Recent Posts
LinkedIn and LOLBINs
Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…
It’s official… SMS is not a security tool
UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…
Malware protection is easy – Malinformation protection is hard
Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and…
Too much information?
An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…
It could happen to anyone…
The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…
EmailRep – Squeezing actionable info from malicious email addresses
Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…
The elusive USB drive attack
Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…
Securing the real perimeter – part 2
In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…
The biggest cloud threat? Us!
Another cloud security issue caused not by the cloud, but by how people use the cloud. Security firm Sophos has been taking a look at…
