Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

SecureNinja BootCamps

CCCure Quiz Engine

Rated #1 Training

Best hacking and penetration testing magazine in the world

Library of Documents

Forum Postings

CISSP's Blogs

Here is a list of Blogs maintained by CISSP's.

SECURITY JOBS

- Information Security Jobs

ISC2 BLOGS

- Official ISC2 Blog

CISSP's BLOGS

- Allen Baranov
- Andy Willingham
- Anton Aylward
- Benjamin Tomhave
- Bob Johnston
- Chad McDonald
- CSCI Blog
- Daniel Accioly Rosa
- Dave Lewis
- Donald Glass
- Gary Hinson
- Martin McKeay
- Michael Ehart
- Michael Santarcangelo Security Catalyst
- Peter Gregory
- Rebecca Herold
- Shaun Balkum
- Vijay Upadhyaya
- Vincent Arnold 

LEGAL INFO BLOGS

- Bow Tie Law's Blog
- Chilling Effects Clearinghouse
- Cyber Law Update
- Digestible Law
- Law.Com Daily Alerts
- Law.Com Technology News
- Law.Com
- International Legal News
- Lessig Blog
- Michael Overly
- NCSL info site
- Susan Brenner
- The Gray Blog

ISO 27001 & BS 25999

- Dejan Kosutic

You know of a blog that is not listed, please Click Here to send us the link

Recommended Podcasts

MISC Menu

Security Books

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes 1827

Top10 Links

Top10 Downloads

Who's Online

There are currently, 65 guest(s) and 14 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
The CCCure Family of Portals is strictly supported by our Sponsors below and Donations.

Core Impact your compliance best friend Best security training in the world -- Forging IT security Experts

FITSP the Federal Government Certification
Home of CORE Impact
Click Here to visit.		 SecureNinja Dojo
SecureNinja Classes		 CLICK HERE
to get more details

Calendar of Upcoming Classes and Events


Great supplements to help you reach your certification goals


Job opportunities in Kuwait and Dubai
Posted by boss on Saturday, 24 March 2012 @ 21:33:20 EDT (490 reads)
Topic JOBS

cdupuis writes "

 

Good day everyone,

My good friend Balwant Rathore has jobs opening in both Kuwait and Dubai.

See the profiles he is looking for below.  Please only answer if you have the full 5 years+ of practical experience and you're willing to work in Kuwait or Dubai.

See job offers below and contact information.

Best regards

Clement

SEE MESSAGE FROM BALWANT BELOW:

I am looking for Freelancer/Consultant for followings projects:

1.      ITIL Implementation

2.      Business Continuity Management (BCM) Implementation

3.      Information Security Management System Implementation

For all three categories some amount of training skills are also required.

Experience required = 5+ years.

Project Location = Dubai and Kuwait

Start Date = As soon as possible, even today.

Payment – Best in Industry, as per experience.

If you know anybody who may be fit for above, please ask them to contact me at balwant_rathore@oissg.org

Kind regards,

Balwant

 

"

(Read More... | Score: 0)


Hal Tipton passed away last week - A great icon that will be missed
Posted by boss on Monday, 19 March 2012 @ 15:17:57 EDT (407 reads)
Topic ISC2 Org

Anonymous writes "

I had the pleasure to meet Hal Tipton in person while doing my 8 days CISSP Seminar in 1998 in Vancouver, Canada.  

I was always impressed by Hal's fatherly approach.  I remember him telling me that I should wear my jacket as it was cold outside and I was chatting with some of the students out in the cold.  He was worried I could get sick.  That's the type of person he was.

That was the initial days of the CISSP certification.   At the time there was no study resources that existed and one had to read a whole lot of books because Google did not exist in the way it exists today.

After the class I created the initial study guides along with my friend Chris Hare and this is how CCCure was born.   Hal and Sandy Sheriden who were both of my instructors were happily distributing the link to the guides to all of their students.  Quickly it did like a snowball and today we have helped more than 150,000 students in their studies.

