Security Longreads for August 7, 2015

Issue #63

With a wealth of security reading available, the Security Longreads weekly e-mail is designed to highlight particularly interesting longer reads. Our “Security Reads” covers topics related to Information Security while our “Other Reads” are topics that have nothing to do with security but could be of interest to readers of JaySchulman.com.

Did someone forward this to you? Sign up at jayschulman.com.

Commentary: The world is consumed with Blackhat (and soon to be Defcon) presentations. I just couldn’t bring myself to publish many of them this week (see my post on Guns, Toilets and Semis below). I do start off this week with a roundup post on everything interesting at Blackhat. Elsewhere, it came out that the FBI decrypted a Truecrypt volume. If you’ve kept up with Truecrypt, the creators closed it down and many suspected government involvement. An interest read (yet full of hypotheticals). Jeff Moss’s Blackhat keynote on how we’ll all have security jobs — but they’ll be miserable jobs. (So much for “Building A Life” in security.) Finally, it’s hard not to gush about Tesla. As a security guy, it’s good to see the car patched nationwide automatically days before a vulnerability was published.

In Other Reads, I’m big into researching DevOps — and its intersection with security — and this is a good read on the culture. Since it’s summer, the computerization of baseball umpires and how you should work as though your kids are watching. (My daughter joined me at work on Wednesday.)

Happy Weekend,

-Jay

Security Reads

OPM wins Pwnie, Google on Android security, DoJ on CFAA: Black Hat 2015 roundup | ZDNet

Black Hat USA is finishing up in Las Vegas. News from its 18th year includes nuclear nightmares, Department of Justice on computer crime and research, Google on the state of Android security and much more. Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin • The Register Wait, what? TrueCrypt ‘decrypted’ by FBI to nail doc-stealing sysadmin • The Register

Do the Feds know something we don’t about crypto-tool? Or did bloke squeal his password? IT security staff have a job for life — possibly a grim, frustrating life • The Register

Black Hat 2015 Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren’t going to have fun in the next decade.

“We are all employed for life,” Moss said. “It’s interesting, I see problems and challenges and on one hand am really excited, but on the other I just want to sleep.” Researchers Hacked a Model S, But Tesla’s Already Released a Patch | WIRED

Two hackers figure out how to attack a Tesla Model S, yet also call it “the most secure car that we’ve seen.”

Reads by Jay

On Hacking Guns, Toilets, Semis and More –Jay S Schulman

Starting in late July every year, we start hearing about fantastic hacks that are going to get presented at Blackhat. The media jumps at the opportunity to report on sensational stories of hacking a refrigerator with a toothpick and an iPad while sitting in the backseat of an Uber. Wired Magazine is almost 100% reporting on … The Only Security Certifications You Actually Need –Jay S Schulman

There are only two certifications you need in information security: The CISSP and CISA. Here’s why.