Password resets as an example of the process – program – product approach. Also, while we’re at it? A couple things organizations overlook with passwords resets.
Watch more videos on my YouTube channel.
Archive for June, 2017
Stuck in Traffic – Out of Control, Petya and Chkdsk
Posted byThe controls for ransomware, like file integrity monitoring (FIM), user behavior analytics (UBA), and anti-malware, these all have one thing in common. They rely on a booted OS. But Petya’s encryption was at pre-boot. It spoofed ChkDsk before Windows started. So now what?
Watch more videos on my YouTube channel.
Stuck in Traffic – Petya and Shared Local Credentials
Posted by“All workstations have local administrator with a shared password,” the penetration test findings often say. But why does it matter? For that answer, we can look at the latest flash random Petya. It steals and reuses these passwords to spread the infection to otherwise immune computers. Ouch.
Watch more videos on my YouTube channel.
Stuck in Traffic – Static Code Analysis and Continuous Development
Posted byLet’s say it takes 48 hours to do static code analysis. Say we’re developing code and pushing every 6 hours. Well huh. Now what?
Watch more videos on my YouTube channel.
Stuck in Traffic – No Crown Jewels
Posted byIt’s become a cliche question: “what are our crown jewels?” Typically, the answer focuses the cyber security tasks on what data matters most. But what happens when our business legitimately doesn’t have any crown jewels?
Watch more videos on my YouTube channel.
Stuck in Traffic – Email and Herd Immunity
Posted byTake our favorite email controls. Domain-based Message Authentication Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF). How often are these being enabled and enforced? Today in traffic, a case study in email and herd immunity.
Watch more videos on my YouTube channel.
Stuck in Traffic – Fireball
Posted byFireball malware and browser hijacking.
Watch more videos on my YouTube channel.
Stuck in Traffic – Surprise Successes and Failures
Posted byA study in Beethoven finds he was often surprised by which music succeeded and which failed. In much the same way, we’re often surprised at which security initiatives take off and which stall. Trick is, experimenting with several initiatives at once.
Watch more videos on my YouTube channel.
Stuck in Traffic – Vuln Scan Web Apps
Posted byWhat’s more risky: flying or driving? What’s more likely: shark bites or dog bites? What’s more vulnerable: servers or Web apps?
Watch more videos on my YouTube channel.
Stuck in Traffic – DevOps Segregation of Duties
Posted bySegregation of duties and least privilege are fundamental concepts in information security. But they need to be applied in a way that doesn’t overly slow down the pace of business. Here’s one approach for how to do this in DevOps.
Watch more videos on my YouTube channel.