C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

  1. Cyber Security Awareness month – SANS Resources
    1. 2017 Security Awareness report: It’s time to communicate – “Learn the latest trends and lessons learned in building mature awareness programs from over 1,000 security awareness professionals.”
    2. Selected issues from SANS OUCH!
      - Lessons from wannacry
      - Passphrases
  2. Vulnerabilities in Dnsmasq – update now
    - “Dnsmasq provides functionality for serving DNS, DHCP, router advertisements and network boot… Dnsmasq is widely used both on the open internet and internally in private networks.” [*BSD / Linux / Android]
  3. Cloud (In)Security Surprise
    - see opening note by Alan on the considerations and responsibilities. So, who wants to be a “CAO” :-#
  4. Encrypted Web (HTTPS) traffic interception
    - consider the implications…
  5. How I hacked hundreds of companies through their helpdesk
    - (/support portal/Yammer/Slack/others)
  6. The easy way to analyze huge amounts of PCAP data – using Moloch and ElasticSearch
    - “When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.” Read on for how to analyse it…
  7. security@xyz.ac.za, abuse@xyz.ac.za…
    - Do you have/need these addresses and who monitors?
    - What about the necessary processes, etc.?
    ref: www.ietf.org/rfc/rfc2142.txt – [Page 2]
    ref: www.ietf.org/id/draft-foudil-securitytxt-00.txt (A Method for Web Security Policies – draft)
  8. 7 in 10 smartphone apps share your data with third-party services
    - An interesting read and nice tool to track what PII is being shared from your own device