Interesting Reads of the Week - Week 22

My Reads

• The Vulnerabilities Market and the Future of Security
  Bruce Schneier comments on the evolution of the Vulnerability Market and it's implications, the essay is surprisingly good supplement to the presentation I gave at OWASP on the Matter.
• SEC Guidance is a Really Big Deal
  New SEC guidance on Whistle-blowers and it's impacts on necessity of disclosing Security Breaches
• Data Breach Notifications in the EU
  ENISA review of the current situation in the implementation of data breach notifications requirement, set up by the Article 4 of the reviewed ePrivacy Directive
• The Endowment Effect in Information Security
  An attempt to explain the cognitive dissonance on the perception of Risk
• Attacking Cloud Infrastructures by Malicious VMDK Files
  A presentation by ERNW on how to attack cloud infrastructure using Virtual Hardisc integration that is under complete control of the attacker. Nice tricks allow for access to ESX host data and even mapping other ESX mapped drives. This goes to show again that any input data that can be directly or indirectly controlled by an untrusted party (even config files) need to be covered in your initial treat model as to address or accept it at a later stage.
• Over-55s pick passwords twice as secure as teenagers
• 6 Reasons why Business Managers Ignore Risk
• Hardware Hacking with Python

News Articles

• Confirmed: US and Israel created Stuxnet, lost control of it
• Obama Order Sped Up Wave of Cyberattacks Against Iran

Miscellaneous

• Good Practice Guide for Computer-Based Electronic Evidence
• A list of Free Forensic Tools