At the intersection of time-based security, active defense, and siem monitoring, lies the simple yet effective honey token. Here is one example.
Watch more videos on my YouTube channel.
Archive for November, 2015
Stuck in Traffic – Social Circles
Posted byMake a list of the top 10 areas of IT security for which you are responsible. Under each area, add a name of at least one expert that you know personally and can rely on. Add another name of someone who can rely on you. How complete is your social circle?
Watch more videos on my YouTube channel.
Stuck in Traffic – Active Defenses
Posted byRevisiting balloon tower defense-in-depth to illustrate one type of active defense. As a bonus, we will cover how this reduces the impact of 0-day vulnerabilities.
Watch more videos on my YouTube channel.
Stuck in Traffic – Starwood Hotels Breach
Posted byStarwood Hotels was hit where they didn’t expect it. So share more information on breaches than the last step in the attack path, please. Also, yes, let’s protect those point of sales systems.
Watch more videos on my YouTube channel.
Stuck in Traffic – Accidental Disclosures
Posted byThe rear window is the new exif. And every presentation is an opportunity to tell the world how to steal your stuff. So today, being careful with what we share.
Watch more videos on my YouTube channel.
Stuck in Traffic – Proxies
Posted byQuick rundown of proxies like Fiddler, WebScarab, Burp, and Zap. Use these for testing Web APIs and stopping farm equipment. Oh, also, check Troy Hunt’s site for training.
Watch more videos on my YouTube channel.
Stuck in Traffic – Checking Boxes
Posted byIs it better to raise all controls to a certain standard, or to check the box in some areas in order to go deeper in others? Today we look at where checkbox security meets balloon tower defense-in-depth.
Watch more videos on my YouTube channel.
Stuck in Traffic – IoT Mathematics
Posted byI say IoT firms typically have less one full-time employee working on security with a budget less than $100k. I’m wrong. But it is the most right wrong answer. Here’s why.
Watch more videos on my YouTube channel.
Stuck in Traffic – Web APIs
Posted byDeveloped in a rush. Shielded by Web servers. Put into production with little testing. And now? Moved out into the world to service mobile apps. Oh yes, Web APIs are fun.
Watch more videos on my YouTube channel.
Stuck in Traffic – Criminal Intent
Posted byThey broke into apps with payment information. And then? Botnet. They broke into databases with personal information and more. And then? Denial of Service. These crimes are not what we’d expect (or fear). It’s a surprisingly good reminder to consider criminal intent in our risk management.
Watch more videos on my YouTube channel.