Tags: Vulnerability

Some Thoughts on User Awareness Training

Brian Krebs published an article about a tech firm losing $46 million in a technology-based heist.  The heist used forged communications from senior executives to complete financial transactions.  This got me thinking about user awareness training and how we’re doing it and how we might do it better.

Read More…

Thoughts on Fiat Chrysler’s Patching Dilemma

Hi, my name is Aaron and I’m an INFOSEC hipster.  I was worried about the security of our increasingly connected cars back in 2013, which is way before it was cool to be worried about such things.  Someone fetch me some thick, black framed glasses and a PBR while I configure my retro NFR IDS.  […]

Read More…

The Week that Was – 10/28/2013

Last week had a number of interesting developments.  Two of them involved the law, privacy, and security implications. First, the Third Circuit Court ruled that GPS tracking devices attached to vehicles require a probable cause warrant. [9]   I think this is an important ruling for privacy and the 4th Amendment.  I’m a proponent for […]

Read More…

The Week That Was – 10/18/2013

I’m getting back in the saddle this week.  Sorry for the long break. I have a bit of a mix this week.  Some are security-related and others aren’t, but they are still worth looking at.  Here are some items of note: There is big news from Oracle. The have issued a Patch-a-lanche™ for Java.  [8]  […]

Read More…

The Week That Was – 11/19/2012

Responsible adulthood sucks.  I’ve been up to my eyeballs in personal and professional work and the blog had to take a back seat.  I finally got it pushed up the priority list.  Here are the items I was able to come up with last week. The side channel attacks on virtual systems is interesting.  [2], […]

Read More…

The Week That Was – 10/22/2012

Welcome back, sports fans!  We’ve got a decent sized list of links this week.  One of the threads I picked up on was some lingering commentary on the Huawei and ZTE revelation last week.  And when I say revelation, I mean that the mainstream media recently picked up on it.  First, China rounded up 9,000 […]

Read More…

The Week That Was – 10/1/2012

This is actually a link dump for the past two weeks. Last week completely got away from me. All the cool kids were bashing passwords the past two weeks. [2], [22-23], [28], [40]  I agree that passwords are not the ideal authentication tool. However, it seems that history has shown that passwords strike the right […]

Read More…

The Week That Was – 9/17/2012

We’ve got a bumper crop this week.  There are the obligatory links to the GoDaddy affair.  I get the distinct feeling that the GoDaddy event was not nearly as sensational as the security community would have liked.  Still it’s a sad commentary when your best PR move was to claim self-inflicted gunshot wound to the […]

Read More…

The Week That Was – 9/10/2012

The news reporting is a little light this week, folks.  Yet again, responsible adulthood gets in the way of fun and frivolity.  I still have a few gems for you though. First, let’s talk about the new attack on SSL/TLS. [9]  It relies on a man-in-the-middle (MITM) attack and works a lot like the Beast […]

Read More…

Picking at SCADA

Over the past month or two, Supervisory Control and Data Acquisition (SCADA)  systems have seen an increased amount of attention.  These systems control many parts of our critical infrastructure including electricity, natural gas, petroleum, and water.  Disrupting these services could cause significant damage to the US, especially in time of conflict.  And, thanks to the […]

Read More…
%d bloggers like this: