Companies can only change so fast. Teams can only do so much. People’s to-do lists can only grow so long. What to do? Build programs strategically so as to not ask for more than can get done.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Detecting Deception with Honeypot Buster
Posted byAs honey pots and honey tokens — those deceptive techniques for tricking red teams and criminals — get more widely used, tools for detecting them are getting created and distributed. Example: Honey Buster.
http://ift.tt/2uryim4
Watch more videos on my YouTube channel.
Stuck in Traffic – Good Chrome Plugins Gone Bad
Posted byAdware organization buys Particle, a Google Chrome plugin. They update the code. People automatically receive the updates. (We are all keeping up-to-date on our software, right?) And then a once good plugin is now shipping adware.
Watch more videos on my YouTube channel.
Stuck in Traffic – Setting Encryption to Max
Posted bySome corrections. RSA in GPG is broken, it’s the implementation not the algorithm. And there’s a lot more to using encryption than simply, “set it to the maximum your development framework allows.”
Shout out and thanks to @sweharris and @virtualjj.
Watch more videos on my YouTube channel.
Stuck in Traffic – Breach Reports for Incident Response Planning
Posted byQuick idea. Many breach reports list the sources for identifying the breach. Like, a user calls the help desk. Or perhaps, the Intrusion Detection System (IDS) lights up. Let’s use these communication channels in our incident response planning.
Watch more videos on my YouTube channel.
Stuck it Traffic – Practices for Reporting Spoofed Emails
Posted byThe bad guys are spoofing our emails. And the bigger we are, the more fake emails pretending to be from us will be sent. Here are some good practices for setting up a reporting mechanism.
Watch more videos on my YouTube channel.
Stuck in Traffic – 751 Domains Hijacked
Posted by751 DNS domains were hijacked. So then, computers looking up those domains were redirected to download the RIG exploitation kit. Once popped, the computers were joined to the Neutrino Bot. Ouch. Let’s talk DNS controls.
Watch more videos on my YouTube channel.
Stuck in Traffic – Confirmation Bias
Posted byWannaCry didn’t come in over email. NotPetya didn’t come in over email. So why are people asking us to include phishing controls in our threat models?
Watch more videos on my YouTube channel.
Stuck in Traffic – Deep Hosting Pwned
Posted byDeep Hosting gets compromised with a php shell. So how can we stop similar attacks in our environment?
Watch more videos on my YouTube channel.
Stuck in Traffic – Core Values Driven Security
Posted bySecurity programs aligned with an organization’s core values seem to get more buy-in, traction, and visibility.
Watch more videos on my YouTube channel.