DD4BC arrests unlikely to signal end to DDoS extortion
Despite the recent arrest of a member of DD4BC, all signs point to a continuation of DDoS extortion attacks. The vast majority of victims do not pay the ransom and choose to wait it out or strengthen their countermeasures, but just...
What I learned from resetting over 300 passwords
After the password manager company LastPass announced a data breach of account credentials, I decided to change the password on all the accounts I've ever created - over 300. In the process I made many discoveries about the state of...
Lessons from the Heartland Payment Systems data breach, redux
In 2009, Heartland Payment Systems suffered what was until recently the largest data breach in recorded history, at the hands of a skilled and malevolent hacker. After the attack, the company went on the offensive, implementing...
What combination locks teach us about encryption weakness
Last week, an interesting story made the rounds on social media about a researcher named Samy Kamkar who discovered a flaw in Master-brand combination locks and was able to open the lock in eight tries or less. It’s a great discovery...
Vulnerability scan vs. penetration test vs. risk analysis: What's the difference?
An often overlooked, but very important process in the development of any Internet-facing service is testing it for vulnerabilities, knowing if those vulnerabilities are actually exploitable in your particular environment and, lastly,...
Security BSides San Francisco, 2015 conference review
The annual security conference, Bsides San Francisco, was held on April 19 and 20. It was an exciting and action-packed event with talks from some of the best up-and-coming industry speakers. This is a general review of the event as...
Are we witnessing a cyber war between Russia and Ukraine? Don't blink - you might miss it
The term “cyber war” is often misused and misunderstood, but there is a clear and concise definition with a high bar of what constitutes one. The ongoing War in Ukraine, also known as the War in Donbass, meets the standard of cyber...
How to survive security conferences: 4 tips for the socially anxious
One of the world’s largest security conferences, RSA 2015, is right around the corner. Security professionals from all over the world will be in San Francisco that week, and this will arguably be the single best chance all year for...
Cyber what? (part 2 of 2)
Words beginning with “cyber,” such as “cyber war” and “cyberspace” are entering our everyday lexicon. Politicians use the terms to describe an ambiguous threat from another country and security vendors use the terms to get you to buy...
Cyber WHAT? (part 1 of 2)
Words beginning with “cyber,” such as “cyber war” and “cyberspace” are entering our everyday lexicon. Politicians use the terms to describe an ambiguous threat from another country and security vendors use the terms to get you to buy...
Not all data breaches are created equal – do you know the difference?
System intrusions affect companies in different ways and a huge factor when assessing risk is the type of data exposed. There are many different types of data that can be leaked and the three most common are examined.
Why the Hillary Clinton email story is a big deal
A security-only look into why using a personal email address for business communication is an all-around bad idea, regardless if you are a CSO or the Secretary of State (but an extremely bad idea if you are the Secretary of State).
