Category: worst practices
Vulnerability management – we’re doing it wrong
Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…
Another killer woodpecker
Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…
It’s official… SMS is not a security tool
UPDATE: The three major US mobile carriers have closed this particular loophole… however, it is not clear if carriers in other parts of the world…
The biggest cloud threat? Us!
Another cloud security issue caused not by the cloud, but by how people use the cloud. Security firm Sophos has been taking a look at…
Are passwords really the best we can do?
So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns…
Snail mail hacking
Some of the most effective hacks don’t require the attacker to touch your computer. This article from Flashpoint provides some insight into how criminals are…
Something about (Japanese) foxes and hen houses
Not strictly a security story, but interesting and alarming… Japanese authorities have decided that: It is permissible to make contributions to politicians using cryptocurrencies like…
Is Business Email Compromise a “cyber attack?”
Just what constitutes a cyber attack? That’s the question facing a court in a case brought against insurer AIG. One of the firm’s clients was…
Bad biometrics: Samsung’s new S10 phone
When biometrics work properly, they can provide you with an easy to use security solution with a reasonable level of assurance for most types of…
Comcast assigned every mobile customer the same unchangeable PIN to protect against SIM hijack attacks: 0000
If someone wants to steal your phone number — say, to intercept the two-factor authentication SMSes needed to break into your bank account or other…