Reading List for 5/9/2014

###On XTS Mode for Disk Encryption Thomas Ptacek writes You Don’t Want XTS, and suggests that though XTS works well enough in practice, it is far from ideal for Full Disk Encryption, and should not be used at all for other encryption operations (i.e., anything that doesn’t resemble FDE). XTS is useful only in that it makes “random access” encryption more secure, as you need for a disk. For encryption of whole blocks of data at rest, you probably want CBC mode, and for anything on the wire, AES-GCM is the new hotness.

###The Six Dumbest Ideas in Computer Security mjr has a post on The Six Dumbest Ideas in Computer Security. I actually disagree with several of his points (but, of course, I work on a Red Team doing, among other things, penetration testing), but I think it’s good and important to hear about opposing views, and if nothing else, they make you think. Specifically, he seems to think penetration testing is about finding holes to be fixed. It’s not, though that is a nice outcome. Penetration testing is about seeing how an attacker moves through your network, understanding the interconnections, the lateral movement, the mindset of the attacker.

###Fishing for Hackers Draios has an interesting post on what attackers do on a system. To me, the most interesting part was not actually the actions, but a tool sysdig that I’d never heard of before. Looks like an interesting tool I’ll need to play with and see how useful it is in analyzing software behavior.