Fireball malware and browser hijacking.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Surprise Successes and Failures
Posted byA study in Beethoven finds he was often surprised by which music succeeded and which failed. In much the same way, we’re often surprised at which security initiatives take off and which stall. Trick is, experimenting with several initiatives at once.
Watch more videos on my YouTube channel.
Stuck in Traffic – Vuln Scan Web Apps
Posted byWhat’s more risky: flying or driving? What’s more likely: shark bites or dog bites? What’s more vulnerable: servers or Web apps?
Watch more videos on my YouTube channel.
Stuck in Traffic – DevOps Segregation of Duties
Posted bySegregation of duties and least privilege are fundamental concepts in information security. But they need to be applied in a way that doesn’t overly slow down the pace of business. Here’s one approach for how to do this in DevOps.
Watch more videos on my YouTube channel.
Stuck in Traffic – Impedance mismatch and WAF bypass
Posted byThe application security concepts of impedance and impedance mismatch. With that, we can bypass Web application firewalls (WAF). Defense? Put the controls as close to the app as possible.
Watch more videos on my YouTube channel.
Stuck in Traffic – Minecraft for Security Awareness
Posted byThe idea is using games like Minecraft to share security awareness ideas with our kids. (The reality is that I was pwned by my daughter.) Small things, fun things, repeated regularly and frequently, are the ways we communicate culture.
Watch more videos on my YouTube channel.
Stuck in Traffic – Code-level Changes for Disaster Recovery
Posted byWriting code to gracefully handle disasters and outages. Have a horror story of this gone wrong? Let me know!
Watch more videos on my YouTube channel.
Stuck in Traffic – Blameless Postmortems and InfoSec
Posted byDevOps has this concept of “blameless postmortems”. Developers and engineers explain what happened. But they aren’t blamed. They aren’t fired. It’s a learning and improvement opportunity. So how can we apply this to information security?
Watch more videos on my YouTube channel.
Stuck in Traffic – The Chipotle Breach and Protecting POS
Posted byA few ideas for protecting customers by securing Point of Sale (POS) Systems. This following the Chipotle breach of practically all their POS terminals.
Watch more videos on my YouTube channel.
And the Clouds Break at CircleCityCon 2017
Posted byAnd the Clouds Break: Continuity in the 21st Century
The promise of cloud computing was a utility; always up, always on, just a click away. But we’ve seen many outages. It’s clearly time to blow the dust off the continuity handbook, and revisit recovery for the twenty-first century. This talk provides an overview of business impact analysis, business continuity, and disaster recovery. We then revisit these concepts in the day and age of utility computing and Cloud services. After all, the cloud breaks.
(Friday, June 9, 2017. Indianapolis, Indiana)
Watch more videos on my YouTube channel.