The effects of vendor risk management and security by spreadsheet on the software development ecosystem.
Watch more videos on my YouTube channel.
Archive for February, 2017
Stuck in Traffic – SHA-1 Shattering Code Repos
Posted byGit and Svn both use SHA-1 for identifying submissions to source code repositories. But SHA-1 was shattered. So now what?
Watch more videos on my YouTube channel.
Stuck in Traffic – Put in a Ticket
Posted byDid I do the thing? “Sure.” Did I put in a ticket demonstrating we did the thing? “Well…” Today, ways to automate and streamline ticket tracking for compliance.
Watch more videos on my YouTube channel.
Stuck in Traffic – Sha1 Breaks
Posted byMD5 was broken with a stack of Playstations. SHA1 was broken with a cluster of Amazon EC2 instances. Doesn’t seem as much fun, right? But either way, it’s time to update our encryption settings.
Watch more videos on my YouTube channel.
Stuck in Traffic – Spreadsheet Airtraffic Control
Posted byA breach at Boeing was caused by one spreadsheet emailed, exposing some 36 thousand employees to identity theft. Here are a few controls that could have prevented this scenario.
Watch more videos on my YouTube channel.
Stuck in Traffic – Bugging Word Documents
Posted byAssuming some employee does copy thousands of documents, how would you know? One way is to plant a document with a Web bug that alerts you when it’s opened. Hello, roll-your-own honey token.
Watch more videos on my YouTube channel.
Stuck in Traffic – Lady Gaga, Ticketmaster, and CrowdSurge
Posted byA Ticketmaster executive reportedly left CrowdSurge with his network credentials and 85,000 documents. Reportedly. The executive then accessed CrowdSurge’s computers for trade secrets. Reportedly. A complaint was filed in US District Court this month. But whatever happens, tickets for Lady Gaga are too expensive, and controls are needed for exiting executives.
Watch more videos on my YouTube channel.
Stuck in Traffic – Protecting Mobile Apps (Cars)
Posted byWhenever new news comes out, it’s imperative to analyze the actual attack vector and, if it’s applicable to our environment, threat model. This analysis is the first step in avoiding hype and FUD. For this week’s example? Android attacks on car mobile apps as presented at RSAC.
Watch more videos on my YouTube channel.
Stuck in Traffic – Threat is the new Risk
Posted by“Threat is the new Risk.” Or, not. Back to basics in this morning’s video.
Watch more videos on my YouTube channel.
Stuck in Traffic – File Server Resource Manager
Posted byThe use of FSRM on Windows for File Screening Management, and what that means for attacks like ransomware.
Watch more videos on my YouTube channel.