news

CSSLP May 23, 2022

(ISC)2 certification counts – how many CSSLP are out there?

(ISC)2 maintains this page https://www.isc2.org/member-counts.aspx# with the counts of all certifications per country. I wrote before about this here https://www.sorinmustaca.com/how-many-certified-secure-software-lifecycle-professionals-are-out-there/, but this was back in 2013 (1.5 years after I became certified) ! Some statistics: As of September 25 2013: 1168 CSSLP Romania 1 Germany 19 As of May 23 2022: 3008 CSSLP Romania 6 Germany 48 Mexico 8 If these numbers appear big… look at the count of CISSP (without specializations): 152.623 as of today. So, yes, you can see how hard is to get this certification. This year I celebrate 10 years of being a CSSLP!

Educational, News May 5, 2021

New Android app for IT Security News with push notifications

ITSecurityNews.info is my security news aggregator, which collects RSS feeds and publishes them in WordPress automatically. A long time ago I created an app using AppSpotr, but since then things have changed. So, I decided to write one myself. Of course, not from scratch, I took an open source project called fNotifier and changed it to my needs. The app remains running as a service and polls regularly (see screenshot below – Settings) for new feeds. And after one rejection due to Policies, it was approved in the Play Store: https://play.google.com/store/apps/details?id=org.itsecuritynews It is actually enough to visit the website on a mobile device and you will see immediately on the top of the page an offer to install the app.

General, News July 21, 2016

IT Security News has its own Android App

I have finally found the time to make the app I always wanted to have for the “IT Security News” service. Here is the page on Google’s Play Store: And the screenshots of the app: Right now it is available only on Android devices, soon it will be available in the Apple’s Appstore. Help me spread the word about it so that I can have some downloads 😉 Thanks.

General, News, privacy, question, security April 4, 2016

A new type of fraud: News Scareware

After posting the article with the ads, I thought that I covered all stupid things that online publications do to force their readers to pay, subscribe or to disable ad blockers. Well, this was not correct… The stupidity goes on… with Washington Post. They request your email address in order to allow you to read any article. I tried first to add some bogus email address so that I move on. But, these guys take things really serious. They connect to the SMTP server and try to authenticate if the user exists. If it doesn’t work, you get an error. After you successfully enter an email address, they store various system cookies and you’re free to read all articles. I tried to test this in three browsers Chrome – where I registered Firefox Tor (browsing from USA) and it worked in all of them. I even erased all cookies above and it still worked. I honestly don’t know how they verify that my computer is authorized to view the content. Thy definitely stored something on the computer, different than a cookie, and they are checking that from the code of the website. I will investigate this when I…

(isc)2, News, quoted February 26, 2015

Mentioned in (ISC)2 EMEA Newsletter

My blog post “What is a security expert?” which I published in the (ISC)2 Blog was mentioned in the (ISC)2 EMEA Newsletter: Germany’s Sorin Mustaca, CSSLP takes an analytic look at what it means to be an information security professional, also on the (ISC)² Blog