The (not paranoid enough) Android

The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China has the following charming characteristics,…

Continue Reading

Beware of mobile number port out scams!

I spend a lot of time telling people to use two factor authentication on their important web accounts.  This may explain why I don’t get…

Continue Reading

The ultimate outsider threat?

I know I have been blathering on about insider threats lately, so let’s go to the other extreme – the ultimate outsider threat. A pair…

Continue Reading

Insiders on the outside

Homeland Security Magazine has a very interesting case study on an insider threat case involving DirecTV.  In this case, the insider was a sort-of third…

Continue Reading

Jim Jeffries on US airport security

The rest of the world tends to look askance at the way that we here in the US handle airport security.  Many of the measures…

Continue Reading

Outsourced security program failure leads to $100K regulatory fine

Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing (an electronic trading firm) $100,000…

Continue Reading

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of…

Continue Reading

Malicious data leaks and corporate liability – a tale of two countries

Databreaches.net had a link to a very interesting article about corporate liability for an employee’s malicious leaking of employee information.  What was most striking to…

Continue Reading

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…

Continue Reading

Protecting your nuclear reactor from insider threats

OK, so you may not be protecting a nuclear reactor against insider threats, but this presentation from the International Atomic Energy Agency contains a LOT…

Continue Reading