Posted in best practices hacks online security Paranoid Peeps systemic risk

WordPress wants sites to eat their (patching) vegetables

Apparently. over a third of the web sites on the Internet (including this one) run the WordPress content management software…

Posted in best practices online security Paranoid Peeps privacy social engineering useful stuff

Good privacy advice from the US DoD

The US Department of Defense has put out a nifty guide on how to protect your privacy on social media…

Posted in best practices CSO deep thoughts hacks risk systemic risk

So your third party has been breached…

Another day, another third party security compromise story… this time it is Indian outsourcing giant Wipro. The firm has confirmed…

Posted in best practices cloud computing online security

Time to end the cloud-o-phobia

Sorry, but I felt no need to purchase a monocle so I could have it pop out of my eye…

Posted in best practices online security social engineering useful stuff

Security risks from domain typo squatters

One of the ways that hackers get users to click on malicious links or believe false emails is to use…

Posted in authentication best practices online security useful stuff

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious…

Posted in authentication best practices online security useful stuff

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and…

Posted in best practices hacks insider threat law online security

Insiders on the outside

Homeland Security Magazine has a very interesting case study on an insider threat case involving DirecTV.  In this case, the…

Posted in best practices CSO hacks online security

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other…

Posted in best practices CSO malware useful stuff

Great DerbyCon talk on hunting for the bad guys

It sometimes seems to me that a lack of data is not the issue when patrolling your networks for signs…