Category: online security

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…

In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…

Another cloud security issue caused not by the cloud, but by how people use the cloud.  Security firm Sophos has been taking a look at…

Something for those of us who have to continue to remind our executives how important it is to continually increase our cybersecurity budgets… Global insurer…