Três ótimos livros sobre Segurança da Informação em português

Três ótimos livros sobre Segurança da Informação em português

Já está claro para profissionais de qualquer área que é possível ter mais destaque no mercado quando se domina outro idioma, sobretudo a língua inglesa. Entretanto, na área de segurança da informação isso se tornou uma premissa tão determinante a ponto de que livros criados por brasileiros e em português quase se tornaram uma raridade. Mas esta realidade está mudando.

Profissionais da indústria de segurança da informação nacional estão agora se movimentando para compartilhar seus conhecimentos na língua portuguesa e também traduzem textos produzidos no exterior de modo a tornar a educação em segurança mais inclusiva para quem nasceu no Brasil. Compartilhamos aqui a avaliação de três livros importantes: um clássico, uma coletânea e uma tradução.

Segurança em Redes sem Fio – 4a Edição
Nelson Murilo de O. Rufino
2014 (Editora Novatec)

seguranca-em-redes-sem-fioSe já não era muito comum a publicação de bons livros de segurança em português no passado, imagine fazer quatro edições da mesma obra. Este é o caso do livro “Segurança em redes sem fio” de Nelson Murilo. Uma obra cuja primeira edição foi lançada em 2005. Já é possível considerá-lo como um clássico

Hoje tão comuns, as redes sem fio são analisadas sob uma perspectiva detalhada pelo autor, que divide a obra em seis capítulos que detalham frequências, canais, espectros e padrões em uso. Mais a frente o autor fala sobre o funcionamento dos mecanismos de segurança para cada tecnologia, riscos, ameaças e diversas ferramentas disponíveis para conduzir um ataque. Posteriormente são descritas as técnicas para defender essas redes. E, em um capítulo adicional é possível mergulhar fundo em diversas características, vulnerabilidades e ataques na tecnologia Bluetooth.

Trilhas em Segurança da Informação: Caminhos e ideias para a proteção de dados – Carlos Cabral e Willian Caprino (organizadores)
2015 (Editora Brasport)

trilhas-segurancaOs organizadores desse livro usaram a palavra “trilhas” no título da obra para dizer que os métodos para tratar de segurança da informação podem variar, de maneira que cabe a cada um, dependendo das necessidades de sua organização, escolher qual trilha seguir ao proteger seus ativos, ou criar a sua própria.

Com essa premissa, vários profissionais de destaque na área foram convidados para participar dessa coletânea de artigos, um projeto que levou dois anos para ficar pronto.

Nessa obra o leitor poderá entender a mecânica por trás das análises de risco, terá uma boa perspectiva sobre criptografia, métodos de estabelecer um programa de conscientização em segurança, continuidade de negócios, como implementar um processo de segurança no desenvolvimento de software e muito mais.

Guerra Cibernética: a próxima ameaça à segurança e o que fazer a respeito – Richard A. Clarke e Robert K. Knake
2015 (Editora Brasport)

guerra-ciberneticatA primeira edição desse livro em inglês é de 2010. Dois anos antes de Edward Snowden revelar para o mundo como as entidades do governo americano estavam operando no terreno da segurança e defesa. Entretanto, já nessa época Clarke e Knake já davam pistas de como as peças estavam se posicionando no tabuleiro.

Clarke foi o chefe da segurança antiterror por quatro gestões presidenciais nos EUA (Reagan, George H. W. Bush, Clinton e George W. Bush) e um dos principais responsáveis pela criação de um gabinete de defesa contra ataques cibernéticos na gestão Obama. Já Knake é acadêmico em segurança internacional pela Harvard Kennedy School e trabalha com assuntos internacionais no Conselho de Relações Exteriores Americano.

Este não é um livro técnico, mas estratégico. Por isso o assunto permanece atual por muito tempo e passou por uma tradução magistral da equipe da Clavis. Na edição brasileira, o livro ainda conta com um artigo especial intitulado “Segurança Ofensiva: Um Aliado no Caminho para a Defesa Cibernética” assinado por Bruno Guimarães, Davidson Boccardo e Rafael Ferreira o qual trata do tema da gestão de Segurança da Informação por outro viés, executando as atividades tradicionais, mas dando mais valor à perspectiva do atacante, sendo que a execução de testes de intrusão é uma atividade chave para incorporar esse método à gestão de segurança de sua empresa.

