Month: September 2015

Security Triangle+ People Process Technology+

by

As other blog posts have mentioned  in the past: Schneier: https://www.schneier.com/blog/archives/2013/01/people_process.html http://www.computerweekly.com/blogs/david_lacey/2013/01/we_need_more_use_of_security_t.html Here is the “Security Triangle” People, Process, and Technology. Image from: http://www.business2community.com/online-communities/social-intranets-merging-people-process-and-technology-0126252   Even though the image above is for social media, I like it because it shows the number of items in People that must be behind your new security push. “Security People” … Read more

Why is Security Difficult? Target Breach Analysis 2 Yrs Later

by

Brian Krebs does a great job reviewing the details at his latest post http://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/#more-32276 The analysis of Target’s breach is obvious in the level of insecurity in Target 2012. Default passwords used Passwords of insufficient complexity No segmentation of network. Insufficient patching No pentesting Every point in the PCI (Payment Card Industry) was a failure. … Read more

Cyberjokes v1.6 #CyberJoke Friday

by

Another compilation of Computer Jokes from the Internet http://www.ajokeaday.com/Clasificacion.asp?ID=18 Includes the following: Tech Support: “I need you to right-click on the Open Desktop.” Customer: “Ok.” Tech Support: “Did you get a pop-up menu?” Customer: “No.” Tech Support: “Ok. Right click again. Do you see a pop-up menu?” Customer: “No.” Tech Support: “Ok, sir. Can you … Read more

FTC-Wyndham Court Decisions Make Cybersecurity More Litigiou$

by

The latest story from Arstechnica: http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/ Builds on the previous post: http://oversitesentry.com/courts-uphold-ftc-regulation-punishment-to-negligent-company/ Higher regulation –> higher lawsuit fees –>  More costs to a breach. Wyndham had ineffective Cybersecurity and FTC ruled was negligent in its IT practices.  But Wyndham thought it could sue the FTC since Wyndham thought FTC was pushing it’s boundaries as far as … Read more

Hackers Steal What You Allow

by

To anyone that pays attention Chinese hackers steal IP (Intellectual Property Theft) http://www.infosecurity-magazine.com/news/chinas-ip-theft-tech-transfer/ We can argue – is it $5trillion? or 3? My point is it does not matter, the Chinese steal what they can they are not picky. There are certain high value targets of course, but if you allow a hacker in your … Read more