Hal was one of the first person to contribute to our portal by giving us a copy of the Handbook of Information System Management in HTML format.  He gave it freely to us to be posted for anyone to use.  He did not ask for anything in return, he was happy to help the community and our project.  Later he gave us his own slide show on the ten domains that he was using for his one day class.

I have traded numerous emails with Hal over the years.  He always responded to my many queries and sometimes complaints.   What amazed me the most is how down to earth he has always been.  For me he was an icon,  he was the person who wrote the CBK, he was the person preaching security of systems way before security was even in the limelights.  I was looking up at him and telling myself:  when I grow up I wish I can be like Hal.   I am still wishing the same today,  when I will be in my eighties I hope that I will be doing work just like he did until his final days with us.    

Hal is a friend that  I will dearly missed.

Rest in peace my friend

Clement

SEE BELOW A TESTIMONY FROM ROSS LEO ONE OF OUR INSTRUCTORS, A FRIEND, AND CO-WORKER AT SECURE NINJA:

I too had the opportunity to get to know Hal.  

I was luckier than most:  he was my boss at Rockwell international, he was my mentor in our fledgling profession, and he was my co-instructor that brought me into ISC2 for mentoring and instructing CISSP candidates from 1998 until 2004.  

He set me up and endorsed me as Chairman of curriculum development during that time.  He was my mentor and my inspiration.  It was Hal and his commitment to InfoSec that made me make my commitment to it, almost 30 years ago. Even after I left ISC2, he kept me connected to the process of maturing and developing my professional standing.  

I may have coined the term CIA, but it was he that helped it to become the standard that it has for our profession and our profession descendents.

We would not be where we are today as the professionals and protectors of those systems that run our industries, government, and critical infrastructure without leaders like Harold Tipton.  He will be much missed, but his memory will live on in each of us that remember him as we do this vital work that he helped give birth to.  

I wish him fair winds, following seas, and safe journies.  Thanks for all you have done, my friend and mentor.

Ross

"

(Read More... | Score: 0)


The CISSP exam is available online as of 1st of June 2012 at VUE testing
Posted by boss on Tuesday, 06 March 2012 @ 02:46:41 EST (951 reads)
Topic ISC2 Org

cdupuis writes "

After much speculation and questions as to when the exam would be available online in English, it is now official, (ISC)²® is going to offer the exam online for English speaking students as of the 1st of June.  This is a major change and it is very welcome.

You can begin registering for computer-based testing (CBT) for CISSP, CISSP concentrations and the SSCP certifications on June 1, 2012.

You no longer have to wait for an exam to show up in your area a few times a year or as it is the case with many countries once a year only.  You can now book your exam with VUE testing when  you are ready and in a location close to you as well.  This is so much more flexible than the outdated paper based approach they were using until now.

Accordint to the ISC²® press release this transition provides numerous benefits to candidates, members and the information security community, including:

  • Fair and precise evaluation of a candidate’s competency
  • Rapid turnaround of exam results
  • More choices as to when and where to take the exam
  • Easier registration
  • Fortified exam security

All (ISC)² credential exams will be offered globally at approved Pearson VUE testing centers.

Currently, all (ISC)² exams offered via CBT are available in English, with the CISSP and SSCP exams also available in Brazilian Portuguese at any of the approved  Pearson VUE testing centers in Latin America.  The CISSP exam is also available in Spanish throughout Latin America.   

Candidates can register directly through PearsonVUE

This is really good news for all

Best regards

Clement

Clement Dupuis, CD
Owner and Founder of CCCure
CLO at Secure Ninja

"

(Read More... | Score: 4)


Secure Ninja Appoints Leonard Chin as VP to Lead International Expansion
Posted by boss on Wednesday, 22 February 2012 @ 20:34:33 EST (512 reads)
Topic CISSP OSG INFO

cdupuis writes "

 

With 80% of its target market overseas Secure Ninja expands globally to meet the growing demand for Information Security training and service solutions.

Secure Ninja is pleased to announce the appointment of Leonard Chin as Vice President to lead its international marketing and business development.   In response to the global opportunity for its leading edge security services, Secure Ninja also announces its expansion into Europe, the Middle East and Africa (EMEA), along with select markets in Asia Pacific and South America.

