Discussed Articles

1) CISSP certification: Are multiple choice tests the best way to hire infosec pros?

Does having a certificate make you a better security engineer? What could we be doing to better recruit security folks?

* http://arstechnica.com/security/2016/07/cissp-certification-how-to-hire-infosec-pros/

2) Why Mozilla shouldn't copy Chrome's permission prompt for extensions

What are the unintended consequences of trying to make sure your users are informed as possible about the security implications of installing browser extensions? How can you effectively, programmatically communicate risk?

* https://palant.de/2016/07/02/why-mozilla-shouldn-t-copy-chrome-s-permission-prompt-for-extensions

3) Honorable Mention: How I Cracked a Keylogger and Ended Up in Someone's Inbox

What happens when you reverse engineer an piece of Word doc malware?

* https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keylogger-and-Ended-Up-in-Someone-s-Inbox/

Breach of the Week

FDIC Was Hacked By China, and CIO Covered It Up

How not to respond to a breach, and how we can all get better at dealing with breaches.

* http://arstechnica.com/security/2016/07/fdic-was-hacked-by-china-and-cio-covered-it-up/