Security Longreads for July 24, 2015

July 24, 2015

With a wealth of security reading available, the Security Longreads weekly e-mail is designed to highlight particularly interesting longer reads. Our “Security Reads” covers topics related to Information Security while our “Other Reads” are topics that have nothing to do with security but could be of interest to readers of JaySchulman.com.

Did someone forward this to you? Sign up at jayschulman.com.

Commentary: Big selection of reads this week. In light of governments wanting a backdoor, an article showing the history of cryptographic backdoors. The Jeep article everyone has already read. Two overhyped security threats — a good read for anyone who hears these threats from non-security people. An analysis of how you buy and sell 0-day exploits. Twitter’s CSO talks website security. And finally, a must read if your organization is thinking about DevOps.

In Other Reads, how to pick your first programming language — a must read for high school students. And why we meet too much and really need to stop meeting.

Happy Weekend,

-Jay

Security Reads

A Few Thoughts on Cryptographic Engineering: A history of backdoors A Few Thoughts on Cryptographic Engineering: A history of backdoors

The past several months have seen an almost eerie re-awakening of the ‘exceptional access’ debate — also known as ‘Crypto Wars’. For those just joining the debate, the TL;DR is that law enforcement wants software manufacturers to build wiretapping mechanisms into modern encrypted messaging systems. Software manufacturers, including Google and Apple, aren’t very thrilled with that. Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED Hackers Remotely Kill a Jeep on the Highway — With Me in It | WIRED

I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass. The Two Most Overhyped Security Threats | Fast Company | Business + Innovation The Two Most Overhyped Security Threats | Fast Company | Business + Innovation

Frightened by cyber attackers from China and North Korea? You’re more likely to get a nearly decade-old piece of malware in your email. Hacking Team: a zero-day market case study Hacking Team: a zero-day market case study

This article documents Hacking Team’s third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Team’s email archive offers one of the first public case studies of the market for 0days. Because of it’s secretive nature, this market has been the source of endless debates on the ethics of it’s participants. Twitter Security Chief Shares Secrets for Website Protection - The CIO Report - WSJ Twitter Security Chief Shares Secrets for Website Protection — The CIO Report — WSJ

Twitter has received high marks for its online security from the Online Trust Alliance. The company’s security chief Michael Coates shares the secrets of how Twitter protects its website from attackers. 4 steps to make DevOps safe, secure, and reliable 4 steps to make DevOps safe, secure, and reliable

Fast application deployment may seem at odds with robust security practices, which often take a go-slow approach to new or changed applications in order to verify that the applications are safe before letting them touch live data or business networks — or be exposed to the Internet or customers. Been hacked? Now to decide if you chase the WHO or the HOW • The Register Been hacked? Now to decide if you chase the WHO or the HOW • The Register

Marketers want the bad guys named. Security pros aren’t sure they’re right

Reads by Jay

We Need More Women in Security –Jay S Schulman We Need More Women in Security –Jay S Schulman

In creating the series of inspiring quotes from security professionals (here, here, here and here), I noticed a network dominated by male figureheads. Then at a recent security conference, someone joked “you know you’re at a security conference when there is a line for the men’s bathroom and not the women’s.” That’s a problem. Odds are … 3 InfoSec Women on Women in Security –Jay S Schulman 3 InfoSec Women on Women in Security –Jay S Schulman

In the last post, Cassia Martin introduced us some ideas on encouraging women to grow their information security career. I asked three women from my network whom I respect for the information security careers they’ve built for themselves and also for their wise words on how women can build an information security career. I’m relatively new to …

Other Reads

This Graphic Helps You Pick Your First Programming Language This Graphic Helps You Pick Your First Programming Language

When you’re first getting started learning to code, one of the hardest choices can be picking which programming language to start with. This graphic can help you choose by comparing options based on application, potential salary, geography, and more. Meeting culture needs to die Meeting culture needs to die

The meeting culture that is consuming our organizations is fundamentally flawed. And it undermines you and the profitability of your organization as we saw with the recent ouster of Bryan Stockton, CEO of Mattel, after another disappointing holiday sales season. When asked why, Stockton himself said Mattel lacked an innovative culture and blamed it on bad meetings.

Thanks! Longreads is published every Friday, just in time for the weekend.

Comments to [comments@securitylongreads.com](mailto = comments@securitylongreads.com).