The other day I read that Comcast is launching a new plan to turn home internet users into unwilling participants in their new global wifi strategy. I’m sure that they will soon be touting how insanely awesome it will be to get “full strength” internet access virtually anywhere just by subscribing to this service. Other […]
The 2014 Verizon Data Breach Investigation Report (DBIR) is out and it paints quite the gloomy picture of the world we live in today where cyber security is concerned. With over 63,000 security incidents and 1,367 confirmed data breaches, the question is no longer if you get popped, but rather, when. According to the report, […]
Today I did an interesting experiment that I thought was worth sharing with others. I tried to come up with a ten item list of password/access management policies based on increasing levels of security. On my list, a “10” effectively means the most secure access management and password polices whereas as “0” effectively means nothing. […]
A couple of years ago I decided, along with support from my management, that Enterprise Risk Management would become a focal point for my Information Security Program. I was convinced that framing vulnerabilities in the form of risks was essential to giving management visibility into issues they currently didn’t know existed and to give our […]
I am going to start out here by saying that I do not now, nor have I ever, held the title of Chief Information Security Officer (CISO). That having been said, I do effectively fill this role as the Information Security Program Owner for a large, $1B+ per year, public company. Some of what follows […]
Let’s say that you go to the same restaurant at least once a week for an entire year. The staff is always friendly, the menu always has something that sounds appealing, and the food is always good enough to keep you coming back for more. The only real drawback is that it usually takes a […]
Last year I gave a talk at a number of different conferences called “The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems” in which I spoke about how if we can break our security tools out of their silos, then they become far more useful. Lately, I’ve been doing a lot of work […]
Yesterday I finished competing in my first ever Capture The Flag (CTF) tournament. It was called Kommand and Kontroll Revenge of the Carders and was run by Rod Soto of Prolexic. I’m going to caveat this post by saying that this was my first ever CTF competition so I have absolutely no baseline of comparison. […]
About a week ago I turned on a new rule on our IPS system that is designed to detect (and block) users who are using TOR to make their activities on our network anonymous. You can say that TOR is about protecting a user’s privacy all you want, but I’d argue that while using corporate […]
This post is going to be short and sweet as it’s something I meant to put up here when I found it sometime back in mid-2011. I’m not even sure if Time Warner is still using these Ubee cable modems for their RoadRunner offering, but I’m sure that there are at least a few people […]
