Security

Observing Shellshock Attacks in the Real World

Posted In Living in Tech
Pavel Ignatov Shutterstock
A look at some of the Shellshock-related reports from the past week makes it seem as if attackers are flooding networks with cyberattacks targeting the vulnerability in Bash that was disclosed last week. While the attackers haven’t wholesale adopted the flaw, there have been quite a few attacks—but the reality is that attackers are treating the flaw as just one of many methods available in their tool kits. Bash is widely used in Linux and Unix systems, and many applications—such… continue…

Penetration Testing Is a White-Hot Industry

Posted In Looking in Tech
Maksim Kabakou Shutterstock
In the wake of high-profile IT breaches at Target and other major corporations, penetration-testing firms are more popular than ever. Companies and government agencies have woken up to the fact that a cyberattack on their data is all but inevitable, and they need employees and contractors capable of discovering vulnerabilities before hackers do. In other words, it’s a potentially lucrative time to explore penetration testing as a career. You could work for the security offshoot of a well-established firm such… continue…

4 Interview Qs for Network Penetration Testers

Posted In Looking in Tech
Dice Interview Qs Icon
Network penetration testers hack into an organization’s systems to uncover security vulnerabilities. Not surprisingly, they need a strong sense of curiosity, says Charles Tendell, founder and CEO of Denver-based Azorian Cyber Security, a professional penetration testing company. In the wake of high profile breaches at the likes of Target and IBM, demand for penetration testers is up, Tendell says. Large companies are adding resources in-house, even as smaller specialty firms crop up. If you’re looking to interview with one, expect a… continue…

Can Defense Companies Hire Hackers on Their Terms?

Department of Defense
Big-name aerospace and defense contractors like Boeing, Raytheon and Northrop Grumman are beginning to think that one answer to their cybersecurity recruiting needs  lies in the hacker community. After all, if you want to combat attacks from people who think out of the box, why not hire people who think out of the box? It’s ironic because all of these companies are known for being somewhat conservative—they work for the Defense Department, after all, and security to them is a… continue…

NSA Hints at Outreach to Silicon Valley Talent

NSA Spying Protests
The National Security Agency is worried that all of the controversies surrounding its, er, data-gathering activities is hurting its efforts to recruit technology talent, according to comments made earlier this week by Anne Neuberger, a special assistant to agency Director Michael Rogers. Speaking at a seminar hosted by the LongNow Foundation, Neuberger “extended a plea to an audience replete with tech workers to consider a career in government, or at least apply for a fellowship,” Reuters reports. Though many officials… continue…

Companies Feel Pressure to Hire CISOs

Posted In Looking in Tech
Mobile Security
In the relatively brief time it’s been around, the Chief Information Security Officer’s job has developed into a pressured, thankless existence. These are the executives charged with keeping an organization’s systems secure in the face of mounting cyberattacks, careless vendors, and employees who are more concerned with using their own iPhones than keeping company data secure. “This job is not for the fainthearted,” David Jordan, CISO for Virginia’s Arlington County, told The New York Times. Click here to find CISO… continue…

Internet of Things Increases Need for Security Pros

Smart Home
The sheer number of “things” to be secured in the Internet of Things is expected to create a rash of jobs in cybersecurity over the next several years. “You’re going to have to secure the device or the sensor, you need to secure the data, and you’re going to have to secure that across an open network,” Intel’s head of business marketing, Stuart Dommett, told an IoT roundtable in May. “It really is a massive, massive change.” Click here to… continue…

Is This New Cyber Forensics Certification Worth the Investment?

(ISC)²
Continued pressure on cybersecurity systems is making professionals with security and forensic experience extremely attractive to employers. Not surprisingly, related certifications are gaining more attention, including one of the newer ones: the CCFP, or Certified Cyber Forensics Professional from the (ISC)². According to (ISC)² Executive Director W. Hord Tipton, the organization saw a need for a certification that was broader than those available for professionals working in and around law enforcement, intelligence, litigation, consulting and computer security. The CCFP’s target… continue…

The Next Big Threat to the Internet

Posted In Living in Tech
shutterstock_112158140
Here’s cause for a little Monday optimism: A majority of experts interviewed by the Pew Research Internet Project think the Internet will remain free in coming decades. Unlike most Pew surveys, which are randomized and meant to represent a broad swath of the American population, this latest research is described as a “canvassing,” with hundreds of technology experts invited to leave their opinions on the future of the Internet. To those 1,400 willing to submit to questioning, Pew opened with… continue…

Want to Help Lock Down Google’s New Chrome Extension?

Posted In Living in Tech
shutterstock_171929321
Google wants its developer community to pick through its latest Chrome extension, End-to-End, for potential vulnerabilities. End-to-End, currently in Alpha release, allows users to encrypt, decrypt, digitally sign and verify signed messages within the browser. It implements the OpenPGP standard, IETF RFC 4880. As part of its security process, Google has posted the source code on code.google.com, and it wants those with the skills to give it a thorough looking-over. Click here to see security jobs. “One of the reasons… continue…