vulnerability-research
Vulnerability value modifiers
There are a few globally and truly external modifiers to the marketplace-defined value of a vulerability.
risk-management
cybersecurity
Practical prepping for Hacker Summer Camp
Here are some last-minute security and general “staying vertical” notes I shared with a few folks who are headed to B-Sides/Diana/Queercon/Blackhat/DEF CON. There are lots of other posts on Vegas survival, and I’ll post a list of them in a little bit… This one is
risk-management
Managing smart device risk: A "how-to" for the average human.
I’m going to provide a practical, ubiquitous, and risk/benefit focussed version of the advice in the tweet, aimed at the average Internet citizen who wants to take advantage of these technologies, while understanding how they can minimize the risks that come with their use.
cybersecurity
Making noise
“We had a problem with a few needles, and as an industry decided that the best thing to do was to drop a haystack on them.” This is definitely QOTD from an old cybersecurity industry friend over lunch today. It sums up the current information overload problem for those on
vulnerability-disclosure
Thoughts on the vault7 CIA/Wikileaks disclosures
Wikileaks’ release of thousands of confidential CIA documents today is yet another demonstration of our just how vulnerable the cybersecurity domain is. Unless we do a better job identifying our vulnerabilities, attackers – be they criminals, hacktivists, hobbyist, or nation state agencies – can and will take advantage of them. What’s
cybersecurity
My cybersecurity predictions for 2017
If 2016 did anything for cybersecurity, it was to prove that truth can end up wayyyyyyy stranger than fiction (where fiction, of course, are end of year prediction pieces). I have plenty of opinions of where I think it’ll get weird next year, but instead I think Mike Mimoso’
cybersecurity
Solve 99% of Your Infosec Problems with this One Weird Trick!
99% of good infosec is equivalent to remembering to wash your hands after you use the bathroom. As an industry, we should be working to make that easier.
cybersecurity
Pain of staying the same > Pain of change = Change
Cybersecurity has long been a challenge lead from the top down, but as heat increases in the consumer market and hacking becomes dinner-table conversation at non-geek dinner-tables, I wonder...
cybersecurity
Sms Scams – What Can Be done?
First things first… If you receive a spam SMS you should forward the message to the Australian Media and Communications Authority Spam SMS service on 0429 999 888. I recommend doing it a few times. This is the proper way to deal with this issue. Now… for those of you
cybersecurity
Sms Scams - What Can Be done?
First things first… If you receive a spam SMS you should forward the message to the Australian Media and Communications Authority Spam SMS service on 0429 999 888. I recommend doing it a few times. This is the proper way to deal with this issue. Now… for those of you
cybersecurity
mysqlcheck.com – in Ur mysql, Checking ur… mysql.
Check out this website by Mark Wickendam. Let it be said first up that I think this site is awesome. I lol’d hard, visited it again, lol’d hard again, and so on. As one of the guys behind http://rdpcheck.com (a legit site and I suspect one
vulnerability-research
Why the Smb Is Most at Risk from ms12-010
There’s a lot of hubbub going around about the recent vulnerability from Microsoft. It’s called MS12-020 and it affects the Remote Desktop Protocol (a.k.a. RDP or Terminal Services if you are old school). The hubbub is warranted… Once researchers get code working to exploit this vulnerability