RB196, what about security SW products going through 3rd party reviews in SW procurement processes? http://t.co/9a1T6RBVOct 09, 2011 
  • @chemaalonso MrMitnick himself mentions FOCA as a reconnaissance tool he uses in his security assessments http://t.co/2Mmq0Q6Acongrats;-) Oct 07, 2011 
  • Gartner RD AWalls on RBpodcast 198, there is accurate cybercrime data available but that is not the data reported http://t.co/0D0iudFz Oct 07, 2011 
  • The 2 creators of former patagon online needed themselves to be 1 good CEO http://t.co/riPJHe3D in infosec sometimes this is also the caseOct 05, 2011 
  • Gartner RD AWalls on RBpodcast 198, sec teams use many pre-conceived risks and threats that are far from the business http://t.co/0D0iudFzOct 02, 2011 
  • The October 2011 SecurityandRisk blog post arrived! Secure a home DSL router - enjoy it at http://t.co/RBfsFVoe any addition? Sep 30, 2011 
  • The best teacher is the one who best accommodates to the students' needs - let's apply this in the IT security arena? http://t.co/hefcFaPX Sep 30, 2011 
  • US tech initiatives on health, energy and education listen to the WhiteHouse CTO http://t.co/hefcFaPX where will IT security be in all this? Sep 28, 2011 
  • Carlos Perez tenable podcast 85 June 2011 advice: to be a good sec proffessional, start being a good sys admin! yep! http://t.co/MmR9ztl2 Sep 25, 2011 
  • Paul Asadoorian tenable podcast 85 June 2011 there are more than 425000 app in Apple store - who can check their sec? http://t.co/MmR9ztl2Sep 23, 2011 
  • Anup Ghosh on infosec and threats, u can't patch the user, do we remember this in our work? http://t.co/Lqpobc9T Sep 21, 2011 
  • people only take sec seriously when they suffer the lack of it themselves @carlos_perez interviews @chemaalonso in pdc http://t.co/ZGMt9EjwSep 18, 2011 
  • how many sonys are out there with info breaches that they don't publish? @carlos_perez interviews @lawwait in pdc en es http://t.co/l06TU3gYSep 16, 2011 
  • @lsaiz agreed! where r the non-commercial IT & ITsecurity & infosec R&D think-tanks and startup incubators ;-)? Sep 15, 2011 
  • berniehernie at entrepreneur event: machines can solve more complex probs than the ones we give them! http://t.co/bZnBDKMu also in infosecSep 14, 2011 
  • berniehernie at entrepreneurs event: the next Intenet... reputation, AI, re-brokering and people... and security? http://t.co/dA0LBNQ Sep 11, 2011 
  • Instagr.am creators at Stanford mention sink or swim idea: try it out quickly before investing a lot http://t.co/epdsPCq applicable to sec! Sep 09, 2011 
  • Microsoft Security Response Team: the one re-coding/fixing a vuln in MSFT sw is the developer who initially coded it http://t.co/4A9HAOv Sep 07, 2011 
  • Eddie Shwartz on RB: a netwitness installation stores more transactions than VISA per year - any experience with it? http://t.co/Wv1FjrN Sep 04, 2011 
  • Eddie Shwartz on RB: there is only so much u can do with a certain security model, not more! let's apply this every day http://t.co/Wv1FjrN Sep 02, 2011 
  • the september 2011 SandR blog post is already out! read it at http://t.co/ekKqOGm Hacking: The next generation - book review Aug 31, 2011 
  • HD Moore on Risky Business: the big money is on a working exploit, not on finding the vulnerability - a new industry? http://t.co/Wv1FjrN Aug 31, 2011 
  • customer friendly = fraud friendly = infosec expert frustration friendly true? listen to Scott McIntyre at AusCert 2011 http://t.co/uBDfSbF Aug 28, 2011 
  • reading Anderson's chip and pin papers at http://t.co/JbygWY2 the moral of the story: if you don't have your card under control, cancel it! Aug 26, 2011 
  • Jeff Moore at Stanford - creating power is not compensated & consuming power is free - http://t.co/VYnKVHB - key for the Infosec practice? Aug 24, 2011 
  • Jeff Moore at Stanford - power fuels performance, performance consumes power - http://t.co/VYnKVHB - consider this in the Infosec practiceAug 21, 2011 
  • "looking to build a global co? build it on the minimum common denominator", watch Martin Varsavsky http://t.co/z5gXtrv apply it also to sec Aug 19, 2011 
  • Rasmussen at FIRST2010: DNSSec helps at name resolver/client side but not at registrar side, case for defence in depth http://t.co/Rs6qCUVAug 19, 2011 
  • New guest post in securityandrisk.blogspot,com on Internet usage monitoring http://t.co/qYmfhaX Aug 17, 2011 
  • "Europe is the place to be when you leave work", watch Martin Varsavsky http://t.co/z5gXtrv does this also apply to infosec jobs? Aug 17, 2011 
  • pauldotcom, assume a compromise will happen, work on response: a soundly organised IT environment is the most resilient http://t.co/eWZz2EbAug 14, 2011 
  • Larry Pesce in pauldotcom, sometimes we sell healthy diet & exercise but thecustomer is still watching TV on the couch http://t.co/eWZz2Eb Aug 12, 2011 