Blog SegInfo – Segurança da Informação – Tecnologia – Notícias, Artigos e Novidades
http://feedproxy.google.com/~r/seginfo/~3/BWGNvCJ-d3M/

Anúncios

Bsides Orlando 2015 – Jonathan Echavarria-Hiding your attacks with misdirection like REDACTED

Bsides Orlando 2015 – Jonathan Echavarria-Hiding your attacks with misdirection like REDACTED

Abstract As technology progresses, governments have been using electronic means of attacks more and more to further their agenda. By relying heavily on misdirection and misinformation, advanced government red-teams have gotten away with attacks for a long time without any sort of punishment. This presentation will present an analysis of these team’s anonymization and attack methodology and explain how you as a “penetration tester” can make use of these techniques. Bio Jonathan is an information security professional working at ReliaQuest, LLC in Tampa, FL. He was a member of WCSC at USF and his current areas of focus are on penetration testing, cybercrime, malware and threat intelligence. Go buy him a drink and invite him to as many parties as you can. For More Information Please Visit: – http://bsidesorlando.org/2015/

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/cgvWS1-m88A/14554

Medical Devices Ransomware Is The Biggest Hacking Threat of 2016

Medical Devices Ransomware Is The Biggest Hacking Threat of 2016

biggest-hacking-threat-2016-medical-device-ransomwareShort Bytes: As we are making progress on the front of online security, the cybercriminals are competing head-to-head to target every device connected to the internet. A similar threat is being predicted to affect the medical devices in the form of ransomware that will send life threats and ask for money.

This year we’ve seen an unprecedented rise in the number of ransomware attacks targeting your computer devices and asking for money. Even though such threats have been around for the past 25 years, but, it seems, ransomware could be soon used to target the medical devices. According to a recent report by the research and advisory firm Forrester, ransomware in the medical devices is the biggest hacking threat of 2016.

As we are making progress on the front of online security, the cybercriminals are competing head-to-head to target every device connected to the internet. Till date, there is no case of hackers holding a patient ransom by hacking his/her medical device, but the reports suggest security of devices like insulin pumps and pacemakers fall behind the standard.

For those who don’t know, ransomware is the malware that alter the normal operation of your machine, thus barring you to use it properly. Thereafter, these programs display warning messages asking for money to get your device back to normal working condition. If you are willing to know more, read our ultimate guide that tells the difference between viruses, worms, ransomware, trojans, bots, malware, spyware etc?

Addressing the issue of the biggest hacking threat of 2016, Motherboard paints a horrifying picture of a future where something goes wrong with your pacemaker and you feel a sudden pain in your chest. Soon your phone receives a text message that reads: “Want to keep living? Pay us a ransom now, or you die.”

The medical device security expert Billy Rios tells Motherboard that it’s technically possible to alter a malware and use it to attack the medical devices. Given the urgency involved, this makes a perfect target of cybercriminals in the near future.

In the past, we have seen ransomware attacks on Windows machines and Android devices. In the US alone, between April 2014 and June 2015, ransomware attacks on computers did damages worth $ 18 million.

While you can take steps to enhance the security of your computers and smartphones, the security of medical devices like pacemakers and insulin pumps is totally up to the manufacturers. At the moment, the devices being used by the people are unsafe and unprotected. The equipment makers will surely figure out a way to assure their security, but the question is, how soon?

Add your views about the biggest hacking threat of 2016 in the comments below.

Get ‘White-Hat Hacker & Penetration Tester’ Course

For more technology updates and interesting stories, follow fossBytes.
!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);

The post Medical Devices Ransomware Is The Biggest Hacking Threat of 2016 appeared first on fossBytes.

fossBytes
http://fossbytes.com/biggest-hacking-threat-of-2016-pay-us-ransom-now-or-you-die/

Bsides Orlando 2015 – Ean Meyer – Hiding in Plain Sight: Building a Hidden Remotely Accessible Pentesting Platform

Bsides Orlando 2015 – Ean Meyer – Hiding in Plain Sight: Building a Hidden Remotely Accessible Pentesting Platform

