Posted in online security

E.U. software bug bounties for open source software ๐Ÿ‘

Here is a great example of how international cooperation can make the Internet more secure for us all… the European…

Posted in online security

Not all two factor authentication is created equal

Two factor authentication ย is an important security tool; by using 2FA, an attacker get ahold of your user name and…

Posted in cloud computing CSO online security

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did….

Posted in hacks malware online security

The (not paranoid enough) Android

The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China…

Posted in authentication cloud computing hacks online security

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.ย  This may…

Posted in hacks online security social engineering

The ultimate outsider threat?

I know I have been blathering on about insider threats lately, so let’s go to the other extreme – the…

Posted in best practices hacks insider threat law online security

Insiders on the outside

Homeland Security Magazine has a very interesting case study on an insider threat case involving DirecTV.ย  In this case, the…

Posted in cloud computing CSO online security

Outsourced security program failure leads to $100K regulatory fine

Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing…

Posted in best practices CSO hacks online security

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other…

Posted in authentication CSO online security worst practices

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two…