  • R Bejtlich on FIRST podcast: hire each team member in your IRT because they have something special for the team http://bit.ly/jc7Lpa Aug 10, 2011 
  • JStrand in pauldotcom - episode 239p2 Fuzzing is all about knowing the protocol you are fuzzing http://bit.ly/ltyhMm - get to know it before Aug 10, 2011 
  • R Bejtlich on FIRST podcast: plant your probes, choose your indicators and let them feed your intel within your IRT http://bit.ly/jc7Lpa Aug 07, 2011 
  • Richard Bejtlich on FIRST podcast - find a highflyer in your org who will advocate for your infosec program, not you http://bit.ly/jc7Lpa Aug 05, 2011 
  • using an ssl server with a cert with MD5 fingerprints? visit https://www.networknotary.org/ to check cert duration http://bit.ly/ltyhMm Aug 03, 2011
  • Avoid arp-spoofing in your LAN - new securityandrisk blog post - just coming from the oven at http://securityandrisk.blogspot.com Jul 31, 2011 
  • Brafman on human relations softness help projects succeed, infosec leaders need to show softness in communications http://bit.ly/miPAnJ Jul 29, 2011 
  • Brafman on human relations - human contact, proximity and similarity favour relations - apply this to security teams http://bit.ly/miPAnJ Jul 27, 2011 
  • Ori Brafman on human relations - vulnerable leaders are more trusted - how can we apply that to infosec leaders? http://bit.ly/miPAnJ Jul 24, 2011 
  • "people often trust eloquence more than honesty", study in #HarvardBR November 2010 by T Rogers and M Norton. Consider that in infosec Jul 22, 2011 
  • first guest post in securityandrisk on the value of vulnerability assessments http://bit.ly/o07nfh Jul 21, 2011 
  • Chris Palmer from EFF in pdc 238 - security measures need to be user-empathic - their time is valuable - don't waste it http://bit.ly/h0ZDkc Jul 20, 2011 
  • S Cristoforetti, European astronaut, a military saying: "train hard and fight easy" - applicable to #infosec http://bit.ly/f4apoW Jul 20, 2011 
  • Chris Palmer from EFF in pdc 238 - ssl has a scope problem: 1400 CAs! - we need to solve it - http://bit.ly/h0ZDkc Jul 17, 2011 
  • Leadership in teams "Low absenteeism was related to democratic supervision" study in Psy Journal http://bit.ly/hO9oQh from 1976! Jul 15, 2011
  • u need to sharpen your jedi saber with pcap files? try http://pcapr.net a library of 400+ pcap - from RB190 podcast - http://bit.ly/gITMXm Jul 13, 2011 
  • RB189 podcast mentions a nice demo of big "mobile telco" brother check it yourself at http://bit.ly/hPbJo9 and switch your mobile more often Jul 10, 2011 
  • out-of-seq post in securityandrisk http://t.co/4qo7XCr by a guest poster - if you feel like contributing with an entry, just ping me Jul 09, 2011 
  • RB189 podcast - Peter Gutmann: the boolean browser CA trust model is broken - let's use reputation similar to real life http://bit.ly/gITMXm Jul 09, 2011 
  • #pauldotcom episode 236 - Chris Nickerson on pen testing - no mention of impact in pen test makes it useless - http://bit.ly/hxmMB3 Jul 09, 2011 
  • Rich Mogull - APT industry - specialised teams with time and resources working only to pown a company, your company? http://bit.ly/ep2I5B Jul 08, 2011 
  • #pauldotcom e236 - they key point is being compromised is to be able to reduce the time u are powned - IRT is key http://bit.ly/hxmMB3 Jul 08, 2011 
  • Rich Mogull - an APT by the book: spear phishing + compromise + stealth reconnaisance + id juicy data + ftp data out http://bit.ly/ep2I5B Jul 08, 2011 
  • #CVGTR11 thanks to all organisers - a real opportunity to open minds and eyes on risk management Jul 06, 2011 
  • enticing bibliography for a new risk management concept, #riskvolution, by V Chapela and S Moral http://t.co/4OpVcUs Jul 06, 2011 
  • New S&R blog post - SQL injection - Attacks and defense by Justin Clarke et al. - Book review http://bit.ly/mkucq4 Jun 30, 2011 
  • GWeidman @vincentkadmon: sms-based botnet concept for Android - Shmoocon paper http://bit.ly/ehIFSw & PDC interview http://bit.ly/ehIFSwJun 29, 2011 
  • #infosec R&D time to devote 30% resources to new ideas from young itsecuriteers http://bit.ly/hQsFaU - probably creating multi-source teamsJun 26, 2011 
  • security idea - an smartphone app to provide every day the number of sms received and sent and alert if needed - watch http://bit.ly/exSbx0 Jun 24, 2011 
  • pauldotcom interviews Pete Herzog - patching is not the silver bullet, operational security requires knowledge ...- http://bit.ly/ihJ5nK Jun 22, 2011
  • nice pen testing idea: http://www.osstmm.org provides the what, where and when and http://www.pentest-standard.org/ provides the how Jun 19, 2011 
  • @mckeay @Wh1t3Rabbit @jadedsecurity @marknca @NightShade003 thx 4 the sec/business talk at http://t.co/kfxXbiQ pls check http://t.co/1kMquwh Jun 19, 2011 
  • Pete Herzog - the bad people project http://www.isecom.org/bpp/bpp.html nice security awareness seeding concept Jun 17, 2011 
