Category: online security

Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…

The cryptocurrency world has been the scene of some *wild* stuff lately… and a recent lawsuit filed by IRA Financial Trust against Winkelvossian crypto exchange…

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…

Yet another example of how LinkedIn can be abused by the bad guys… a phishing campaign which used job titles scraped from user profiles to…

UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…

The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is…

Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in…

In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…

I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…