Name: DerbyCon 9.0 – Training and Conference
Start: 2019-09-18T00:00:00-05:00
End: 2019-09-20T23:59:59-05:00
Location: Marriott Louisville

The DoD Cybersecurity Policy Chart

November 11, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
November 11, 2018
Updated November 13, 2018

The goal of the DoD Cybersecurity Policy Chart, developed by the Cyber Security and Information Systems Information Analysis Center (CSIAC) is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts, and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.

At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side of the Cybersecurity Policy Chart, there are boxes, which identify key legal authorities, federal/national level Cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can be found in the Chart.

Click on the image above to download an interactive copy of .pdf of the DoD Cybersecurity Policy Chart, The chart was last updated on September 25, 2018.

DerbyCon 8 Videos are online!

October 18, 2018 By William Knowles

DerbyCon8

By William Knowles @c4i
Senior Editor
InfoSec News
October 18, 2018

Adrian/@irongeek_adc has uploaded all the presentations from DerbyCon VIII here and at Archive.org to download. DerbyCon was held at the Marriott Louisville on October 3rd thru the 7th, 2018. Dates for DerbyCon 9 have been announced, Training dates are September 18th and 19th 2019, with the conference again to be held at the Marriott Louisville September 20th to 22nd 2019.

InfoSec News is at DEF CON 26!

August 12, 2018 By William Knowles

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
August 11, 2018

After nearly a 30 month break from running InfoSec News continuously for fourteen years, I will be doing a soft re-opening in the next week or so as we hammer out all the little fixes (like forcing https!) that have been hounding the site. A future post will go into greater detail about the sabbatical from running InfoSec News and what lies in the future. In the meantime, I am handing out InfoSec News stickers and globe beach balls around DEF CON 26, as you ‘might’ have received one at the DEF CON 26 Hacker Jeopardy finals tonight and was curious what this site is about.

Jimmy Kimmel Asks What Is Your Password?

July 26, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
January 17, 2015

President Obama just unveiled a number of proposals to crack down on hackers. It’s great that the government is working on this but we need to do a better job of protecting ourselves. So Jimmy Kimmel sent a camera out onto Hollywood Boulevard to help people by asking them to tell us their password.

It’s too bad there’s no legislation planned for poor password choice.

NASDAQ Vulnerable to XSS

July 26, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
January 16, 2015

Bob Greifeld, CEO of The NASDAQ Stock Market explains in a promotional video “that NASDAQ is a technology-based company, those businesses that we’re in have a unifying theme that are built upon our technology.”

Top technology companies such as Google, Tesla, Amazon, and GoPro to name a few use NASDAQ as their trading exchange.

When NASDAQ “goes to a developing market and provide to them our technology, its not just the software code, its all the best practices that have been developed on a global basis that they to integrate into their operations.”

With this information in mind, it doesn’t explain why a security researcher named analfabestia was able to discover and report a new XSS (Cross-Site Scripting) vulnerability on NASDAQ.com on January 14, 2015, The sixth such vulnerability in nearly seven years.

The vulnerability reported to XSSposed (XSS exposed) is still unpatched putting NASDAQ users, visitors and administrators at risk of being compromised by malicious hackers. Theft of cookies, personal data, authentication credentials and browser history are probably the less dangerous consequences of XSS attacks.

NASDAQ was previously hacked back in 2010, Bloomberg BusinessWeek covered this in July 2014.

Nasdaq (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents. Through its diverse portfolio of solutions, Nasdaq enables customers to plan, optimize and execute their business vision with confidence, using proven technologies that provide transparency and insight for navigating today’s global capital markets.

Photo: Marc van der Chijs via Compfight