  • infosec idea - what about creating a site to build a ranking of security presentations hold in cons made by viewers? WIll be useful to focus Jun 15, 2011 
  • Risky Business podcast episode 188 mentions alternative ideas like last-resource security and other than risk-based sec http://bit.ly/gNBmU2Jun 12, 2011 
  • RB189 podcast mentions a nice demo of big "mobile telco" brother check it yourself at http://bit.ly/hPbJo9 and switch your mobile more often Jun 12, 2011 
  • Gavin on Shmoocon 2011 check tools like opendlp in googlecode & mydlp.org , they could be the opensource seed of a dlp http://bit.ly/hMSgyeJun 10, 2011 
  • RB189 podcast - Peter Gutmann: the boolean browser CA trust model is broken - let's use reputation similar to real life http://bit.ly/gITMXm Jun 10, 2011 
  • Rich Mogull - APT industry - specialised teams with time and resources working only to pown a company, your company? http://bit.ly/ep2I5B Jun 08, 2011 
  • Mick Douglas at Aide: CYA 101 - mark critical emails to CxOs with labels such as "it is my professional opinion that" http://bit.ly/e0N3bE Jun 08, 2011 
  • Rich Mogull - an APT by the book: spear phishing + compromise + stealth reconnaisance + id juicy data + ftp data out http://bit.ly/ep2I5B Jun 05, 2011 
  • Mick Douglas spoke at Aide: check out tools like nagios sagan ntop and octopussy - they could be the seed of a SIEM http://bit.ly/e0N3bE Jun 05, 2011 
  • Mick Douglas @bettersafetynet spoke at Aide and provided wise pieces of advice e.g. our role is to signal risks to CxOs http://bit.ly/e0N3bE Jun 03, 2011 
  • #pauldotcom e236 - they key point is being compromised is to be able to reduce the time u are powned - IRT is key http://bit.ly/hxmMB3 Jun 03, 2011 
  • ReL1k on #infosec at AIDE 2011 http://bit.ly/e7J4q3 : get back to basics, don't rely on tools, sec takes people, knowledge, time and effort Jun 03, 2011 
  • in case you need to read itsecuriteer's tweets in May comfortably in just one page, just go to http://bit.ly/jbIy2r Jun 02, 2011 
  • ReL1k talk on #infosec at AIDE 2011 http://bit.ly/e7J4q3 : security requires years of maturity and building a team up - how? bit.ly/dyeZBZ Jun 01, 2011 
  • #pauldotcom episode 236 - Chris Nickerson on pen testing - no mention of impact in pen test makes it useless - http://bit.ly/hxmMB3 Jun 01, 2011 
  • probabilistic risk assessment is not always the way to go in infosec, read June's S&R's post http://bit.ly/mFc0cY or http://bit.ly/dyeZBZ Jun 01, 2011 
  • #socialengineer crew interviews @elinormills - simple but poweful principle: everybody loves talking about themselves http://bit.ly/gHMtUQ May 29, 2011 
  • pauldotcom interviews Ray Davidson: security is not a profit center - u can link security with cost savings at least! http://bit.ly/eqsuet May 27, 2011 
  • Xavier Mertens on microtrash 19, implementing SIEM, even if open source, is not for free, u need time and net wisdom http://bit.ly/gztNFI May 25, 2011 
  • @martinvars did u think to expand the use of fon through viral marketing by fan guests installing foneras in boutique hotels? May 23, 2011 
  • pauldotcom interviews Sharon Conheady from www.firstdefenceis.com social engineering, 90% of it is reconnaissance - http://bit.ly/dJNqvJ May 22, 2011 
  • you need figures to sell your security budget to your CxO? check out http://bit.ly/fhtEdY or http://bit.ly/gAm5Iq or http://bit.ly/gdoUUo May 18, 2011 
  • itsecuriteer tweets are food for thought, u can also read them in batches outside twitter - go to http://bit.ly/klKTvb and send feedback thx May 16, 2011 
  • McCandless on information design, an opportunity for #infosec to improve & explain facts visually to customers, watch http://bit.ly/g7qby5 May 13, 2011 
  • Check acceptability of a customer facing security measure before entirely building it! Idea from Gross - http://bit.ly/fjM8kN applied to sec May 11, 2011 
  • Gross on entrepreneurship - http://bit.ly/fjM8kN - a company needs a visionary, a developer, a logistics and an integrator guys, infosec too May 09, 2011 
  • SE.org every month - an interesting question and results of the previous one, go to http://www.social-engineer.org/category/polls/ May 08, 2011 
  • applying new psychology developments to infosec awareness - what about the use of cognitive bias modification? http://bit.ly/f2eBWN May 06, 2011 
  • security conference intelligence - innovative infosec service from thinkst - thinkscapes - http://bit.ly/e6akHQ well spotted idea! May 06, 2011 
  • "how can we make sure that what is important stays secure" says Haroon Meer on Eurotrash podcast 19 - survavility - http://bit.ly/fSUtrL May 04, 2011 
  • we need to solve different and more specific problems in infosec says Haroon Meer on Eurotrash podcast - minute 35 - http://bit.ly/fSUtrL May 01, 2011 