With a decade of experience in developing new business and driving international sales, Leonard will be a key asset to Secure Ninja as the company grows its customer and value-added reseller (VAR) base in the coming year.

Leonard possesses extensive field experience specializing in sales and marketing functions across numerous industries including finance, conference, seminars, franchise, technical training and education. Leonard has established countless strategic partnerships with numerous Fortune 500 companies and government organizations. Leonard is well known as a conference specialist, having successfully managed a string of highly successful EC-Council conferences during his tenure. He was instrumental in conceptualizing and organizing the first Hacker Halted USA in 2008 and thereafter making it a mainstay in Miami. Leonard was responsible for launching, designing and directing the highly technical TakeDownCon series, which was recently hosted in Dallas and Las Vegas in 2011.

“We are delighted to have Leonard Chin on our team. He is an extremely knowledgeable and well-connected infosec business professional who possesses great leadership ability and outstanding communication skills, which are crucial elements to effectively manage and influence people towards meeting our company’s international business objectives,” said Ned Snow, President, Secure Ninja. “By combining Leonard’s expertise to manage a strong team of subject matter experts and sales engineers in key regions, Secure Ninja will be well positioned for our next phase of innovation and growth.”

Prior to this appointment, Leonard was a key executive at EC-Council, creator of the world renowned Certified Ethical Hacker (CEH) programs as well as numerous other recognized certifications such as the CHFI, ECSA and Licensed Penetration Tester (LPT). He held various roles within the organization including Director of Marketing, and Director of Conferences & Events, as well as concurrently being the Conference Director for both the TakeDownCon and Hacker Halted conference series. And in 2011, he was appointed as the Vice Chair of the world’s first international team ethical hacking games - the Global CyberLympics.

"It is an honor and I’m excited to be part of Secure Ninja’s immensely qualified team, which is on the leading edge of information security services and training methodology development," said Leonard. "I'm looking forward to expanding Secure Ninja’s suite of security services and training offerings internationally, ensuring its growth and market captivity, as well as attaining global branding.”

About Secure Ninja

Secure Ninja is a leader in Information Security, IT training and certification such as CISSP, Security+, CEH, CAP, CISM, ISSEP, ISSMP, ISSAP, Cloud Security, Wireless Security and Computer Forensics to name a few. Secure Ninja has been providing businesses with programs that answer regulatory needs and skills gaps for over 8 years. Our training programs educate and certify employees in the areas that are critical to business operations. With certified professionals on staff, the company demonstrates that it is seriously engaged in producing ROI on technology investments and handling compliance requirements competently. Our programs also create solutions for the DOD and the system integrator community by answering the certification needs of the 8570.01-M mandate. Secure Ninja’s assessment, consulting and security services division specializes in governance, risk and compliance programs for both corporate & government agencies including information assurance, IV&V security audits and cyber-security solutions.  For more information visit http://www.secureninja.com

 

Contact Information
Ned Snow
Secure Ninja
http://www.secureninja.com
(703) 535-8600 ext. 15
"

(Read More... | Score: 0)


CISSP® CBK® introduced as of January 2012 -- What does it means to me
Posted by boss on Thursday, 16 February 2012 @ 08:51:03 EST (679 reads)
Topic ISC2 Org

cdupuis writes "

Good day to all,

I am still receiving numerous inquiries about the changes that were introducted in the new CISSP® CBK® that was released as of January 2012.

As I have mentioned in my full review of the old CBK® compared with the new CBK® there is almost no changes that were introduced.  The changes are mostly semantics, lots of the changes are rewording within the Candidate Information Bulletin (CIB).   So there is no worries,  the material you have will still match perfectly well with the current exam offered by ISC2® and you don't need new books or new resources.

