Lessons from the TSA we can avoid. Lessons from the cloud aaS we can adopt. And an idea for how to make security a product consumers want.
Watch more videos on my YouTube channel.
Archive for May, 2016
Stuck in Traffic – Brute Forcing Gestures
Posted byGesture authentication, the “Robotic Robbery in the Touch Screen” paper, and the cool hand gesture lady. Nothing is safe.
Watch more videos on my YouTube channel.
Stuck in Traffic – Local File Inclusion
Posted byQuick primer on Local File Inclusion (LFI) vulnerabilities in Web apps.
Watch more videos on my YouTube channel.
Stuck in Traffic – Career Jumps and the Red Baron
Posted byA hundred years ago, the Red Baron ruled the skies. A few years before that, however, he was a simple calvary man. So what lessons can we learn about going from the help desk to the SOC from a guy who went from a horse to a biplane?
Watch more videos on my YouTube channel.
Stuck in Traffic – Image Tragic
Posted byImage Magic is vulnerable. Don’t just patch. This is an opportunity to evaluate all the controls on the attack path. Done right, we will have 0-day protection.
Watch more videos on my YouTube channel.
Stuck in Traffic – Safe Cracking and Time Based Security
Posted byAt a keynote, I pulled out a safe cracker and demonstrated brute forcing. Safes are excellent metaphors for security controls. Take, for example, the TL rating for a given intensity of an attack and a given amount of time. Can we evaluate our own controls with a TL rating?
Watch more videos on my YouTube channel.
Stuck in Traffic – OK Cupid and the Broken Heart
Posted byWhat can we learn from OK Cupid being scrapped and its users’ information being released? Well, for one, we can make sure our Web sites do not get scrapped.
Watch more videos on my YouTube channel.
Stuck in Traffic – Assessing Processes with Third Parties
Posted byThere are our business processes. There are our work flows. And then there are third party apps, facilities, and cloud hosting. So how do you do a risk and controls assessment?
Watch more videos on my YouTube channel.
Stuck in Traffic – Save a Life or Stop a Virus
Posted byOne time, during heart surgery, the Merge Hemo app locked up. Why? Because of an anti-virus scan. It’s an example of what happens when we focus solely on securing technology.
Watch more videos on my YouTube channel.
Stuck in Traffic – Swiss Cheese Model
Posted byApplying the “Swiss Cheese Model” to after action reports to beat the odds with incident response.
Watch more videos on my YouTube channel.