  • May 2011 - new SaR blog post - BH Europe keynote by B Schneier - personal summary http://bit.ly/dnN3kh enjoy it! May 01, 2011 
  • "there should be an increase focus on detection" says Haroon Meer on Eurotrash podcast - minute 9-10 - http://bit.ly/fSUtrL Apr 29, 2011 
  • Zitmo allegedly uses SMSmonitor code - so says Axelle Apvrille at Schmoocon 2011 http://bit.ly/exSbx0 smartphone security is a nice niche Apr 27, 2011 
  • Jack Dorsey at Stanford: square uses pair programming - would this be a success story for secure development? http://bit.ly/gRg5GB min 55Apr 24, 2011 
  • Jack Dorsey: storytelling is writing plays - Apple is run like a theater co. and applying this to infosecurity? http://bit.ly/gRg5GB min 45 Apr 22, 2011 
  • the best thing u can do to inspire people is showing something that works, Mr Dorsey in Stanford ETL podcast, can we apply that to security?Apr 20, 2011 
  • Bsides http://bit.ly/hWaAMb started as a place for all those presenters rejected in typical sec cons so says eurotrash http://bit.ly/eC73yd Apr 17, 2011 
  • Lenny Zeltser on exotic liability podcast, the word security makes people lose common sense on social engineering traps http://bit.ly/e7F8eJ Apr 15, 2011 
  • Lenny Zeltser on exotic liability podcast http://bit.ly/e7F8eJ - it's time to introduce deception in defensive security measures Apr 13, 2011 
  • Lenny Zeltser's blog, it's time to introduce deception in defensive security measures e.g. low interaction honeypots http://bit.ly/g5eHuk Apr 11, 2011 
  • need to extract audio from a media file in Linux? use soundconverter http://bit.ly/gQGBFd Apr 10, 2011 
  • #ipv6 insecurities - 3 remedies: Secure Neighbour Discovery SEND, ipsec and client config - talk by Mr Heuse at 27C3 http://bit.ly/fKD8Pn Apr 08, 2011 
  • #ipv6 is 15 years old - mitm attacks are still possible - interesting talk by Mr Heuse at 27C3 http://bit.ly/fKD8Pn Apr 06, 2011 
  • Looking for a good trainer on network security & IDS in Berlin May 16-21 2011? @aboutsecurity http://www.sans.org/berlin-2011-cs/ enjoy it! Apr 05, 2011 
  • SecurityandRisk.blogspot.com mentioned in the Open Penetration Testing Bookmarks Collection http://bit.ly/hkU951 thanks to their creators! Apr 04, 2011 
  • First pauldotcom en espanol - @Carlos_Perez interviews @JCanto from virustotal - he codes in python ;-) http://bit.ly/eNeYhe Apr 03, 2011 
  • #ipv6 - from 4 octets in ipv4 to 16 - remote pen testing in #ipv6 is possible - interesting talk by Mr Heuse at 27C3 http://bit.ly/fKD8Pn Apr 03, 2011 
  • April's SecurityandRisk blog post just released - enchanting in IT security - have a read at http://bit.ly/eOOLxx and leave your comments Apr 01, 2011 
  • with #smartphones outnumbering PCs to access Internet, who will not take smartphone security seriously? will it be user friendly? Apr 01, 2011 
  • Desmond-Hellmann on health care innovation - elderly care and specialised focus centers http://bit.ly/hUKGSG can we apply this to security?Mar 29, 2011 
  • #linux problems with your audio in ubuntu #apt-get install pam check tabs and re-do permissions in .pulse and .pulse-cookie in home drive Mar 27, 2011 
  • securityandrisk blog post on recommended security sites updated - articles in Spanish - any other suggested site? http://bit.ly/eQjUet Mar 25, 2011 
  • (in)security affects economy? EMC highest share value on 3/18 closed at 25.63 BUT on Monday 3/21 it peaked to 26.76 http://bit.ly/dL2mQ6Mar 24, 2011 
  • Ann Miura-Ko it becomes important to have technical talent in-house you need that asset within the startup - minute 46 http://bit.ly/ewZE58 Mar 23, 2011 
  • ... and creation sales channel and... supply chain (components, design, manufacturing and inventory warehousing) - m29 apply it to infosec?Mar 20, 2011 
  • Ann Miura-Ko on elements of a business plan: users, customers, pricing - including customer lifetime, customer demand...http://bit.ly/ewZE58Mar 20, 2011 
  • @nfosec thanks for the answer, I was thinking of slightly technical IT modules, any school doing that? Mar 19, 2011 
  • RT @nfosec: @itsecuriteer the #ABA has offered #infosec #CLE modules in the past http://t.co/rm6BSdQ and a couple of schools offer #LLMs ...Mar 19, 2011 
  • #infosec idea - there are law modules in IT security trainings - what about IT security modules for professionals with degrees in law? Mar 18, 2011 
  • In two years, smartphone sales will surpass PC sales, from #google ex-ceo, read more here http://tcrn.ch/gc7Uz3 Mar 16, 2011 
  • adding security awareness bits in films & series? e.g. your hero choosing a password, the impact could be high, read more here bit.ly/dyeZBZMar 13, 2011 
  • perryevans in Montreal startup camp - indecision and success are incongruent - see the slides at http://bit.ly/emWyzf Mar 11, 2011 
  • #SEpodcast hearsay http://bit.ly/e98EeW 80+% of security incidents in business have a social engineering component - anyone has the source?Mar 09, 2011 
