Free Training - From Brocade

Here is what the site says:

If your IT skills are getting stale, then it's time to get certified. Give them a brisk future-proofing with a free Brocade Network Functions Virtualization (NFV) Certification. You'll be conducting your NFV Certification training on a Brocade Vyatta vRouter, featuring high-performance virtual routing, stateful firewall, VPN functions, and Layer 4 - 7 application delivery services.

This valuable experience will help you stay fresh with your skills–and your career. Watch the quick four-step process to completing your Brocade NFV Certification.


Follow the link:
http://www.brocade.com/forms/jsp/nfv-certification/index.jsp

You know eBay (who doesn't?) - Do you know that eBay still has a potentially dangerous cross-site scripting (XSS) vulnerability exists even after it was discovered a year back

eBay is not a Mom-n-Pop shop so, how come they are not bothered?



From the Article:

Kääp emailed eBay four times over the course of 12 months – initially a year ago, then again three, five, and seven months after he discovered the bug. After repeated prodding, officials at eBay told Kääp they couldn’t reveal any information about its fix schedule. Each time he emailed, Kääp claims, it was because the vulnerability had not been remedied. While eBay asked him not to disclose his bug, it has neglected to give him a timeline regarding a fix. 

the bug could allow an attacker to carry out an XSS attack over eBay’s internal messaging system by catching and tweaking a request. 

Check the link below for more details.

https://threatpost.com/a-year-later-xss-vulnerability-still-exists-in-ebay/112493

cloud-based email delivery service hacked - After all they were in email business (not security)

How about this.........

SendGrid, which sells a cloud-based email delivery service, has admitted that the extent of a hack disclosed three weeks ago was much more serious than originally reported.

Campbell said the systems stored SendGrid customer and employee usernames, email addresses, and salted and hashed passwords. Systems holding customer email lists, addresses and contact information were also accessed, Campbell said.

One day after the SendGrid breach, the New York Times reported that attackers used the credentials to breach Bitcoin exchange Coinbase, which confirmed to the Times that hackers had compromised its SendGrid account. Other Bitcoin exchanges were also previously targeted through similar email services, the Times report said.

For further reading:

https://threatpost.com/sendgrid-admits-broader-hack-of-email-service/112459