Category: best practices

Make your near misses count

Security near misses are opportunities for learning and improvement, but when they are ignored, they can play a role in setting the stage for serious incidents. Use them wisely!

Continue Reading

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

LinkedIn and LOLBINs

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

Continue Reading

Too much information?

An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…

Continue Reading

It could happen to anyone…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Continue Reading

The elusive USB drive attack

Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…

Continue Reading

Securing the real perimeter – part 1

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…

Continue Reading

Recognizing and dealing with insider risk

I came across an interesting white paper from the deep mists of the past (2011) which is as relevant today as it was back when…

Continue Reading

Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…

Continue Reading

Juice Jacking – meh!

Lately, I have been seeing a number of posts and articles warning us all not to use publicly available USB charging points due to the…

Continue Reading