Stuck in Traffic – PwnedPasswordsDLL

August 21, 2017

The first thing hackers learn? Password cracking. And the first thing password crackers do? Try hashes from recent breaches. So it makes sense to prevent users from setting passwords to those found in, say, Troy Hunt’s list of 306 million. That’s been difficult to do. But I recently found PwnedPasswordsDLL, which adds a control to the password change process.

Checking for Breached Passwords in Active Directory

Watch more videos on my YouTube channel.

Stuck in Traffic – Verizon and the S3 Bucket

August 10, 2017

Amazon Simple Storage Service (Amazon S3) is an easy way for apps to store data in the cloud. Too easy. And not only easy to use, but also, easy to misconfigure. Verizon learned this the hard way when a third-party’s S3 bucket was found left open, resulting in a breach of six million subscribers. (Pro-tip: use scripts like Bucket Finder to check for open S3 instances.)

Watch more videos on my YouTube channel.

Stuck in Traffic – The Long Game

August 7, 2017

Overnight successes take decades work. Daily effort, consistently, in the face of delays and setbacks. That’s problematic in an industry where the average tenure of Chief Information Security Officers is less than two years. So stick to it, and let me know your years’ long overnight successes.

Watch more videos on my YouTube channel.