Recent Posts
Another killer woodpecker
Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…
LinkedIn and LOLBINs
Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…
It’s official… SMS is not a security tool
UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…
Malware protection is easy – Malinformation protection is hard
Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and…
Too much information?
An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…
It could happen to anyone…
The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…
EmailRep – Squeezing actionable info from malicious email addresses
Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…
The elusive USB drive attack
Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…
Securing the real perimeter – part 2
In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…
