InfoSec links June 17, 2014

Phish or legit, Can you tell the difference? - John Shier - Naked Security

Really good article on identifying a legit email from a phishing one. There are some technical things, but the overall message has some good tips on what to look out for in identifying a phishing email.

Don't Let Lousy Teachers Sink Security Awareness - Corey Nachreiner - Dark Reading

Security awareness seems to be in debate within the infosec community. Some think it's useful; while others think it's worthless. I tend to think that it's useful based on the fact that I've been with two different organizations on opposite spectrum of security awareness. I felt the users were very much more aware about security issues when they had training. The article tries to debunk some of the arguments against security awareness training, as well as give some tips on how to handle security training. I don't agree with everything, but I think the overall idea is good and security awareness worth implementing.

How to Get Started in CTF - Steve Vittitoe - Endgame

CTF stands for Capture the Flag and its something I've always been kind of interested in learning, but never had a desire to spend the time learning. This article, however, feels like a good starting point if I ever wanted to get into CTF. It breaks down some of the different aspects of CTF and encourages you to explore your strengths.