Category: best practices

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of…

Continue Reading

Great DerbyCon talk on hunting for the bad guys

It sometimes seems to me that a lack of data is not the issue when patrolling your networks for signs of evil badness… it is…

Continue Reading

The Practitioner’s Perspective on Cybersecurity – June 2015

On June 16th, 2015, I was privileged to participate in a panel entitled “The Practitioner’s Perspective on Cybersecurity” at the SmartBrief Cybersecurity forum, held at the…

Continue Reading

no, it’s not the end user’s fault

According to a survey released by endpoint security solution vendor Bromium, 79 percent of surveyed information security professionals view end users as their “number 1…

Continue Reading

quick and dirty malware analysis

There are a number of web based tools that allow you to safely analyze the behavior of potentially malicious files safely.  My personal favorite is…

Continue Reading

video: how to pick a proper password

When your co workers or family members ask what to do about passwords, have them watch this brief, easy to understand and information packed video…

Continue Reading

racing the patch clock

When previously undisclosed vulnerabilities in the Drupal web content management system used by many large companies to manage their web sites were announced, hackers were…

Continue Reading

dropbox sharing flaw exposes personal documents and (unencrypted) cloud risks

A security vulnerability in the way that online storage provider DropBox (and possibly rival Box) handles links to shared files caused some documents (which were…

Continue Reading

apple security fail leaves email attachments unprotected

One of the nice things about Apple’s iOS platform is the “hardware level encryption” that protects “all of the information on the device.”  At least,…

Continue Reading

a new, saner approach to password policies

In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use…

Continue Reading