This is not just hearsay or rumors, the ISC2® website has a series of documents that talks about the process and this topic.   They give you details on what to expect.  The documents available on the ISC2® website all say very clearly:

  1. The candidates should not expect big changes in any examination (or test question)
  2. No domains were deleted or added to the CISSP® certification, only one domain was renamed
  3. The content changes mostly involved relocating and renaming of some of the topics
  4. There will be no new questions in the forms that will require major changes to any education programs
  5. All changes can be easily covered by instructors using the current education material

So it is business as usual.  Do not let rumour throw you off you study plan.   What you put in is what you will get out of it.

Remember to look at my tips and tricks before you start your studies.  You will find them at:

http://www.cccure.org/article1477.html

Take care

Clement

 

References:

ISC2® Paper about their education process and Job Task Analysis

Slide show on changes withing the ISC2® CBK®

The CISSP Candidate Information Bulletin (CIB)

"

(Read More... | Score: 0)


4th Cyber Security Summit, Huntsville, Alabama
Posted by boss on Thursday, 09 February 2012 @ 10:20:34 EST (632 reads)
Topic Training News

cdupuis writes "Fourth Annual Cyber Security Summit
June 7th, 2012 @ The Von Braun Center >>>>>CALL FOR PAPERS<<<<<< Submission Deadlines:

Proposed topic and abstract – 01 March 2012

Speaker selection notifications – 30 March 2012

Final presentation material due – 1 June 2012

Submission POC: callforpapers2012@northalabama.issa.org

 Co-Presented by:

 

 

   
"

(Read More... | Score: 0)


Security Kaizen Magazine Issue 4 is released
Posted by boss on Friday, 03 February 2012 @ 13:52:58 EST (717 reads)
Topic Training News

cdupuis writes "
Security Kaizen Magazine Yearly issue.
An issue that you shouldn't miss
In Egypt : 30 % discount Coupon for EC council Courses inside the Printed Copy.

Printed Copy Request
Coming Soon : Arabic Version


"

(Read More... | Score: 0)


Modeling Security Pentests - New Issue of WebAppPentesting is Out!
Posted by boss on Wednesday, 25 January 2012 @ 11:54:16 EST (717 reads)
Topic Hakin9

Anonymous writes "

Inside Web App Pentesting:

Open Source Web Application Security Testing Tools by Vinodh Velusamy

Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish.

Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with your information systems.
At the end of the day and over the long haul, this will add up to considerable business value you can’t afford to overlook”.

More Articles:

- Modeling Security Penetration Tests with Stringent Time Constraints by Alan Cao
- The puzzlepices by Daniel Clemens
- WebAppSecurity for Newbies part 2 Herman Stevens
- Web Application Common Vulnerabilities – Part I by Bryan Soliman
- CYBER STYLETTO by Mike Brennan and Richard Siennon


SUBSCRIBE NOW AND GET 2 AMAZING E-BOOKS !

1. CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits details the methodologies, framework, and unwritten conventions penetration tests should cover to provide the most value to your organization and your customers.

2. In his new book "Save the Database, Save the World!" John Ottman captures the essence of the threats we face to the information that drives business. Organized crime, underhanded competitors and even foreign governments are looking to gain any financial, competitive or operational advantage and these enemies are going directly after the databases and the applications that access data.

After subscribing contact katarzyna.zwierowicz@software.com.pl with "WAPT" in the tittle of the message.

You can visit us at: http://www.pentestmag.com

"

(Read More... | Score: 0)


Sykipot variant hijacks DOD and Windows smart cards
Posted by boss on Monday, 23 January 2012 @ 08:49:17 EST (741 reads)
Topic Virus

cdupuis writes "
January 12th, 2012 | Posted by jaime.blasco 

Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry.

Recently, our lab has been talking about Sykipot:

 

As we discussed, this malware has been used to launch targeted attacks via “spear phishing” campaigns against targets mainly in the US, since around 2007. According to our research, these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.

Smartcards have a long history of usage in the Defense Sector, for both physical and information access management, and historically have merely forced attackers to route around the smartcard authentication system through other, more vulnerable attack vectors.

It should come as no surprise, then, that we recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.

Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine (the attackers here took advantage of a zero-day exploit in Adobe). Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center.