  • #SEpodcast women are better at social engineering than men - listen to it at http://bit.ly/e98EeW what about in other IT security fields? Mar 06, 2011 
  • R Dreeke wih SE crew http://bit.ly/dT48fJ is not manipulating or lying but rather influencing and exaggerating or cutting the truth short Mar 04, 2011 
  • R Dreeke wih SE crew http://bit.ly/dT48fJ for anchoring, come up with a question that is non treathening, realistic and they resonate with Mar 02, 2011 
  • New securityandrisk post - Tips by Jack Dorsey to create an IT security shop http://bit.ly/dM9gPg so many ideas to implement! Make it happenFeb 28, 2011 
  • Robin Dreeke interviewed by SE crew - http://bit.ly/dT48fJ - anchoring technique - ask for an opinion - everyone thinks they are an expert Feb 27, 2011 
  • Piacentini - Amazon ops exec - we keep hierarchy flat - http://bit.ly/gV6URf - minute 44 - if u start from the top is easier - and in sec? Feb 25, 2011 
  • Piacentini - Amazon ops exec - we keep hierarchy flat - http://bit.ly/gV6URf - minute 43 - how do we do in #infosec? no hierarchy? Feb 23, 2011 
  • Piacentini - Amazon ops exec - prioritise countries according to GDP size - http://bit.ly/gV6URf - minute 41 - how do we do in #infosec? Feb 20, 2011 
  • Diego Piacentini - Amazon exec, 40% retail business is done in q4 every year - http://bit.ly/gV6URf - is there seasonality in IT security? Feb 18, 2011 
  • Mark Suster on #entrepreneurship - whatever you want to do, do it when you are young - minute 56 - http://bit.ly/i2Wqmu Feb 16, 2011 
  • as long as corporate users browse the web you have no perimeter #pauldotcom episode 224 pt2 minute 18 http://bit.ly/dTbakx Feb 13, 2011 
  • #browsers compete on speed not on security, so says Dave Aitel in #pauldotcom episode 224 pt1 minute 53 http://bit.ly/fZQSa0 Feb 11, 2011 
  • those of you with the bugs make the rules, so says Dave Aitel on disclosure in #pauldotcom episode 224 pt1 minute 40 http://bit.ly/fZQSa0 Feb 09, 2011 
  • someone out there has a method of getting access to your systems, so says #pauldotcom episode 224 pt1 minute 31 http://bit.ly/fZQSa0 Feb 06, 2011 
  • wikileaks presentations at #ccc in 2008 3c25 http://bit.ly/fdkq5Q and ccc 2009 3c26 http://bit.ly/fcfczH 2 watch with a security/privacy eye Feb 04, 2011 
  • comprehensive paper on malicious USBs by irongeek presented at #Shmoocon2011- read it at http://bit.ly/hoCldi Feb 01, 2011 
  • #backtrack site owned at Xmas 2010 nice answer at http://bit.ly/eK5HsU - how many #infosec writers secure their blog or site infrastructure? Feb 01, 2011 
  • February post in http://securityandrisk.blogspot,com - Social-engineer.org crew interviews comm expert Joe Navarro - http://bit.ly/hXnXF7 Feb 01, 2011 
  • #eurotrash security podcast - sec cons focus more on offiensive talks than on defensive ones - minute 82 in episode 17 http://bit.ly/eX1B7w Jan 30, 2011 
  • Simon Sinek in #TED on inspiring leaders: Hire people who believe in what you believe http://bit.ly/gwvB8J - I add, also applicable to sec Jan 28, 2011 
  • foundat_ion interviews Jack Dorsey creator of twitter http://bit.ly/eso3jA minute 23 more people pay for things than they use comm devices Jan 25, 2011 
  • foundat_ion interviews Jack Dorsey creator of twitter http://bit.ly/eso3jA minute 25 maybe it is just not the right time for both of us ;-) Jan 23, 2011 
  • foundat_ion interviews Jack Dorsey creator of twitter http://bit.ly/eso3jA minute 18 the hardest thing is start - get it on paper & show it Jan 21, 2011 
  • foundat_ion interviews Jack Dorsey creator of twitter - http://bit.ly/eso3jA - minute 13 - we need more relevant filters real time Jan 18, 2011 
  • saizai at #27c3 http://bit.ly/e0M3mo mentions the #wikipedia list of cognitive biases http://bit.ly/hm7dGe - think about it when living! Jan 16, 2011 
  • #infosec 2011 survey from pwc - client requirements are driving security spending - will that be a trend? http://bit.ly/e2RHpp page 10 Jan 14, 2011 
  • u need to check who is around in your lan? #nmap -sP x.x.x.1-255 keep the mac address and run it regularly to see changes Jan 12, 2011 
  • check real #speed in your DSL connection - download and upload http://www.speedtest.net/ Jan 10, 2011 
  • new #infosec #itsecurity #career advice service http://itsecuriteer.blogspot.com/ need to make a career decision in your ITsecurity life? Jan 10, 2011 
  • Thomas Prescott on #entrepreneurship - everybody is becoming more risk averse - listen to it at bit.ly/ey2b75 mmm, any effect on infosec? Jan 09, 2011 
  • avoid basic #arp-poisoning at least check your vendor's mac address prefix - just in case ;-) http://www.coffer.com/mac_find Jan 08, 2011 
  • Thomas Prescott on #entrepreneurship - get surrounded by the best people, even more important than the idea itself http://bit.ly/ey2b75 Jan 06, 2011 
