Tag Archive for: testing

Facebook Messenger is testing secure storage for end-to-end encrypted chats

/in


What you need to know

  • Meta is testing secure backups for end-to-end encrypted Messenger chats.
  • Messenger will also make chats E2E encrypted by default for some people.
  • The company is also rolling out more tests on its E2E encrypted messages.

Meta is rolling out a number of tests to make end-to-end encryption a dominant security feature in Facebook Messenger, including secure storage to back up your end-to-end encrypted chat history.

This week, Facebook began testing a secure storage feature that makes it easier to access your Messenger conversation history if you lose your device or want to restore chat history on a new phone. 

Source…

10 top open source security testing tools

/in


In A History of Western Philosophy, Bertrand Russell said: “Facts have to be discovered by observation, not by reasoning.” His argument is that establishing something as a fact can only be done empirically. Direct observation is the most expedient way to figure out what is going on.

The same is true in the cybersecurity realm. If you want to understand the degree to which your networks, applications, hosts and employees are protected, the best way is empirical testing. This involves conducting a penetration test designed to simulate an attacker’s tools, techniques and procedures.

While many organizations outsource pen testing, it can be valuable for practitioners to understand the testing tools used throughout the process. This lets you negotiate more effectively with testing providers when you understand how the sausage is made. Even though you might not be an expert, testing things yourself can help you knock low-hanging fruit off your list.

A few quick caveats: All the open source security testing tools listed can be used both lawfully and unlawfully. Make sure that you stay on the right side of the law. If you’re not sure whether a given usage is legal or not, talk to a lawyer. If you’re still not sure after that, don’t do it. Also, when using applications or systems in unexpected ways, sometimes, downtime can occur. Have a plan in case something important goes offline. Lastly, testing well requires a lot of training and practice. Don’t expect internal efforts to have the same results as a specialist.

That said, let’s look at 10 security testing tools routinely used by testers. Since it isn’t possible to cover the thousands of tools out there, the focus here is on tools that do the following:

  1. are open source and, therefore, accessible to everyone;
  2. are well known, so there’s plenty of support resources; and
  3. span a wide variety of niches and types of tests.

1. Kali, Parrot and BlackArch

Kali is a full Linux distribution composed of hundreds of tools. Other pen testing distributions worth considering are Parrot and BlackArch. Kali, due to its popularity, has the advantage of ubiquity and a large user base. As such, there are numerous instructional videos, usage…

Source…

Canada Resumes Mandatory Random COVID-19 Testing for International Arrivals

/in


Canada has resumed mandatory random testing for COVID-19 for international arrivals entering by air. The government had previously paused the testing on June 11, 2022, as part of a broader strategy to transition testing for air travelers outside of the airports.

Mandatory random testing will resume as of July 19, 2022, for travelers who qualify as fully vaccinated, arriving in Canada by air to the four major Canadian airports, Vancouver, Calgary, Montreal and Toronto. To qualify as a fully vaccinated traveler to Canada, travelers must have been vaccinated with a primary series of a COVID-19 vaccine accepted by the Government of Canada for the purpose of travel at least 14 calendar days before entering Canada.

All testing for air travelers, for both those who qualify as fully vaccinated and partially or unvaccinated people, will be completed outside of airports, either via an in-person appointment at select testing provider locations and pharmacies, or a virtual appointment for a self-swab test. Travelers who do not qualify as fully vaccinated, unless exempt, must continue to test on Day 1 and Day 8 of their mandatory 14-day quarantine.

Moving testing outside of airports will support testing for travelers arriving by air while still being able to monitor and quickly respond to new variants of concern, or changes to the epidemiological situation. Mandatory random testing continues at land border points of entry, with no changes.

Air travelers who qualify as fully vaccinated and who are selected for mandatory random testing, as well as air travelers who do not qualify as fully vaccinated, will receive an email notification within 15 minutes of completing their customs declaration. The email will contain information to help them arrange for their test with a testing provider in their region. Unvaccinated travelers can complete their tests by a virtual appointment or an in-person appointment with the test provider at their store or at select pharmacies and still respect their quarantine requirements.

All travelers must continue to use ArriveCAN (free mobile app or website) to provide mandatory travel information within 72 hours before their arrival in Canada, and/or before boarding a…

Source…

SecurityMetrics Wins Coveted Global InfoSec Awards for Cybersecurity Book, Penetration Testing, and Top Women in Cybersecurity

/in


OREM, Utah, June 29, 2022 /PRNewswire/ — SecurityMetrics is proud to announce that they have won the following awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine:

  • “Most Innovative Cybersecurity Book” for the SecurityMetrics Guide to PCI DSS Compliance.
  • “Editor’s Choice Penetration Testing” for their penetration testing team. 
  • “Top Women in Cybersecurity” awarded to Jen Stone.

“SecurityMetrics embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution, and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

SecurityMetrics is thrilled to earn these awards from Cyber Defense Magazine (http://www.cyberdefenseawards.com/) because they demonstrate their commitment to helping organizations see the threats they’ve been missing and providing exceptional support and services to businesses worldwide. 

“Most Innovative Cybersecurity Book” for the SecurityMetrics Guide to PCI DSS compliance.

Audit Director, Matt Halbleib (CISSP, CISA, QSA), said of the seventh edition of the SecurityMetrics PCI guide: “Our guide was specifically created to help merchants and service providers address the most problematic issues within the 12 PCI DSS requirements, including auditors’ best practices and IT checklists.” 

You can access the SecurityMetrics free guide to PCI Compliance here

“Editor’s Choice Penetration Testing” for their penetration testing team

SecurityMetrics penetration testers use ethical hacking methodologies to identify vulnerabilities and minimize risk, protecting organizations against the most current threats.

Knowing the root cause of vulnerabilities is the first step to addressing network issues. SecurityMetrics Pen Test Analysts offer advice tailored to the company’s needs to remediate and maintain a secure network going forward. 

SecurityMetrics’ Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don’t know what you don’t know. I am absolutely…

Source…