NIST issues final guidance for mobile app security (PDF)

NIST has issued its guidance for mobile app security. It's a long document but some of the points are really good. Some others are just a cover your ass kind of measurement, but for the most part is a good document, in my opinion.
The do a nice job in Section 4 with the app approval or rejection methodology.


Forum deletion

I decided to delete the forum for 2 reasons: lack of proper security configurations on the forum hosting server and, lack of OPSEC from some users.

I will install a good forum platform here at a later time with a proper security configuation, different restricted access zones and a way to automatically disable users that violate OPSEC/PERSEC.


Quote of the day

“What you do is what matters, not what you think or say or plan.”

— Jason Fried, Rework

This is one of the founders of 37Signals, AKA Basecamp. I'm putting this quote here so one of the company's partners - David Hansson - can read and eat his own words.
We used to manage our projects with their product. But after the comments by David Hansson about our veterans, we feel we can no longer support a company that doesn't stand by our veterans.


Red Teams: How Understanding Small-Scale Terrorism Can Improve Cybersecurity Agility | Red Team Journal

Here's a fantastic post by Neal Bridges at Red Teams Journal.

Red teams must have the flexibility to conduct operations at the same cadence as attackers. This lack of flexibility is where we find the flaw in today’s execution of red team tests and ultimately why we find ourselves behind the power curve of modern security threats.

Hit the nail dead on.


More on Preemptive Red Teaming

ID, a reader, sent me the following message:

Just read this in a news article, and it reminded me of a post you wrote a little while back, describing how ISIS is particularly dangerous because a lot of its members are from european countries— and they may go back to their homes and operate there. Looks like you hit the nail on the head. We need to start red teaming that problem ASAP to avoid American blood being spilt.

"In recent weeks, European security services received indications of an ominous possibility: that ISIS may have started directing European extremists in Syria and Iraq to launch terrorist attacks back in their home countries, the Belgian counterterrorism official said."

Thanks for writing this blog, it really helps regular civilians like myself keep an open mind and an alert mind about what is happening in the world, and not get trapped in the typical bubble. Keep up the good work, and thank you for your service.


He was referring to this post.

Everyone who knows me, knows that I have been saying this for many years: it is a matter of time until Europe becomes the next battlefield against terrorism. Radical islam is there. They are growing in numbers.

We're already starting to see this, in Belgium, in France and in Germany. This past week was intense over there. We just returned from Germany and other locations and it's beginning to boil over there.
Many of those trained and radicalized jihadists are returning to Europe now, and with that comes the possibility that free-speech, free-press and pretty much all freedom is seen by these retrogrades (I can't seem to find another word) as something they need to destroy. They don't want to be part of the countries they live in, they just want to bring those countries back to the fucking middle-ages.
Frankly I don't understand why the European goverments don't arrest these people as they come back from Syria or Iraq (other other training places). And before you cry "but they are citizens...", they chose to go and purposedly be trained as terrorists and talk about it openly, so they should be stopped.

Now, take the US, with even more freedom than in Europe, and we can have an even worse problem.

Like the reader said, it is now that we really need to red team this. I spent countless hours thinking about this and ways to make our free world safer from these fuckers. But it doesn't matter what I or countless other red teamers and security minded people find, if the goverment doesn't begin to use red teaming to learn, analyze and preemptively act against these terrorists, then we'll be facing something similar to Europe.