The application security concepts of impedance and impedance mismatch. With that, we can bypass Web application firewalls (WAF). Defense? Put the controls as close to the app as possible.
Watch more videos on my YouTube channel.
Archive for June, 2017
Stuck in Traffic – Minecraft for Security Awareness
Posted byThe idea is using games like Minecraft to share security awareness ideas with our kids. (The reality is that I was pwned by my daughter.) Small things, fun things, repeated regularly and frequently, are the ways we communicate culture.
Watch more videos on my YouTube channel.
Stuck in Traffic – Code-level Changes for Disaster Recovery
Posted byWriting code to gracefully handle disasters and outages. Have a horror story of this gone wrong? Let me know!
Watch more videos on my YouTube channel.
Stuck in Traffic – Blameless Postmortems and InfoSec
Posted byDevOps has this concept of “blameless postmortems”. Developers and engineers explain what happened. But they aren’t blamed. They aren’t fired. It’s a learning and improvement opportunity. So how can we apply this to information security?
Watch more videos on my YouTube channel.
Stuck in Traffic – The Chipotle Breach and Protecting POS
Posted byA few ideas for protecting customers by securing Point of Sale (POS) Systems. This following the Chipotle breach of practically all their POS terminals.
Watch more videos on my YouTube channel.
And the Clouds Break at CircleCityCon 2017
Posted byAnd the Clouds Break: Continuity in the 21st Century
The promise of cloud computing was a utility; always up, always on, just a click away. But we’ve seen many outages. It’s clearly time to blow the dust off the continuity handbook, and revisit recovery for the twenty-first century. This talk provides an overview of business impact analysis, business continuity, and disaster recovery. We then revisit these concepts in the day and age of utility computing and Cloud services. After all, the cloud breaks.
(Friday, June 9, 2017. Indianapolis, Indiana)
Watch more videos on my YouTube channel.
Stuck in Traffic – iPhones, Dementia, and Future Risk
Posted byResearchers at Arizona State University are exploring mobile phones for decision-making and diagnosis. Specifically, around dementia and Alzheimer’s. But how well will the personal telemetry be protected? And how transparent will the algorithms be?
Watch more videos on my YouTube channel.
Stuck in Traffic – Data Ink Ratio and Logging
Posted byLog too little, and we’ll miss the attacker. Log too much, and we’ll give the attacker cover. Today, data ink ratio and what it means for excessive logging camouflaging the criminals.
Watch more videos on my YouTube channel.
Stuck in Traffic – Surviving Denial of Service Attacks
Posted byHow I spent my Valentines Day: Alcatraz Island. How one criminal gang spent their Valentines Day: 275 Gbps DDoS attack over 21 hours. Ouch! Here’s what to do if it happens to you.
Watch more videos on my YouTube channel.
Stuck in Traffic – Reduce Data, Reduce Criminal Return
Posted byWhat’s in it for the financially motivated criminal hackers? Money. Can we reduce the money, their reward, their return? Some thoughts on making our organizations less of a target.
Watch more videos on my YouTube channel.