Click Here to get a whole lot more details on the attack

"

(Read More... | Score: 0)


SOPA and PIPA -- What`s in it for you
Posted by boss on Thursday, 19 January 2012 @ 13:20:31 EST (799 reads)
Topic Law & Legalities

cdupuis writes "

As seen on one of my hosting company mailing list:

Greetings Site5 Customers!

The U.S. Congress is currently considering two bills -- one in the House of Representatives called SOPA (Stop Online Piracy Act) and another in the Senate called PIPA (Protect IP Act). These bills both attempt to use similar methods to further criminalize and police intellectual property infringement. Although protecting intellectual property is important, these bills would use heavy-handed tactics that would censor and splinter the Internet.

SOPA and PIPA would grant the U.S. government the ability to block almost any website on the Internet if the site is perceived to be an "infringing site." Search engines would be required to remove the site from their search listings, payment processors and advertisement networks would be forbidden from doing business with the site, and ISPs could be forced to block access to the site for Americans. The bill provides little detail about what would constitute an infringing site, which makes the potential for abuse far greater. We have already seen how these kind of systems can be abused. In 2010, ICE (Immigration and Customs Enforcement) mistakenly seized a domain name belonging to a music blog and labeled it as a "rogue site" — the domain name was not returned until a year later (source: http://nyti.ms/uF73mZ). If you would like to see a video explanation of how the bill works and its dangers, please go here: http://vimeo.com/31100268

Site5 has publicly declared our opposition to both bills, and we encourage you to do the same. Contact your representatives in Congress to let your opposition to these bills be known! To locate the contact information for your representatives, visit one of the following websites:

http://www.contactingthecongress.org
http://www.grassroutes.us/sopa

If you're located outside the United States, you can let your voice be heard as well by sending your thoughts via this website:

http://americancensorship.org

Another way to get involved in the fight against SOPA and PIPA is to join in on the blackouts. Many well-known websites such as Wikipedia, Google, and Reddit are demonstrating their opposition, and you can too. Site5 has sponsored a WordPress plugin for participating in blackouts, and it features an easy setup and configuration options within the WordPress admin area:

http://wordpress.org/extend/plugins/sopa-blackout-plugin/

We feel very strongly that the future of the Internet is at stake, and we urge everyone to get involved!

Thanks,

The Site5 Management Team

"

(Read More... | Score: 0)


DARPA set to develop super-secure "cognitive fingerprint"
Posted by boss on Wednesday, 18 January 2012 @ 09:26:03 EST (680 reads)
Topic Cryptography

cdupuis writes "
By Layer 8
Created Jan 17 2012 - 12:54pm

 

Developers at the Defense Advanced Research Projects Agency want to build information technology security [1] that goes beyond simply recognizing complex passwords but rather gets in your head to confirm your identity before you get access or continue to have access to important information.

Specifically, the agency's Active Authentication program looks to develop what DARPA calls "novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics."

More security news: From Anonymous to Hackerazzi: The year in security mischief-making [2]

Biometrics is defined as the characteristics used to uniquely recognize humans based upon one or more intrinsic physical or behavioral traits. Active Authorization focuses on the computational behavioral traits that can be observed through how we interact with the world. Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a "cognitive fingerprint," DARPA said in officially announcing the contracting process for the program.

DARPA had talked about Active Authentication [3] at its Colloquium on Future Directions in Cyber Security meeting last October.   "Active Authentication program to tie identity to level of access within system. You're the key to your system.  Want to make machine aware of its operator and are working towards systems managing authentication invisibly in the background," Such new systems might look at the unique words a user types or examine length of sentences and use of punctuation to determine user authenticity, said DARPA program manager Richard Guidorizzi at the meeting. 

In its current announcement [4] DARPA stated: "The current standard method for validating a user's identity for authentication on an information system requires humans to do something that is inherently difficult: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus, unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console."

