Some Thoughts on User Awareness Training

Brian Krebs published an article about a tech firm losing $46 million in a technology-based heist.  The heist used forged communications from senior executives to complete financial transactions.  This got me thinking about user awareness training and how we’re doing it and how we might do it better.

Read More…

Thoughts on Fiat Chrysler’s Patching Dilemma

Hi, my name is Aaron and I’m an INFOSEC hipster.  I was worried about the security of our increasingly connected cars back in 2013, which is way before it was cool to be worried about such things.  Someone fetch me some thick, black framed glasses and a PBR while I configure my retro NFR IDS.  […]

Read More…

UPDATED: A Quick Rant on the Wassenaar Arrangement

UPDATE: The U.S. government has decided to scrap the initial version of the Wassenaar Arrangement.  The decision to do so was driven by the negative feedback from many of its stakeholders.  This is a great example of the system working and common sense prevailing.  I’d like to see this happen more often. I’m going to […]

Read More…

Is doxing a solution to bullying?

I found this story this morning: Twitter troll fired, another suspended after Curt Schilling names and shames them To summarize, Curt Schilling’s daughter was accepted to Salve Regina University where she will be the pitcher for the softball team.  Great stuff any proud dad would tweet.  Then the troll problem emerged with snarky comments escalating to threats […]

Read More…

Practical Password Advice for INFOSEC Pros and Normal People

I recently conducted an informal poll via Facebook asking my friends what kinds of information security topics they’d like to hear about. That population has a pretty good spread of information security professionals and normal people and a subject I heard frequently from both groups was: What can we do with passwords that is reasonably safe and reasonably usable? […]

Read More…

Ransomware Defenses

I just stumbled across an article talking about a new variant of ransomware called CryptoWall 3.0.  The fact that there are multiple strains and versions of ransomware suggest to me that they provide a lucrative revenue stream for the Bad Guys.  That got me thinking about the problem more broadly and how we can defend ourselves […]

Read More…

MasterCard and Visa to end password authentication

This is an interesting article: MasterCard and Visa to end password authentication Biometrics are starting to go mainstream as a means of authentication.  My one word of warning to anyone looking at biometrics as a form of authentication is to consider a “proof of life” requirement for biometric authentication.  If the stakes are high enough, there […]

Read More…

Some Brief Thoughts on Logging

I found this article in my news feed this morning: Why PCI Will Issue Log Monitoring Guidance I tried tweeting it but could not properly rant in 144 characters or less so here we are on the blog. This article brings up two very important aspects of information security management.  The first one is log monitoring.  You […]

Read More…

Marketing and Public Relations: Social Engineering on an Industrial Scale

I stumbled across this article this morning in my Twitter feed: Richard Berman Energy Industry Talk Secretly Taped (Hat tip to Phil Plait AKA @BadAstronomer) The ethics of the actions described are certainly up for debate.  That’s not what I want to ponder with you this morning.  What I do want to ponder is how the ven […]

Read More…

Thoughts on the CurrentC Hack and Active Defense

According to this article, it looks like CurrentC has suffered a compromise of some sort during its testing phase.  From the article: MCX spokeswoman Linda Walsh said the CurrentC application itself was not impacted, and many of the email addresses were for dummy accounts. An investigation is underway and merchants in the consortium with compromised email […]

Read More…
%d bloggers like this: