Category: online security

Vulnerability management – we’re doing it wrong

Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…

Continue Reading

IRA Financial versus Gemini – security questions to ponder from a crypto IRA hack

The cryptocurrency world has been the scene of some *wild* stuff lately… and a recent lawsuit filed by IRA Financial Trust against Winkelvossian crypto exchange…

Continue Reading

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

Another killer woodpecker

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…

Continue Reading

LinkedIn and LOLBINs

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

Continue Reading

It’s official… SMS is not a security tool

UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…

Continue Reading

It could happen to anyone…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Continue Reading

EmailRep – Squeezing actionable info from malicious email addresses

Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…

Continue Reading

Securing the real perimeter – part 2

In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…

Continue Reading

Securing the real perimeter – part 1

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…

Continue Reading