More news: 25 tech touchstones of the past 25 years [5]

DARPA said the current Broad Agency Announcement will address the first phase of what it says will be a three phase development program.  In the first phase, the focus will be on researching biometrics that does not require the installation of additional hardware sensors. Rather, DARPA will look for research on biometrics that can be captured through the technology already in use in a standard DoD office environment, looking for aspects of the "cognitive fingerprint." A heavy emphasis will be placed on validating any potential new biometrics with tests to ensure they would be effective in large scale deployments.

Some examples of the computational behavior metrics of the cognitive fingerprint include:

  • - keystrokes
  • - eye scans
  • - how the user searches for information (verbs and predicates used)
  • - how the user selects information (verbs and predicates used)
  • - how the user reads the material selected
  • - eye tracking on the page
  • - speed with which the individual reads the content
  • - methods and structure of communication (exchange of email)

The later planned phases of the program will focus on developing a system that integrates any available biometrics using a new authentication platform suitable for deployment on a standard desktop or laptop. The authentication platform is planned to be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from any source, DARPA stated. 

The Active Authentication program is just one of DARPA's many plans to improve system security. At its Colloquium meeting the agency reminded everyone that it had a big hand in creating the Internet and now its wants to get serious about protecting it.  DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.

Follow Michael Cooney on Twitter: nwwlayer8 [6]  and on Facebook [7]

Source URL: http://www.networkworld.com/community/blog/darpa-set-develop-super-secure-cognitive-fingerprint

Links:
[1] http://www.networkworld.com/community/blog/who-really-sets-global-cybersecurity-standard
[2] http://www.networkworld.com/slideshows/2011/120111-security-layer8.html?ap1=rcb
[3] http://www.networkworld.com/community/blog/darpa-detail-program-radically-alters-securit
[4] https://www.fbo.gov/index?s=opportunity&mode=form&id=093ec9cdad8d8dc49e08855eae680084&tab=core&_cview=1
[5] http://www.networkworld.com/slideshows/2011/050911-anniversary-timeline.html?ap1=rcb
[6] http://twitter.com/NWWlayer8
[7] http://www.facebook.com/pages/Layer-8-By-Michael-Cooney/133875286655670
[8] http://www.networkworld.com/slideshow/25895
[9] http://www.networkworld.com/community/blog/nasa's-alternative-space-station-rocks-your-smartphone
[10] http://www.networkworld.com/community/blog/x-prize-offers-10m-competiton-build-star-trek-medical-tricorder
[11] http://www.networkworld.com/community/blog/who-are-go-cybersecurity-help-groups
[12] http://www.networkworld.com/community/blog/quick-look-creation-computer-language-translation-efforts-58-years-ago-month
[13] http://www.networkworld.com/community/blog/nasa-set-mars-bound-spacecrafts-biggest-thruster-blast
[14] http://www.networkworld.com/community/blog/epa-wants-your-environment-pictures-issues-public-photo-challenge
[15] http://www.networkworld.com/community/blog/thick-martian-dust-makes-nasa-pick-sunnier-locale-mars-rover
[16] http://www.networkworld.com/community/blog/dept-energy-developing-project-reinforce-grid-cybersecurity
[17] http://www.networkworld.com/community/blog/nasa-2012-its-really-not-end-world-we-know-it
[18] http://www.networkworld.com/community/blog/murder-it-security-and-other-mysteries-stories-layer-8-2011

"

(Read More... | Score: 0)


New Issue of PenTest Extra Magazine is available
Posted by boss on Monday, 16 January 2012 @ 10:34:15 EST (714 reads)
Topic Hakin9

cdupuis writes "
New Issue of PenTest Extra Magazine is available! Download the Free Sample Issue to check the content and read Free article, just click here.

Read free article "XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications" by Marsel Nizamutdinov The goal of this article is to demonstrate the real danger of post-authenticated vulnerabilities. The author will not explain the basics of web application attacks in this article, as that has already been done many times before by others. He will focus on a practical way to exploit post-authentication XSS's and CSRF, which remain a highly underestimated attack vector in the security scene.

