Security Longreads — Issue

Issue #19

With a wealth of security reading available, the Security Longreads weekly e-mail is designed to highlight particularly interesting longer reads. Our “Security Reads” covers topics related to Information Security while our “Other Reads” are topics that have nothing to do with security but could be of interest to Information Security professionals.Did someone forward this to you? Sign up at jayschulman.com.

SECURITY READS

Inside Shellshock: How hackers are using it to exploit systems CloudFlare immediately rolled out protection for Pro, Business, and Enterprise customers through our Web Application Firewall. On Sunday, after studying the extent of the problem, and looking at logs of attacks stopped by our WAF, we decided to roll out protection for our Free plan customers as well. Since then we’ve been monitoring attacks we’ve stopped in order to understand what they look like, and where they come from. Based on our observations, it’s clear that hackers are exploiting Shellshock worldwide. How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks | WIRED In the world of hacking, every malicious tool has its heyday — -that period when it rules the underground forums and media headlines and is the challenger keeping computer security pros on their toes. Viruses and worms have each had their day in the spotlight. Remote-access Trojans, which allow a hacker to open and maintain a secret backdoor on infected systems, have had their reign as well. These days, though, point-of-sale RAM scrapers are what’s making the news. Archimedes Research Center for Medical Device Security: NBC Chicago interviews patients, physicians, and researchers on medical device security So if you’re a future graduate student or budding security researcher, I’d encourage you to read the technical papers from the short history of medical device security. It’s no longer a cat-and-mouse game of pointing out buffer overflows and SQL injection attacks. The future is about interdisciplinary computing and health care research to produce technology, best practices, and policies that improve medical device security without interfering with the workflow or delivery of health care. The Bash Bug Is a Wake-Up Call — Karim R. Lakhani — Harvard Business Review Now is the time for companies, communities, and governments to proactively add resources to the core computing infrastructure and test it for vulnerability in a systematic fashion. While academic and government organizations like CERT (at Carnegie Mellon University) are doing an admirable job in raising awareness about security threats, more must be done. Taking a cue from the banking system, the computing industry needs to develop an approach that prioritizes proactive stress-testing, detection, and updating to anticipate problems and prevent them from occurring. This proposal is not so far out of reach. The Unpatchable Malware That Infects USBs Is Now on the Loose | WIRED Two independent researchers say that publicly releasing the code that enables BadUSB attacks will hasten a fix.

READS BY JAY

You Need A Platform To Learn — Jay S Schulman How many times have you sat down to learn something new, but given up before you’ve reached your goal? This blog has been a my platform to learn.

OTHER READS

Why You Should Never Wear Orange To An Interview | Fast Company | Business + Innovation Why your brown “power suit” could be making you look passive, why you should ditch Navy if you’re in a creative field and never wear orange. Geek Sublime by Vikram Chandra Review: Is Coding Art? | New Republic Coders are ‘makers.’ But what exactly are they making?

Thanks! Longreads is published every Friday, just in time for the weekend.