IT Security from Forbes “BlackBerry CEO: We’ll Try To Break Our Own Encryption If Feds Demand It”

BlackBerry CEO: We’ll Try To Break Our Own Encryption If Feds Demand It

Unlike Apple, Google and Microsoft, who’ve had their separate battles with U.S. law enforcement over recent years, BlackBerry hasn’t been as strong in its condemnation of potential government overreach in accessing user data. And CEO John Chen today told Forbesthe company would comply with court orders asking it to break its encryption and carry out wiretaps on targets specified.

Source: www.forbes.com/sites/thomasbrewster/2017/10/25/blackberry-ceo-well-try-to-break-our-own-encryption-if-feds-demand-it/

Continue Reading

Reach your goals before the end of the year CISSP Sale!

All 4 of my CISSP practice tests for $12 each.

Each test is a full 250 questions CISSP test just like the real exam and the domains are weighted at the same percentage.

You can take this test as many times as you want, the questions and the answer order is randomized.

CISSP study and training! | Study material recommendations image 1 CISSP certification: Full 250 question practice test #1 2017

CISSP study and training! | Study material recommendations image 2CISSP certification: Full 250 question practice test #2 2017

CISSP study and training! | Study material recommendations image 3CISSP certification: Full 250 question practice test #3 2017

CISSP study and training! | Study material recommendations image 4CISSP certification: Full 250 question practice test #4 2017

You will get a overall and domain score after each attempt:

You can look at all the answers, get explanation and sort by domain, right, wrong, skipped or marked for review. 

 

Question example:

Continue Reading

CISSP Practice question #27

Who should be involved in building the SOW for our penetration testers?
A: Senior management.
B: Our legal department.
C: IT security
D: All of these.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


D: To have a proper clear SOW, we need senior managements approval and outlines, legal approval and IT security’s input.

show less

Continue Reading

IT Security IOT from Forbes: “Time To Update Your Vacuum Cleaner — Hack Turns LG Robot Hoover Into A Spy”

Time To Update Your Vacuum Cleaner — Hack Turns LG Robot Hoover Into A Spy

Got a robot hoover buzzing around your home? It’s time to take a look at its security, especially if its an LG device. Researchers from Israeli firm Check Point reported a hack of the LG SmartThinQ app that allowed them to remotely take control of the manufacturer’s Hom-Bot hoover and use the video feed to spy on anything in the device’s vicinity. And, the researchers said, the attack could also compromise refrigerators, ovens, dishwashers, washing machines, dryers and air conditioners — any connected thing controlled by the LG app.

Source: www.forbes.com/sites/thomasbrewster/2017/10/26/lg-hom-bot-robot-hoover-hacked-into-surveillance-device/

Continue Reading

CISSP Practice question #26

Which of these is not a common problem organizations face with audit record management?
A: Log are not reviewed on a regular and timely basis.
B: Logs are stored on a central secure server.
C: Audit logs and audit trails are not stored for a long enough time period.
D: Logs are not standardized or viewable by a SIEM.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


“B: Centralized storage is not a problem, that is good. Security Audit Logs (Audit trail): Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets – they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff.


show less

Continue Reading

CISSP Practice question #25

When we check our databases for integrity we notice a value that is not consistent with the attribute datatype, which type of integrity failure is this?
A: Referential integrity.
B: Semantic integrity.
C: Entity integrity.
D: Formatted integrity.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Semantic integrity: Each attribute value is consistent with the attribute data type.

show less

Continue Reading

CISSP Practice question #24

Which of these is a type of detective access control?
A: Encryption.
B: Backups.
C: Patches.
D: Intrusion detection systems.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: IDSs (Intrusion Detection Systems) on our network to capture and alert traffic seen as malicious. They can be categorized into 2 types and with 2 different approaches to identifying malicious traffic. Network based, placed on a network segment (a switch port in promiscuous mode). Host based, on a client, normally a server or workstation. Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns. Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic.

show less

Continue Reading

IT Security from BBC: “FBI locked out of 7,000 encrypted devices”

FBI locked out of 7,000 encrypted devices

Agents at the US Federal Bureau of Investigation (FBI) have been unable to extract data from nearly 7,000 mobile devices they have tried to access, the agency’s director has said.

Christopher Wray said encryption on devices was “a huge, huge problem” for FBI investigations.

The agency had failed to access more than half of the devices it targeted in an 11-month period, he said.

One cyber-security expert said such encryption was now a “fact of life”.

Many smartphones encrypt their contents when locked, as standard – a security feature that often prevents even the phones’ manufacturers from accessing data.5

Source: www.bbc.com/news/technology-41721354

Continue Reading

CISSP Practice question #23

Tape backups should never be:
A: Hardware encrypted.
B: Software encrypted.
C: Thrown in the trash when the retention period is over.
D: Kept in a secure geographical distance climate controlled facility.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


C: Tapes should be properly disposed of, our data is still on the tape even if the retention has expired.

show less

Continue Reading