If you’ve recently crossed the US border, your photo is likely in the wind. But, hey. What happened was against policy.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Third-party Risks, Quest, LabCorp
Posted byWith some twenty million consumer records in the wind, we look at requiring third-party billing companies to be secure.
Watch more videos on my YouTube channel.
Stuck in Traffic – Sign in with Apple ID
Posted byQuick recap of the security on Apple’s new single sign-on offering.
Watch more videos on my YouTube channel.
Designing Security for Systems that are Bigger on the Inside
Posted byCircleCityCon 2019 Keynote. Security happens where man meets machine. Or, fails to happen, as we see all too often. Blame the users. They’ll click anything. Blame the developers. Half their code is riddled with vulnerabilities anyways. Blame the IT staff. You’d think they’d at least know better. But perhaps, we’ve been placing the blame on the wrong places. What exactly happens where people and technology meet? At that moment, that very moment, what factors in human psychology and industrial design are at play? And suppose we could pause time for a moment. Suppose we could tease out those factors. Could we design a better experience, design a better outcome, design a better path to the future? This session explores these questions and identifies lessons the cyber security field can learn from industrial design. Because design theory? Design theory is cool.
Watch more videos on my YouTube channel.
Stuck in Traffic – Cleartext Passwords in Google GSuite
Posted byWe all make the same mistakes. We all introduce the same vulnerabilities. When we see multiple issues, similar issues, from multiple vendors it is a good time to check for those same issues in our own environment. Today’s example: Google making GSuite passwords available in cleartext.
Watch more videos on my YouTube channel.
Stuck in Traffic – WhatsApp Compromised
Posted byA vulnerability in WhatsApp allows attackers to take over phones with the app. Sure, we can only run trusted software on our trusted devices. But what happens when that software gets compromised?
http://bit.ly/2JkbLRa
Watch more videos on my YouTube channel.
Stuck in Traffic – On-premise SharePoint Under Attack
Posted byCriminals are taking advantage of an unpatched vulnerability in SharePoint. This brings up the topic of what’s more secure: in the Cloud or on-premise IT?
http://bit.ly/2WCuU3K
Watch more videos on my YouTube channel.
Stuck in Traffic – Maximum Security
Posted byWatching the Kentucky Derby and thinking about horse racing as a metaphor for organizational IT security. Also, Continuous Monitoring should have been the winning horse’s name.
Watch more videos on my YouTube channel.
Stuck in Traffic – TheLadders, ElasticSearch, and You
Posted byTheLadders setup all user data in an AWS ElasticSearch database. Then, made sure there was no password required. Whoops. This exposed some 13 million people’s data, and has me thinking about the risk of unused Web services.
Watch more videos on my YouTube channel.
Stuck in Traffic – Time and Trust
Posted byTime is a signal of trust. New? We can trust it a lot. Been going for some time? Anything could have happened, so we trust less. Right then. How to use this in security?
Watch more videos on my YouTube channel.