  • Thomas Prescott on #decisionmaking - better quick than slow - then possibly a re-tune if required - listen to it at http://bit.ly/ey2b75 Jan 04, 2011
  • http://tools.whois.net and http://www.robtex.com - and http://bit.ly/f1bov7 if u can read it ;-) - have it always at hand ;-) when browsing Jan 03, 2011 
  • in less than 2 hours, new post at http://securityandrisk.blogspot.com #pauldotcom crew interview Brian Krebs - They talk about digital fraud Jan 02, 2011 
  • does the resolv.conf file change? are u using dhclient /etc/dhcp3$ sudo gedit dhclient.conf & add prepend domain-name-servers 208.67.xxx.xxxJan 01, 2011 
  • happy & secure 2011! u want to backup your #blogspot blog? http://yourblog.blogspot.com/search?max-results=3000 - btw check older posts link Dec 31, 2010 
  • need to add name servers in #linux #ubuntu? sudo gedit /etc/resolv.conf and write nameserver ipaddress e.g. 208.67.2xx.xxx Dec 31, 2010 
  • #infosec 2011 survey from pwc - the greater increase in risk comes from partners and suppliers - http://bit.ly/e2RHpp page 14 Dec 29, 2010 
  • #27c3 more than 200000 letters a la Nick Merrill case - http://bit.ly/hWvgzv - no further comments Dec 28, 2010 
  • 20 minutes available these days? watch Ken Robinson about the #learning #revolution - let's apply it to #infosec too! - http://bit.ly/gFd529 Dec 26, 2010 
  • quick #evilSEO #websitecheck, go to #google and search site:yoursite "viagra" or "cialis" avoid misuse of your web pages - patch your sw Dec 25, 2010 
  • #leaders get more blame or more credit that they deserve for organisational #performance listen to Bob Sutton http://bit.ly/dKvTAk minute 7 Dec 23, 2010 
  • when you are in a position of power, the people that you lead, watch you very closely - listen to Bob Sutton http://bit.ly/dKvTAk minute 7 Dec 22, 2010 
  • #staff #performance evaluation - 50% times make things better, 50% make things worse - listen to Bob Sutton http://bit.ly/dKvTAk minute 6 Dec 20, 2010 
  • #moneylaundering uploading a song and paying for downloading it with stolen credit cards http://bit.ly/i65p63 Dec 18, 2010 
  • #gawker it seems the breach had to do with red hat kernels, php and databases http://bit.ly/i3vnRY Dec 18, 2010 
  • #enisa publishes a report on #infosec in smartphones http://bit.ly/eHccQk a starting point on what is coming over to #infosec professionals Dec 17, 2010 
  • RT @humanhacker: RT This and your name goes in a drawing to get a free copy before everyone else. http://amzn.com/0470639539 http://yfr ... Dec 13, 2010 
  • Brian #Krebs in #pauldotcom online credentials hardly change, stolen ones are still valid months after (minute 41) http://bit.ly/gtIPoM Dec 13, 2010 
  • #lightningtalk - lessons learnt rehearse your time and content and abandon traditional ppt methods - make the most of 3 mins - time will fly Dec 10, 2010 
  • #socialengineering - Blue is a smoothing colour. Blue in predominant on TV. minute 20 at http://bit.ly/elo6W1 - security tools using blue? Dec 10, 2010 
  • #socialengineering we see something beautiful, our pupils dilate. We see something ugly, they contract - minute 22 in http://bit.ly/elo6W1 Dec 09, 2010 
  • no empirical evidence of first mover advantage e.g. #google was not the first search engine - listen to Bob Sutton http://bit.ly/dKvTAk Dec 08, 2010 
  • trying http://backupmytweets.com Dec 04, 2010 
  • #controladores air traffic in Spain http://bbc.in/go4WRi could a piece of #stuxnet alike malware trigger something similar?are we prepared? Dec 04, 2010 
  • easy way to check that there are less #arp probes in the net # tcpdump -i interface -n -v arp Dec 03, 2010 
  • easy defence layer against #arp poisoning, add this line in your /etc/rc.local file # arp -s ipaddressofyourrouter macaddressofyourrouter Dec 03, 2010 
  • new securityandrisk blog post - grey #hacking book review http://bit.ly/ethRcQ worth one read Dec 01, 2010 
  • launch #tcpdump (with no -n switch) while using #twitter and u will see they use Amazon AWS servers - so #twitter is in the cloud ;-) Nov 26, 2010 
  • #phishing u need to know the latest phishing attacks that are online? check out https://www.phishtank.com Nov 24, 2010 
  • @Security_FAQs #itsecuriteer listed in www.security-faqs.com infosec-on-twitter list http://bit.ly/fXnav1 thanks! Nov 23, 2010 
  • #wifi a wireless AP transmits in a channel, from 1 to 13, switching channels too often is a bad idea, see http://bit.ly/hppNir old but valid Nov 23, 2010 
  • #tcpdump by default, unless you use the -p switch, it runs in promiscuous mode Nov 23, 2010 
  • #ubuntu #wifi which channel I am using? $sudo iwlist iface channel Nov 21, 2010 
  • #firesheep #linux #wifi promiscuous mode means all packets in a ssid/channel combination see http://bit.ly/9iIghj Nov 21, 2010 
  • #firesheep #linux #wifi monitor mode means all ssids in a channel see http://bit.ly/9iIghj Nov 21, 2010 
