Category: best practices
LinkedIn and LOLBINs
Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…
Too much information?
An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…
It could happen to anyone…
The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…
The elusive USB drive attack
Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…
Recognizing and dealing with insider risk
I came across an interesting white paper from the deep mists of the past (2011) which is as relevant today as it was back when…
Boredom and security
We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…
Juice Jacking – meh!
Lately, I have been seeing a number of posts and articles warning us all not to use publicly available USB charging points due to the…
The NYPD (and the rest of us) need some new barricades
Not all security barricades are made of wood. Some are made of bits. According to the New York Post, the New York Police Department ran…
Orvis data leak and the need to monitor ‘paste’ sites
Fishing retailer Orvis had a serious (and embarrassing) data breach recently. Independent security researchers found a posting on text snippet site Pastebin with what appeared…