PENETRATION TESTING
DHS: Giving Firms Free Penetration Tests. The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a
little-known program at DHS designed to help “critical infrastructure” companies shore up their computer and network defenses against real-world adversaries. And it’s all free of charge (well, on the U.S. taxpayer’s dime). Read more
[KREBSONSECURITY.COM]
SECURITY THINK TANK: Pen Testing Must Be Followed by Action. How can an organization ensure they get value from penetration and security testing services? What role can penetration and security testing play in improving the security of an organization? If the testing is comprehensive, carried out regularly and any issues found quickly corrected then the overall picture of an organization’s security is greatly improved, although it must be said that testing is not sufficient on its own. Read more
[COMPUTERWEEKLY.COM]
ATTACK SIMULATION: Startup Offers Free Cyberattack Simulation Service. First came penetration testing, then the tabletop exercise, and now attack simulation — the relatively nascent practice of war-gaming attacks on your network to gauge how prepared (or not) you are, and where your weaknesses reside. Unlike pen-testing, attack simulation doesn’t run exploit code. It’s more about simulating the way attackers do their dirty work, from composing a phishing email and infecting a machine to the path the take to access and then pilfer credit-card data out of company. Attack simulation startup vThreat announced free access to its software-as-a-service based applications. The concept of simulating and providing a detailed postmortem of how an attacker could hack you is capturing some venture capital interest. Read more
[DARKREADING.COM]
AGENCIES: As hackers and other malicious actors become more sophisticated and agile in their attacks, federal agencies need to be proactive about cybersecurity. “Don’t wait to be hunted,” Linus Barloon, IT security branch manager for the U.S. Senate Office of the Sergeant at Arms, told attendees at the Public Sector
Cybersecurity Summit hosted by Raytheon | Websense on Dec. 1. “Start hunting,” he said. Read more
[FEDERALTIMES.COM]
OPEN SOURCE
CIOs: What Does the Trend Toward Open Source Mean for CIOs? CIOs are wise to evaluate how open source products might help them. One advantage is greater transparency not only of the source code itself, but also of all the design deliberations, etc. That’s a significant contrast to the secretive processes often used by proprietary vendors. Read more
[CIODIVE.COM]
SECURITY: The Insecurity of Platforms and How Open Source Overcomes. No platform is immune. But how does Linux and open source manage to overcome issues like Linux.encoder.1 with such efficiency? Read more
[TECHREPUBLIC.COM]
CONTINUOUS INTEGRATION: Git, Docker, and Continuous Integration for TeX Documents. The power of Git, Docker, and continuous integration (CI) can be leveraged to make TeX document compilation easy while keeping track of different variants and versions. On the top of these technologies, a flexible workflow can be developed to reflect successive changes in TeX documents in each PDF. Here’s the tutorial. Read more
[OPENSOURCE.COM]
MICROSOFT: Microsoft to Open Source A Key Piece of Its Web Browser. Microsoft will publish the source code for Chakra, the part of the Edge browser responsible for running JavaScript code, next month on the code sharing and collaboration site GitHub. The company will accept code contributions from developers outside of Microsoft. Read more
[WIRED.COM]
==========
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.
==========