  • @helpnetsecurity itsecuriteer, security professional, author of itsecuriteers the book and securityandrisk.blogspot the blog Nov 19, 2010 
  • Run #arpwatch -i yourinterface -d to identify sudden mac address changes, just in case your lan peers are using evil :-) Nov 19, 2010 
  • October 2010 #hbr "ability to take initiative is a far better job performance predictor than academic records" Davenport et al. page 54 Nov 17, 2010 
  • #Gparted #linux you need to unmount the partitions you plan to modify Nov 16, 2010 
  • #linux quick secure partition deletion command line using wipe $wipe -qk /partition/todelete Nov 15, 2010 
  • P Gray interviews Brian Snow http://bit.ly/dBTiwb in Risky Business Nov 13, 2010 
  • Italy 2007 http://nyti.ms/aJbYwl and Greece 2004 http://bit.ly/cX1Nsj - who controls the controller and the provider? P Gray interviews... Nov 13, 2010 
  • #linux quick secure file deletion command line using wipe $wipe -rfq /folder/filetodelete Nov 12, 2010 
  • #linux need to find the files accessed/created during the last day? go to the root folder and type $find -mtime -1 | [grep foo if needed] Nov 10, 2010 
  • #linux where to add commands to be executed at the end of bootup? in /etc/rc.local #debian does not use it by default http://bit.ly/dkTqqh Nov 08, 2010 
  • anecdote #ubuntu usage - firefox logo lost in ubuntu 10.04? get it at http://bit.ly/aYNE4j - most icons are in /usr/share/icons Nov 07, 2010 
  • #ubuntu usage - nautilus file explorer does not start? - go to /home/youruser and delete .nautilus folder - u don't see it? use ctrl+h Nov 06, 2010 
  • dban http://bit.ly/cRkRgg securely erases disks connected to the bus but not USB connected, for that use wipe or shred from the command lineNov 04, 2010 
  • #backtrack2 how to make it persistent in gray hat #hacking book chapter 5 - little bit outdated but didactic http://amzn.to/bqmiOy Nov 02, 2010 
  • 1st Nov in 2 hours, new securityandrisk post - Public DNS servers: Less privacy in exchange of a security layer - See http://bit.ly/dnN3kh Oct 31, 2010 
  • #infosec #money series 4 - online banking fraud in NL for Q1 2010 reached EUR 4.3 million http://bit.ly/bJaS8U Oct 26, 2010 
  • #infosec #money series III online banking fraud in Germany in 2010 expected to reach EUR 17 million http://bit.ly/9bBgea Oct 26, 2010 
  • New #infosec money series II - EUR 3 billion a year in identity theft in the UK affecting 1.8 million UK people http://bit.ly/b5uHHt Oct 22, 2010 
  • New #infosec money series - ATM skimming EUR 143.5 million lost in Q1 2010 in Europe http://bit.ly/dC4URv Oct 19, 2010 
  • 72 worthy pages of #stuxnet intelligence at http://bit.ly/8XJP7g Oct 18, 2010 
  • meterpreter in metasploit injects commands into the memory of an exploited process - chapter 4 gray hat #hacking book http://amzn.to/bqmiOyOct 15, 2010 
  • #RSA announces in #RSAEurope event focus on building an #ITsecurity ops function http://bit.ly/aaA5bm - http://amzn.to/dyeZBZ could help Oct 12, 2010 
  • build and look after your personal IT security brand - chapter 9 of http://amzn.to/dyeZBZ Oct 11, 2010 
  • #hacking basic metasploit use in gray hat book chapter 4 http://amzn.to/bqmiOy show info use  Oct 10, 2010 
  • CERT/CC vulnerability disclosure process gives vendors 45 days to fix vulns - chapter 3 of gray hat #hacking book http://amzn.to/bqmiOy Oct 08, 2010 
  • An ISP notifying users infected by #bots http://bit.ly/cec7tc and http://bit.ly/csor4J nice initiative however, isn't it easy to be phished? Oct 06, 2010
  • Legal and IT security - the US Federal computer crime statutes in chapter 2 of gray hat #hacking book http://amzn.to/bqmiOy Oct 05, 2010 
  • #ethicalhacking if u need to justify work/budget in IT security references used in chapter 1 of gray hat book http://amzn.to/bqmiOy help Oct 04, 2010 
  • #stuxnet is a piece of art http://bit.ly/9XpCaP Sep 30, 2010 
  • New #securityandrisk post - review of the network flow analysis book by Michael W. Lucas http://bit.ly/9J5Siv - happy book review reading! Sep 30, 2010 
  • #brucon podcasters http://bit.ly/bPNsGF infosec applicant question - what happens in the net from switching a pc on to an ip address Sep 29, 2010 
  • net #flow analysis book by Lucas http://bit.ly/9ykaQ - each primitive can include only one type of match Sep 29, 2010 
  • a day contains 288 five minute periods, from net #flow analysis book by Lucas http://bit.ly/9ykaQh Sep 27, 2010 
  • #stuxnet presumably targeting a specific target - will this be a new trend? - top sophisticated targeted malware - http://bit.ly/9eRlxA Sep 26, 2010
  • net #flow analysis book by Lucas http://bit.ly/9ykaQh for filtering use flow-nfilter building filters out of primitives Sep 26, 2010 
  • #socialengineer podcast with @rpaulwilson on how security should "focus on the least possible compromise" (min 52) http://bit.ly/b8OLdS Sep 25, 2010 
