Until recently the security concerns associated with IoT devices have been mostly speculative. It’s easy to ignore how a webcam or a inexpensive gadget might be a cyber-security concern. Most people don’t think in terms of […]
Here are some quick reads for the week of September 5, 2016. If you have interesting links of your own share them in the comments.
Here are some quick reads for the week of August 29, 2016. If you have interesting links of your own share them in the comments.
- WSJ: Delta Meltdown Reflects Problems With Aging Technology
- EFF: Analysis of Windows 10 user Privacy
- Cyber Ventures: Report on the global cost of Cyber Crime
- Talos: Analysis of Cryptowall (Ransomeware) 4.0
Thoughts on the […]
The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor.
In some cases, the IT auditor may make great suggestions for controls I have not seen many organizations put into place while in other cases, the auditor might point out the […]
Sigcheck is a light weight Windows command-line utility that does an amazing job at scanning the digital certificate stores on your system for anything irregular and not part of the official Microsoft Trusted Root Certificate list.
Additionally, the utility will also check the digital signatures of files and identify all unsigned files in a directory while simultaneously running […]
Recently I was asked by a CIO to think of and execute a simple attack at a manufacturing facility as part of an ongoing initiative to enhance cyber security awareness. I’m not at all a penetration tester or ethical hacker, but there are a few very simple “attacks” that almost anyone can execute.
In this instance I will describe how you can […]
Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the organization exposes itself to additional risk of data breaches, accidental loss/release of sensitive information, losses in efficiency or additional costs associated with securing data that may not require it (hardware-based encryption doesn’t come cheap!).
It is […]
The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation.
Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781 breaches, with each […]