The recent vulnerability in Samba (CIFS/SMB for Linux) and what it means for HD Moore’s law and the Open Source “Many Eyeballs” rule.
Watch more videos on my YouTube channel.
Archive for May, 2017
Stuck in Traffic – Tips for Incrementing Programs
Posted byNever underestimate the power of incremental improvements over iterative practices. Do the thing. Do it repeatedly. Make small improvements. And use these tips to mold the security program around the team’s strengths.
Watch more videos on my YouTube channel.
Stuck in Traffic – Incident Response on a Budget, How To
Posted bySpinning up a full IR program is time consuming and expensive. Here’s how to build a minimum viable program, dedicating 10-15 days a year.
Watch more videos on my YouTube channel.
Stuck in Traffic – HIPAA and CIS Critical Security Controls
Posted byThe first and second CIS Critical Security Controls are knowing what hardware and software we’re running. Here’s a story about a firm that didn’t and now isn’t.
Watch more videos on my YouTube channel.
Stuck in Traffic – Detect, Prevent, Respond, Deceive
Posted byHacker controls? Prevention and deception get all the buzz. Here’s how and why to start with detection and work our way up.
Watch more videos on my YouTube channel.
Stuck in Traffic – Handbrake Malware
Posted byOne of the mirrored download sites for Handbrake was compromised, and the update ended up distributing Proton malware. Here’s a couple tips on how to avoid falling for this kind of attack.
Watch more videos on my YouTube channel.
Stuck in Traffic – Creating Threat Flows
Posted byCommunication must be clear. For example, don’t say a couple minutes when it’s four. Or don’t say stuck in traffic when in a hotel room. Things like that. And use techniques to simplify communications. For example, threat flows, which I’ll cover today.
Watch more videos on my YouTube channel.
Stuck in Traffic – Training for Culture Change
Posted byLet’s re-envision the standard 40-hour classroom training. If we were to take the same material, leveraging what we know about human attention and memory, how could we deliver it to maximize the impact? Here’s one way, specifically for app security training and software developers.
Watch more videos on my YouTube channel.
Stuck in Traffic – The Hero and the Killswitch
Posted byThe flash ransom WannaCry crippled a quarter million computers. It could have been much worse. Some 20 million Windows XP computers are still in use. So why wasn’t WannaCry worse? Here’s the story, a story of one guy with $10, a story I find inspiring. I’m
Watch more videos on my YouTube channel.
Stuck in Traffic – Why we can’t patch WannaCry
Posted byWhen the flash ransom hit on May 12, 2017, many said “just patch.” But we have old equipment. “Just upgrade,” they said. Sure. Maybe. But have you seen the IT that powers our manufacturing floors? We won’t be able to just upgrade and just patch.
Watch more videos on my YouTube channel.