Abstract What if penetration testing programs went a step further? Once legal and ethical approvals are obtained, a device could be placed within the organization to test more than network and application security. By placing a “rogue device” within an organization the general user knowledge of physical IT practices, IT security policies, and awareness of devices in the environment can be evaluated. This talk will cover creating a penetration platform that can be hidden in plain sight for under $ 200. The device will be housed in a common item found within many offices and places of business. The device will have a number of camouflage techniques that allow it to blend into the environment to avoid detection. The device will include remote connection capabilities, wireless and wired attack/monitoring functions, and monitoring methods to let the penetration tester know when the device has been discovered. The talk will cover: • Device functions and requirements • Device materials and build • Creating a device that “blends in” (Dents, organization standards, asset tags, dust) • Getting alerts when the device is discovered • Penetration testing capabilities • Preventing devices like this in your environment. This talk will demonstrate how to build a low, cost, flexible, remote penetration testing platform for ethical and legal testing programs that can be hidden in plain sight. The talk will also show the audience some of the techniques an attacker may use to hide monitoring devices within organizations. Knowledge of these techniques may help develop and refine IT practices to discover these devices. Bio Ean Meyer is an information security professional working in Central Florida. Ean’s current focus areas are PCI, FERPA, HIPAA HITECH, Intrusion Detection and Prevent Systems, Information Security Program Management, Penetration Testing, and Social Engineering/User Awareness Training. Ean has a BS in Information Security and an AS in Computer Network Systems. He runs the blog http://www.thetheaterofsecurity.com.. For More Information Please Visit: – http://bsidesorlando.org/2015/

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/m1njpWG7ByA/14555

Eating 2.0: How the first FDA-approved, genetically modified animal will revolutionize food

Eating 2.0: How the first FDA-approved, genetically modified animal will revolutionize food

enhanced-mid-4271-1447952090-1
Advances in the genetic engineering of animals are paving the way for a more sustainable and ecological era of food production.

ExtremeTech » News & Updates For Hardcore Tech Fans | ExtremeTech
http://www.extremetech.com/extreme/218466-eating-2-0-why-the-first-fda-approved-genetically-modified-animal-will-revolutionize-the-food-industry

One of the Only Publicly Known Anonymous Hacker Tells How Anonymous Fights ISIS

One of the Only Publicly Known Anonymous Hacker Tells How Anonymous Fights ISIS

we-are-AnonymousShort Bytes: Only very few members of the hacktivist collective Anonymous have been publicly identified. One such person is Gregg Housh, who recently sat down for an interview with The Washington Post and talked about what Anonymous is and how it operates.

Anonymous was formed about 11 years ago with the idea of bringing together the like-minded hackers. In response to the recent Paris attacks by ISIS, Anonymous launched its biggest ever cyberattack on ISIS‘ online propaganda. This loosely-bounded collective of hackers has tasted success in unmasking online activities of the terrorists, along with facing heat over some misleading reports to Twitter.

If you know the history of Anonymous, you must be aware of the fact that only a few members of this collective have been publicly identified.

Gregg Housh is one of the only publicly known and most prominent members of Anonymous. However, these days he is semi-retired from hacking. Talking to The Washington Post, he told more about what Anonymous is and how it operates.

Also read: Anonymous Publishes Three Guides To Teach You “How To Hack” And Fight ISIS

Housh said that everyone loves to call it “hacking”, but Anonymous also does tons of “research, identifying and monitoring everything out there that ISIS might use to communicate and recruit, and trying to get those channels shut down, be it Twitter accounts, Facebook pages, telegram channels”.

According to Housh, the activities of Anonymous has resulted in some decent effect and ISIS is finding it hard to talk in public.

Replying to a question – If you report ISIS accounts, and social media companies shut them down, won’t they just open others? – Housh said that it’s very hard to get followers on Twitter and influencing people once again is difficult.

Read his entire interview on The Washington Post.

Add your views in the comments below.

Also read: Anonymous Now Plans to Start Offensive Hacking To Kill ISIS Online

For more technology updates and interesting stories, follow fossBytes.
!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);

The post One of the Only Publicly Known Anonymous Hacker Tells How Anonymous Fights ISIS appeared first on fossBytes.

fossBytes
http://fossbytes.com/gregg-housh-anonymous-hacker-member-interview-isis-war/

Bsides Orlando 2015 – Tim Krabek-Getting Involved to Better the Future

Bsides Orlando 2015 – Tim Krabek-Getting Involved to Better the Future

Abstract We’ve all hard of “I am the Calvary”. The goal is to get involved in the larger state of IT and push change on a policy level to help move us into a more secure world. While I’m hear talking about some of the work the Calvary has been involved with, I’m also hear to urge you to get involved somewhere. Bio Sysadmin turned Security Geek. For More Information Please Visit: – http://bsidesorlando.org/2015/

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/X7j5yb0-fwQ/14556