InfoSec links June 13, 2014

Safely Storing User Passwords: Hashing vs. Encrypting - Michael Coates - Dark Reading

A good description on the difference between symmetric encryption and hashing and some of the process involved in protecting passwords with those two methods.

Peek Inside a Professional Carding Shop - Brian Krebs - Krebs on Security

Krebs takes us on a wonderful tour of the professional carding shop "McDumpals." It's got the McDonalds arches and everything. It's a good read if you want to learn more about where stolen credit card information goes.

OpenSSL DTLS Fragment Out-of-Bounds Write: Breaking up is hard to do - Brian Gorenc - HP

A new vulnerability in OpenSSL has been found. This one isn't as scary as Heartbleed, but systems do need to be checked and patched. I know that Cisco has a long list of devices affected by this and that VMWare recently released a patch for ESXi 5.5 for the vulnerability. The article itself takes an in-depth technical look at the vulnerability.