This guy has made an interesting comparison between different password generators and password managers.
Bruce Schneier has published a good collection of links to IoT security and privacy guidlines on his blog:
Microsoft released an interesting whitepaper with their recommendations for password management:
I found a good blogpost that lists the most essential tools for penetration testing:
To summarise the post, the following tools are a good start:
– Vulnerability scanner (OpenVAS, Nexpose, Nessus)
– Word processor (Word, Writer)
– Internet access
– Liability insurance
– Virtualization (VirtualBox, VMware, Hyper-V)
– Kali Linux and a virtual Windows PC
– Network cables and a switch
Google released their “Vendor Security Assessment Questionnaire” as open source:
Good description on how to crack passwords (in Swedish):
Bruce Schneier has published three essays in the debate about cloud computing:
Should Companies Do Most of Their Computing in the Cloud? (Part 1)
Should Companies Do Most of Their Computing in the Cloud? (Part 2)
Should Companies Do Most of Their Computing in the Cloud? (Part 3)
They are all recommended Reading.
Microsoft released KB2871997 to address the “Pass the hash” vulnerability, but according to the following blog post pass the hash is still possible using the local Administrator account (SID 500):
Yesterday Microsoft released the last patches for Windows XP and Office 2003. No more vulnerabilities will be patched in these products. You can find more information of the latest patches in the security bulletin for april:
Bruce Schneier has written this interesting blog-post about how to become a Security Expert, I think that the concept does apply on almost all areas.