Wikileaks, CIA documents and some sober thoughts

Wikileaks, CIA documents and some sober thoughts

So, my less than favorite topic found itself at the top of my reading list today. Wikileaks released a treasure trove of documents today that purport to outline all manner of CIA related operations. After I got passed the “what...

03/07/17

Privacy issues in 2017

Privacy issues in 2017

Decades ago privacy really wasn’t that much of an ongoing issue. In the days of agrarian society everyone seemed to know about everyone else’s business and personal lives. As we moved forward into an era of denser population...

03/03/17

RSA 2017: what are you trying to solve?

RSA 2017: what are you trying to solve?

This year at the RSA Security Conference some 40,000 people packed the halls of the Moscone center in search of solutions (and light up swords) to solve their problems. Whatever the issue, they were looking for a salve to sooth...

02/17/17

RSA 2017 notes: privileged accounts and blunders

RSA 2017 notes: privileged accounts and blunders

Privileged accounts are a necessary evil for a lot of organizations. These accounts allow for users to be able to do work that, in some cases, lead to unfortunate results if misused. But, how many organizations do a good job at...

02/16/17

Notes from RSA 2017

Notes from RSA 2017

Every year San Francisco plays host to a massive show in the guise of the RSA Security Conference. The city becomes awash in a sea of interlopers wandering about the streets adjacent to the Moscone Center with their name badges...

02/15/17

Wordpress 0-day content injection vulnerability

Wordpress 0-day content injection vulnerability

Today news broke of a particularly nasty zero day vulnerability in the Wordpress REST API. The vulnerability in this case would allow for content injection as well as privilege escalation. This vulnerability would an...

02/01/17

System agent bloat: too many slices

System agent bloat: too many slices

Many years ago, in simpler times, I was responsible for the security program that included the controls which protected (in theory) against malicious files and programs that were hell bent on causing mischief. We had agents on our...

01/31/17

5 Canadian security conferences in 2017

5 Canadian security conferences in 2017

As every year I find myself working through the list of upcoming conferences around the world. One thing that I’ve always been pleased about is the rich variety that is available right across Canada throughout the year. I’m going...

01/09/17

All through the house, not a hacker was stirring...

All through the house, not a hacker was stirring...

The holiday season is a time to spin down and relax for many people. Where we hang up our spurs, or rather, we tuck the carry-on suitcase into a corner at least five feet away from the door. But, as with every holiday season we...

12/19/16

War stories: escalation attack loopback

War stories: escalation attack loopback

Last month I shared some stories about events that I’ve had to contend with over the last 20 years. One incident that I recall was a particular individual who thought that only scanning up to port 1023 was the only proper way to...

11/04/16

War stories: diary of a box hugger

War stories: diary of a box hugger

After years in the information security space there are few things that get me misty eyed like a massive data center. In part because it gives me a chance to reminisce about the good old days. Hundreds of hours sitting cross...

10/21/16

War stories: for your eyes only

War stories: for your eyes only

There are few things that make for as amusing reading as an acceptable use policy. In some organizations that I’ve been through, it was clear that no one had ever read their unicorn-esque like policy document. Some of the...

10/11/16

War stories: just shut off telnet

War stories: just shut off telnet

Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties that was stamped as verified by a third party intermediary. Pretty basic stuff but, in the 90s it was...

10/07/16

War stories: Logs are where the dead things dwell

War stories: Logs are where the dead things dwell

Over the years there has been one love hate relationship that I could never truly get away from entirely. That was logging on systems and anything else that had something to say. I got so silly that at one point when I was doing...

10/06/16

War stories: the water shut off valve

War stories: the water shut off valve

Years ago I worked for a company that had some manner of connection to the goings on for the power grid. *cough* It was a job that afforded me all sorts of different projects as security had previously been more of an afterthought...

10/05/16

War stories: the vulnerability scanning argument

War stories: the vulnerability scanning argument

Over the last couple of decades I have had all sort of different jobs. I have to count myself as rather fortunate for the experiences I have had along the way. They really went a long way to teach me some valuable lessons. Also,...

10/04/16

Hutton Hotel removes unwanted malware guest

Hutton Hotel removes unwanted malware guest

The long sorted list of companies that have had their payment systems has added a new victim to it’s ranks. This past Friday the upscale Hutton Hotel, a stones throw from Vanderbilt University in Nashville, disclosed that their...

10/03/16

IP Expo Nordic and getting Popp’d by ransomware

IP Expo Nordic and getting Popp’d by ransomware

Ransomware has become all the rage in the security field these days. Both from the perspective of the writers and the defenders. The media is lousy with these articles and I’m apparently not above writing about it myself. This...

09/29/16

Information security and the flaming sword of justice

Information security and the flaming sword of justice

There have been times in my career where I found it almost necessary for me to breathe into a paper bag after hearing some asinine positions on what security should be. I have encountered what I like to refer as the “flaming...

09/28/16

Meteors, disasters and the diesel generators

Meteors, disasters and the diesel generators

In August of 2003 it was just after 4 pm and I was leaving a vendor event where I was watching a professional tennis match. I was looking forward to the weekend ahead with a light Friday on the schedule. I could not have known how...

09/27/16

Load More