Legacy and living dead systems have unique challenges for security teams. Take, for example, a 48 year old mainframe that’s still in production. Here is an architecture for prevention and detection.
Watch more videos on my YouTube channel.
Archive for June, 2019
Stuck in Traffic – Phishing from ZIP to ISO to IMG
Posted byTracing the evolution of phishing techniques to highlight a simple rule: our defense don’t stop criminals, our defenses change criminals tactics.
Watch more videos on my YouTube channel.
Stuck in Traffic – Jenkins Plugins and Pipeline Security
Posted byWhen everything is automated, protecting the automation becomes critical. Now automation servers like Jenkins often use open source plugins. This is a problem when those plugins have underlying vulnerabilities, as researchers with NCC Group recently found. Own a plugin, own a pipeline, own a Cloud.
Watch more videos on my YouTube channel.
Stuck in Traffic – Toronto Raptors and User Behavior Analytics
Posted byA lesson we can learn from the original Toronto Raptors, and what it says about the future of User Behavior Analytics.
Watch more videos on my YouTube channel.
Stuck in Traffic – ElasticSearch Security
Posted byProtecting, detecting, and responding to ElasticSearch data leaks. Our starting point is a job site leaking 1.6 million people’s job search information.
Watch more videos on my YouTube channel.
Stuck in Traffic – Border Breach and Data Loss
Posted byIf you’ve recently crossed the US border, your photo is likely in the wind. But, hey. What happened was against policy.
Watch more videos on my YouTube channel.
Stuck in Traffic – Third-party Risks, Quest, LabCorp
Posted byWith some twenty million consumer records in the wind, we look at requiring third-party billing companies to be secure.
Watch more videos on my YouTube channel.
Stuck in Traffic – Sign in with Apple ID
Posted byQuick recap of the security on Apple’s new single sign-on offering.
Watch more videos on my YouTube channel.
Designing Security for Systems that are Bigger on the Inside
Posted byCircleCityCon 2019 Keynote. Security happens where man meets machine. Or, fails to happen, as we see all too often. Blame the users. They’ll click anything. Blame the developers. Half their code is riddled with vulnerabilities anyways. Blame the IT staff. You’d think they’d at least know better. But perhaps, we’ve been placing the blame on the wrong places. What exactly happens where people and technology meet? At that moment, that very moment, what factors in human psychology and industrial design are at play? And suppose we could pause time for a moment. Suppose we could tease out those factors. Could we design a better experience, design a better outcome, design a better path to the future? This session explores these questions and identifies lessons the cyber security field can learn from industrial design. Because design theory? Design theory is cool.
Watch more videos on my YouTube channel.