I came across Bruce Schneier’s “CRYPTO-GRAM” many years ago when it was an email-only newsletter, and ever since then I’ve been interested in security. Taking St. Cloud State’s Computing Ethics class (CSCI 332) gave me more connections with how security affects computers.
Continuing my last post, Computer security reading list (part 1), this post includes some resources on computer security. Not that I’ve read everything linked to here, but I’ve read enough to be drawn in and informed. I hope that you may find these useful as well.
- Google Project Zero Project Zero is a team at Google that looks at different systems and finds and documents zero-day vulnerabilities.
- Anatomy of an exploit – inside the CVE-2013-3893 Internet Explorer zero-day – Part 1 “Create 10,000 items in the current web page, giving each one a title string of ‘3333….3333’.” This reminds me of the tweet about the QA Engineer.
- So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users (PDF), Cormac Herley, 2010. “Users’ rejection of the security advice they receive is entirely rational from an economic perspective.”
- Introducing the “Secure Account Management Fundamentals” course on Pluralsight “I mean I’m going to use SHA1 with a salt so yeah, I’m going to hash it.”
- Wikimedia Foundation MediaWiki: Application Penetration Test (PDF) “iSEC identified a total of fourteen issues, including two of high severity. Most of the high and medium severity vulnerabilities are related to data validation and allow for various common attacks including XSS, DoS, and CSRF.”
- Offensive Computer Security (Florida State University) “Hacking vs. penetration testing, what’s the difference? PERMISSION.”