Spectre & Meltdown: Mitigation Status

UPDATE 20170104: US-CERT has published an alert with aggregated links to vendor guidance and updates. Rather than requiring you to chase info all over the Internet (or on Twitter), we’ve aggregated information about the Meltdown and Spectre vulnerabilities here for your convenience. Overview Several recently-published research articles have demonstrated a new class of timing attacksContinue reading “Spectre & Meltdown: Mitigation Status”

Visualizing Pentest Findings

Quick blurb so I can remember this. A bubble chart can make a handy display for pentest findings – and prioritize them. It’s a simple way to identify and display high-impact, low-cost issues. Here’s an example of a bubble chart with some findings pre-populated. If you’re interested in using this, just create a copy and goContinue reading “Visualizing Pentest Findings”

Getting started in Information Security

I recently had a college student ask about getting into Information Security. Here’s his question: My biggest issue with my current education is the broad scale and lack of clear direction on how to achieve my goals. I know that I am very interested in penetration testing. Ethical hacking in general is a very bigContinue reading “Getting started in Information Security”

Regional Internet Registries

Handy reference list of links, storing in a single place for future use. A Regional Internet Registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. Map of Regional Internet Registries. ARINContinue reading “Regional Internet Registries”

Cybersecurity tips for traveling abroad

This was originally written in early 2017 for a friend of mine that asked for advice about how to avoid being hacked when traveling abroad.  It mirrors much of the DHS Travel Safety advice, but is meant to be a little more practical. I’m re-posting it here for the benefit of others. Note that this checklist applies forContinue reading “Cybersecurity tips for traveling abroad”