Managing to a State of Abundance
As practitioners, we are often asked to solve problems or simply change the state of something to remove a negative influence on our success. We’re not even necessarily tasked with turning a negative into a positive—but more often only removing the negative state. A great example of that is our ... Read More
Preventing Account Takeover, Enable MFA!
Welcome to October where we celebrate National Cybersecurity Awareness Month! In a previous job, we would host a Cybersecurity Expo and learn together. Last year, I presented a version of this presentation to a large audience with representation across the business (not just IT folks) and I wanted to make ... Read More
Aviation Apps I Use
A friend of mine suggested this as a blog post, the top aviation apps that I use on my phone. Now, keep in mind, I’m a pilot. So some of the apps I use, such as ForeFlight, wouldn’t make much sense unless you are a pilot (or have had some ... Read More
Sellers Buying 5-Star Amazon Reviews
tl;dr: A seller who sold a terrible product is offering me $50 to change my review from 2 stars to 4 or 5. I’m not even sure where to start with this one. It’s a scenario that I’ve never experienced before even as one of the earliest of early adopters ... Read More
Proofpoint Patches URL Sandbox Bypass Bug
Or, how a travel website’s newsletter clued me in to a huge security gap in a popular email protection service. tl;dr: I discovered URLs of sufficient length (over 770 characters) would bypass Proofpoint’s URLDefense service leaving the original link untouched, allowing malicious links directly into users’ email inboxes. Proofpoint let ... Read More
Introducing Where To Now
When I want to learn a new programming language, my typical method of doing this is to either take an existing small project and port it over to the new language, or come up with a small, yet practical problem to solve. I’m kinda like Johnny Five, in that I ... Read More
Improve Outbound Email with SPF, DKIM, and DMARC
“Oh sorry, I missed your email. It got dropped into my SPAM folder for some reason.” Isn’t that frustrating? All you did was send over a proposal and it got dropped into the SPAM folder. Perhaps it was word choice, perhaps you ended up on a list somewhere, or perhaps ... Read More
Life after G-Suite/Postini
Postini was a technology darling in the mid-2000s that sold email filtering technology as a service to companies struggling to combat the onslaught of SPAM and malicious emails that were sprayed at corporate inboxes. For small companies or small footprints, the price was right as well. $1/user/month translated to super ... Read More
The Breach Research We Need
I’m not afraid to point out misleading or bad research that is funded by marketing groups strictly to gain headlines. Studies from firms like the Ponemon Institute come to mind here that give us excellent, shareable headlines supported by a house of cards. The information presented is unusable for risk ... Read More
Pushing Vendors to Abandon SMS
SMS-based authentication continues to be a great way to placate a user into thinking they are safe while creating an avenue for attackers to gain access to their accounts. Fabio Assolini and Andre Tenreiro from Kaspersky published some research that puts numbers in fraud losses to these threats. SIM Swaps ... Read More
