Maybe you've seen 2009's Cloudy with a Chance of Meatballs. Perhaps you thought this was a movie about science and about a young nerdy-man trying to find his place in the world. Actually, the real purpose of this movie is to help teach you and other developers some very important Application Security lessons.Security » #appsec #security #communication
Eric Goldman is a security professional with experience in the banking and manufacturing sectors. His primary interest is in security policy, compliance, and human factors. His research focuses on how IT teams can improve security and move towards a proactive security mindset. His research has been showcased in academic journals as well as professional journals. Eric also authors and contributes to security/software projects to help end users make informed decisions and protect their identity and security.
As humans, we are all constantly trying to find the signal in the noise. Unfortunately, the topics and behaviors that we, as corporate security trainers, are trying to explain, teach, and reinforce are often seen as noise to those whom we are targeting. Therefore, to achieve our goals we need more than pertinent information and slick graphics; we need to find ways to stand out, capture people's attention, and find a way to cement our desirable security behaviors with positive associations. An effective strategy to stand out, make your message more memorable, and to build a positive reputation for your security team is to incorporate interactive exhibits and activities in your security training program.Security » #human factors #training #security awareness #journal article
The enterprise social networking platform, Jive (jiveon.com) uses an exit-link tracking mechanism for all external links. The links through this exit mechanism were not validated. An attacker could leverage the trust in a Jive based social network to perform spear-phishing against community users. This issue was reported to Jive at has been remediated with an optional configuration setting as of the time of publication. Remediation requires action by the Jive instance administrator to enable this setting.Security » #Jive #Vulnerability Report #open redirect