Inside:
  • XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications by Marsel Nizamutdinov
  • Discovering Modern CSRF Patch Failures by Tyler Borland
  • Business Logic Vulnerabilities via CSRF by Eugene Dokukin
  • XSS Using Shell of the future by Sow Ching Shiong
  • Cross-Site Request Forgery by Jamie
  • Security Resolutions for 2012 by Rishi Narang
  • Interview with Peter N. M. Hansteen by PenTest Team
Get For Free "The Book of PF" by Peter N. M. Hansteen! Buy annual subscription of PenTest and receive:
  • Free Ebook "The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall" worth $30.00 Today's system administrators face increasing challenges in the quest for network quality, and The Book of PF can help by demystifying the tools of modern *BSD network defense. But, perhaps more importantly, because we know you like to tinker, The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:
    • Create rule sets for all kinds of network traffic, whether it is crossing a simple home LAN, hiding behind NAT, traversing DMZs, or spanning bridges
    • Use PF to create a wireless access point, and lock it down tight with authpf and special access restrictions
    • Maximize availability by using redirection rules for load balancing and CARP for failover
    • Use tables for proactive defense against would-be attackers and spammers
    • Set up queues and traffic shaping with ALTQ, so your network stays responsive
    • Master your logs with monitoring and visualization, because you can never be too paranoid
If you buy PenTest annual subscription, you will receive 48 Issues of PeneTest per year and get:
  • PenTest (release date: 1st of each month) – 50 pages of content dedicated to penetration tests, few regular columns written by specialists
  • PenTest Extra (release date: 15th of each month) – 50 pages of strictly topical content dedicated each time to different hot topic
  • Mobile Pentesting (release date: 7th of each month) – 40 pages of content dedicated to latest mobile topics
  • Web App Pentesting (release date: 22nd of each month) – 40 pages of content dedicated to web application topics
Buy annual subscription and contact us at krzysztof.marczyk@software.com.pl. We will take care of everything for you!


Contact PenTest team!
Please spread the word about PenTest magazine!

Enjoy reading!
Krzysztof Marczyk & PenTest team
mailto:olga.glowala@software.com.pl
PenTest Magazine

"

(Read More... | Score: 0)


Sniffing an SSL Handshake using Wireshark -- Crypto Song
Posted by boss on Sunday, 15 January 2012 @ 12:00:23 EST (954 reads)
Topic Cryptography

cdupuis writes "

My good friend Larry Greenblatt an instructor extraordinaire and a men of many talents has created a great song about SSL sniffing using Wireshark.  Listen to it on UTube.  See his note below:

I created a music video about Crypto using Wireshark to sniff a SSL handshake with Google.  I got some good comments from some Sharkfest presenters and it looks like I am going to present this at Sharkfest 2012 in June!

http://www.youtube.com/watch?v=1dHsj1ZxDto

"

(Read More... | Score: 0)


OWASP Long Island Chapter
Posted by boss on Saturday, 14 January 2012 @ 10:43:00 EST (837 reads)
Topic Vulnerabilities

cdupuis writes "

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

All Long Island chapter meetings are free. Please water our calendar for up coming events.

For more info contact:  Helen Gao  (helen.gao@wasp.org)

https://www.owasp.org/index.php/Long_Island

"

(Read More... | Score: 0)


Live Online CISSP Boot Camp at 1/2 the price of our Live Classroom Boot Camp
Posted by boss on Wednesday, 21 December 2011 @ 20:45:54 EST (1105 reads)
Topic Training News

cdupuis writes "
CISSP ® LIVE OnLine
Secure Ninja cccure.org
Get Certified and Save Big with Secure Ninja's Buy One Get One Promo
  • Accessible from any Location
  • No Daily Commute in traffic
  • No Airfare Fees
  • No Hotel fees
  • Same quality of delivery as a brick and mortar class
  • All sessions are recorded
  • Listen as many times as you wish
  • Do it from the comfort of your home
  • Let Clement guide you to success (pre-present-post mentoring)
  • 5 Day CISSP Immersion Training
  • Award Winning Proprietary Curriculum
  • Highest CISSP Exam Pass Rates
  • Day, Evening,Weekend & Live Online classes to meet your busy schedule
  • Pre/Present/Post Class Paid Account to CCCure Quiz Engine (World's best CISSP 2000+ exam questions)
  • Exclusive CISSP Scenario Based Exam Questions
  • Get DoD 8570.1-M CISSP Compliant
  • WIA (Workforce Investment Act) Approved
  • Veterans Benefits & GI Bill Approved - Welcome Military!
  • Option to resit  Live Online CISSP class for up to one (1) year
Clement Dupuis, CD
Your Live Online mentor Before, During & After class
Secure Ninja @ Linkedin See Us @ Youtube Like us on Facebook Fallow us Twitter