  • net #flow analysis book by Lucas http://bit.ly/9ykaQh flow-cat feeds the data to flow-print Sep 24, 2010 
  • description of the "beauty" and "danger" of #stuxnet in only one paragraph (the first one) at http://mcaf.ee/56cb0f Sep 22, 2010 
  • net #flow analysis book by Lucas http://bit.ly/9ykaQh use #flow-print -f 0 adds interface numbers by printing port and protocol info in hex Sep 21, 2010 
  • #stuxnet could be the worm of the year, exploits 4 0-day vulnerabilities & attacks SCADA http://bit.ly/aVU4dg - who can be the author(s)? Sep 18, 2010 
  • #stuxnet so far detected in 14 operational plants using Siemens SCADa http://bit.ly/aoh1oA Sep 18, 2010 
  • #briankrebs first reported on the Windows shortcut flaw based on info from an anti-virus company based in Belarus named VirusBlokAda Sep 18, 2010 
  • Network #flow analysis book by Michael W. Lucas http://bit.ly/9ykaQh - use flow-cat and flow-print to view flows - from http://bit.ly/ce1EVS Sep 15, 2010 
  • Network #flow analysis book by Michael W. Lucas http://bit.ly/9ykaQh - use #flow-capture as a flow collector - from http://bit.ly/ce1EVS Sep 13, 2010 
  • Network #flow analysis book by Michael W. Lucas (2010) - use #softflowd as a software-based network flow sensor - from http://bit.ly/bQNy9HSep 12, 2010 
  • Network #flow analysis book by Michael W. Lucas (2010) #ifconfig em0 up -arp enables the network interface & it does not participate in ARPSep 09, 2010 
  • New #securityandrisk post - using USB memory drives securely - http://bit.ly/cuw8Hu - Happy secure data transport! Sep 02, 2010 
  • #perl declare variables using my $answer = 42 no need to pre-declare the type http://bit.ly/cMd2Yt Aug 25, 2010 
  • #itsecurity professionals feel underpaid & money is not their main driver - survey at http://bit.ly/9z7X8C Aug 24, 2010 
  • insider threat a reality? some people leaving a company would take data with them http://bit.ly/9p1ngK Aug 24, 2010 
  • physical security meets #itsecurity - http://bbc.in/bHjO8i - just noise or a real (new?) trend Aug 22, 2010 
  • #linux #commandline $find -name "*.txt" -print0 | xargs -0 grep text - line to find a text in a collection of txt files Aug 22, 2010 
  • ISP uses Shadowserver data to alert customers with bots http://bit.ly/98SFb4 Aug 22, 2010 
  • My #Twifficiency score is social-engineering%. What's yours? Viral marketing for security professionals - chapter 7 in http://amzn.to/dnypJR Aug 17, 2010 
  • security gurus in twitter fall on the #twifficiency social engineering trap, why? (me, not guru though, included ;-) http://bit.ly/9PUUqW Aug 17, 2010 
  • near a #linux box and has no network? try # ifconfig eth0 netmask 255.255.255.0 up and #route add default gateway  Aug 17, 2010 
  • #socialengineer #defcon contest (minute 51 in podcast) - "will you please go to this site?" that trick always worked! http://bit.ly/cKGtYn Aug 15, 2010 
  • #socialengineer #defcon contest (minute 75 in podcast) - men were more gullible than women! - http://bit.ly/cKGtYn Aug 15, 2010 
  • trust networks help decreasing info flood in microblogging - from a Spanish PhD page 386 http://bit.ly/cUxjOd - a valid idea for infosec? Aug 11, 2010 
  • Industrial Control Systems #CERTS? http://bit.ly/cO7GMv - 15000 #stux computers worldwide vs 4 infected #SCADA systems Aug 09, 2010 
  • Mr Heinemeier, creator or #rubyonrails, "constraints force you to do way less and different than your competition" http://bit.ly/9FcfCu Aug 08, 2010 
  • Mr Heinemeier, creator of #rubyonrails, "when you're not well rested, your mind is not working at peak performance" http://bit.ly/9FcfCu Aug 08, 2010 
  • off-security near #space photos http://bit.ly/bwd0kj Aug 07, 2010 
  • New SaR post, web-based photo #geolocation - #exif data cleaning http://bit.ly/bZ416m Aug 07, 2010 
  • backing up your blog with wget? use e.g. wget --mirror --convert-links -r http://securityandrisk.blogspot.com Aug 07, 2010 
  • losing equipment is still a big concern - what about encryption? http://bit.ly/ac65gs Aug 03, 2010 
  • new SaR post: caffeine, alsamixer, security videos and podcasts http://bit.ly/ddpAqD Aug 01, 2010 
  • 4 Simatic WinCC/PCS SCADA customers in the world affected by stuxnet http://bit.ly/angTWN vs 60500 search results http://bit.ly/aArlQB Jul 31, 2010 
  • from http://alturl.com/f2q2j # find / -type f -exec wc -c {} \; | sort -nr | head -100 linux command line beauty - understand & master Jul 29, 2010 
  • External Agents: 70% of breaches, 98% of records (from Verizon's 2010 Data Breach Report) http://alturl.com/4zw8n Jul 29, 2010 
  • from http://alturl.com/f2q2j C:\> for /r c:\ %i in (*) do @echo %~zi, %i lists the size of files in Windows Jul 28, 2010 
  • nmap command line - a must - http://nmap.org/svn/docs/nmap.usage.txt Jul 26, 2010 
  • http://securityandrisk.blogspot.com/2010/05/it-security-management.html Jun 15, 2010