Snail mail hacking
Some of the most effective hacks don’t require the attacker to touch your computer. This article from Flashpoint provides some insight into how criminals are…
The NYPD (and the rest of us) need some new barricades
Not all security barricades are made of wood. Some are made of bits. According to the New York Post, the New York Police Department ran…
Deepfakes – Welcome to the post truth society
I recently watched the New York Times’ Weekly episode “Deepfakes – Believe at Your Own Risk” and while I have been concerned about the implications…
Security awareness materials you can use – “Why we fall for cons”
One of my favorite parts of my job as a CSO is building security awareness amongst my colleagues. I really believe that the time put…
Orvis data leak and the need to monitor ‘paste’ sites
Fishing retailer Orvis had a serious (and embarrassing) data breach recently. Independent security researchers found a posting on text snippet site Pastebin with what appeared…
An unsung cybersecurity hero
Here is some excellent reporting from ProPublica about an unsung cybersecurity hero. Michael Gillespie has helped thousands of people recover their files after they were…
US DoJ guidance on responding to and reporting cyber incidents
When thinking about how to respond to cyber security incidents, you need to think about how your organization will engage with law enforcement – and…
OWASP API Top 10 Security List
If your organization is developing software, chances are that your developers are building application program interfaces (APIs) to allow interoperability between your code and code…
Insider threat reporting by the numbers
I don’t normally take security advice from goats, but I think I need to make an exception for Red Goats. A recent report on insider…
Great resource for configuring TLS
OK, let’s admit it – issues around cryptography are the most complex and confusing part of information security. Aside from all that math, there are…