Get Live Online Instructor Led Learning for 1/2 the price of our Classroom Based Boot Camps.
Book it Now
Class is filling fast. Call Enrique to secure your seat today.

Phone: +1 703 535 8600 x16
Mobile: +1 305 467 7436

Enrique@secureninja.com
Secure Ninja
901 North Pitt St. Suite 105
Alexandria, VA 22314
 Phone: 703.535.8600
Fax: 703.535.8656
Email : info@secureninja.com
"

(Read More... | Score: 0)

Recommended Training

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Recommended

CCCure Partners

BRAZIL

Logical IT

Best Security Training in Brazil

São Paulo
Rio de Janeiro
Belo Horizonte
Fortaleza
Brasilia

USA

SecureNinja.Com

SecureNinja Dojo

CANADA

360 Security Experts

CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg

MIDDLE EAST

CISSP Dubai
CISSP Abu Dhabi
CISSP Qatar
CISSP Kuwait
CISSP Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs

EUROPEAN UNION

CISSP Dublin, Ireland
CISSP London, UK
ESPION

Best security training you can get in Ireland

AFRICA

Lagos, Nigeria
CISSP and Security Training
Digital Encode

The best security training in Lagos and Nigeria

----------------------------
Cameroon
Security Training
CISSP, CEH, Security+
GETSEC

Best Security Training in Cameroon

Most Active Members

· 1: side_winder
Total points: 15356
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cissp_newbie
Total points: 7593
· 5: cdupuis
Total points: 7507
· 6: mikeyoung_fla
Total points: 5526
· 7: Vladimir
Total points: 4611
· 8: damoose
Total points: 3434
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2573

Today's Big Story

There isn't a Biggest Story for Today, yet.

Random Headlines

Past Articles

Wednesday, December 21
· WebApp Pentesting for charity
Friday, December 16
· Clement Dupuis, CLO of Secure Ninja on you tube
Thursday, December 15
· PenTest Extra Physical Security Issue 4 of 2011
· New Christmas Issue of Hakin9 Extra is out!
Sunday, December 11
· 2012 looks super promising for Information Security Pros
Wednesday, November 16
· (ISC)2 Election of Directors Voting “Irregularities”
Wednesday, November 09
· SecureNinja declared co-winner of SC Magazine 2012 Awards
Tuesday, November 01
· Brad Smith (aka TheNurse) donation page
Sunday, October 23
· Abu Dhabi and Kuwait City CISSP training by CCCure & OISSG
Wednesday, October 19
· St. Cloud State University wins OWASP AppSec USA 2011 University Challenge
Thursday, October 13
· The Best of Hakin9 Compilation for year 2010 available for FREE
Sunday, October 02
· I Received My (ISC)2 Decertification Notice Today
Thursday, September 29
· Sad News about Doctor Eugene (Gene) Schultz
Sunday, September 25
· (ISC)2 at a crossroads: CISSP value vs. security industry growth
Thursday, September 15
· CISSP Exam Computer Based testing has arrived, English version not available yet
Sunday, September 11
· 6 Reasons Why You Should NOT Work With Information Security
· ISC2 Board of Directors Ballot -- Put in your vote
Wednesday, September 07
· Attribution Validation
Saturday, August 20
· ISC2® forgot about the meaning of the letter "A" in CIA
Thursday, July 14
· CISSP CIB Clarification

Older Articles

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

    • Page Generation: 0.88 Seconds