Category: online security

Not all two factor authentication is created equal

Two factor authentication  is an important security tool; by using 2FA, an attacker get ahold of your user name and password still can’t get into…

Continue Reading

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did. According to a study by…

Continue Reading

The (not paranoid enough) Android

The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China has the following charming characteristics,…

Continue Reading

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.  This may explain why I don’t get…

Continue Reading

The ultimate outsider threat?

I know I have been blathering on about insider threats lately, so let’s go to the other extreme – the ultimate outsider threat. A pair…

Continue Reading

Insiders on the outside

Homeland Security Magazine has a very interesting case study on an insider threat case involving DirecTV.  In this case, the insider was a sort-of third…

Continue Reading

Outsourced security program failure leads to $100K regulatory fine

Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing (an electronic trading firm) $100,000…

Continue Reading

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of…

Continue Reading

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…

Continue Reading

Response to Russian government cyber attacks – a lost opportunity?

  Russia’s apparent interference in the United States’ Presidential election marks an escalation in the targeting of state sponsored cyber attacks.  What the US does…

Continue Reading