[ISN] Salted Hash: Live from DerbyCon 5.0 (Day 1)

http://www.csoonline.com/article/2986763/security-awareness/salted-hash-live-from-derbycon-5-0-day-1.html By Steve Ragan Salted Hash CSO Online Sept 25, 2015 DerbyCon 5.0 has officially started, and it didn’t take long before the halls were flooded with hackers looking to catch-up with their peers as they headed to the first talk of the day. On Thursday, I had the chance to catch-up with a number of people who resonated with the thought process of yesterday’s post. The point being, insider threats aren’t what you think they are, and the core issue isn’t a malicious user – it’s a clueless user. In addition, when dealing with insider-based issues, policies that prohibit or hinder workflow will create more problems than they solve. Today, the topic is threat intelligence. I learned something interesting recently, if you gather a group of hackers and researchers around a table and ask them to define threat intelligence, the conversation will quickly spins into a rage fueled discussion about sales-driven security (meaning InfoSec products that are pitched and sold with no real security value). […]