Operation InfeKtion: How Russia Perfected the Art of War | NYT Opinion

The war we try to ignore

As information security professionals, our goal is to protect information against attacks on confidentiality, integrity and availability. Today, I want ... Read More
Even with security flaws, you should be using a password manager

Even with security flaws, you should be using a password manager

Yesterday, the Washington Post ran an article about some important security research on password managers, describing a number of serious vulnerabilities in some of the most popular products in this space. However, the author of the piece urged readers to keep using password managers, as the risk of badly constructed, ... Read More
Things to worry about in 2019

Things to worry about in 2019

| | online security
In this post, I wanted to take a break from telling you what *I* think the things that should keep you awake at night (at least from an information security point of view) are – I wanted to see what other paranoid folks are worrying about when it comes to ... Read More

What does your password say about you?

Using what we security experts call “crappy passwords” can be the first step in a journey to identity theft and all of its attendant miseries. If you are using Google Chrome to browse the web, a new web extension from Google can help you detect when you are using user ... Read More

Not all two factor authentication is created equal

| | online security
Two factor authentication is an important security tool; by using 2FA, an attacker get ahold of your user name and password still can’t get into your accounts. But not all two factor authentication is created equal. Good two factor authentication uses an app on your phone or a hardware key ... Read More

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did. According to a study by a French cybersecurity firm which looked at 100,000 Amazon S3 buckets… 90% of buckets are private, and therefore not at risk of leaking data or ... Read More

The (not paranoid enough) Android

| | hacks, Malware, online security
The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China has the following charming characteristics, according to a recent blog post. Zero-day threat previously unknown within the mobile security community Group of at least 50 functioning apps containing the sophisticated ... Read More
jim jefferies australian airport security

Jim Jeffries on US airport security

| | Humor, Travel Security
The rest of the world tends to look askance at the way that we here in the US handle airport security. Many of the measures we take are pure “security theatre,” reacting to the last terrorist scheme (exploding shoes, bombs in underwear) that we happened to catch. Checking electronics seems ... Read More

Outsourced security program failure leads to $100K regulatory fine

| | cloud computing, CSO, online security
Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing (an electronic trading firm) $100,000 for a disclosure of 97,000 files containing customer information to an unauthorized third party due to a misconfigured network attached storage device. AMP had outsourced ... Read More

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of thousands of people: If you are going to use Infrastructure as a Service providers like Amazon, make sure that the people using them take the ... Read More