This is cool (!) An Enigma machine simulator for Android devices, a simulator of the encryption machine most used by the Germans during World War II.

Wanna try it? Browse to play.google.com/...

The PDF is available at net-security.org/...

Contents:

• Securing Android: Think outside the box;
• Interview with Joe Sullivan, CSO at Facebook;
• White hat shellcode: Not for exploits;
• Using mobile device management for risk mitigation in a heterogeneous environment;
• Metasploit: The future of penetration testing with HD Moore;
• Using and extending the Vega open source web security platform;
• Next-generation policies: Managing the human factor in security.

The PDF is available at net-security.org/...

As part of the activities that I've been developing for AP²SI I've just found this. And I couldn't resist sharing.

Yes, it's true that the cost of digital certificates is not, typically, very small. And this is one of the factors that have conditioned the widespread adoption of SSL on web servers, even though this mechanism would allow the authentication of those services, and would ensure the privacy of customer communications.

(The cost is not the only factor limiting the adoption of SSL, but it's surely a major factor, along with the performance.)

If you want to build more confidence in your Internet websites, or even in your intranet sites, Comodo has an offer with an unbeatable price, an offer that doesn't add the same degree of confidence of an EV certificate, but that may be sufficient to meet your requirements.

Good advice: google.com/goodtoknow.

In an article for the Harvard National Security Journal, Jerry Brito and Tate Watkins, wrote:

There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.

This Article asks for a better justification for the increased resources devoted to cyber threats. It examines the claims made by those calling for increased attention to cybersecurity, and notes the interests of a military-industrial complex in playing up fears of a “cyber Katrina.” Cybersecurity is undoubtedly an important policy issue. But with a dearth of information regarding the true nature of the threat, it is quite difficult to determine whether certain government policies are warranted—or if this merely represents the latest iteration of threat inflation benefitting private and parochial political interests.

in Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy.

The article is interesting for the questions it raises about the policies that are being adopted (or about to be adopted) by the U.S. government, given the evidence (and lack of evidence) that supports them, and the possible consequences of their adoption.

I'm not going into details or comment on the arguments presented. However, I feel I must write the following: It's important to keep a critical mind with regard to our own perception and our own recommendations. For this reason, I think the article is valuable and must be read (!)

Joseph Wood Krutch:

Security depends not so much upon how much you have, as upon how much you can do without.

(Original pic by Wendy Sewell, published on TrekEarth)

Interesting for those unfamiliar with the tool who want to (or have to) start the process of vulnerability scanning.

Half an hour. Where? Here: youtube.com/...

I don't want a Kevin Mitnick card; I want one that's as creative as his, and doesn't cost five dollars! Perhaps a detachable sharp Fihankra, like the ninjutsu stars for... er... difficult situations ; )

Do you have any other ideas? Please share them! : )

(This pic was shamelessly copied from Flicker. Credit is due to the photographer and a reference to the original is required)

Written from posts that were published over a nineteen-month period (!) Troy Hunt's work is now compiled in this book, a free e-book on development security, specifically targeting Microsoft's .NET application platform.

It's called OWASP Top 10 for .NET developers and it's available as a PDF at asafaweb.com/...

Are you programming on this platform? Go get it.