What happens if your passwords are stolen? Never mind how. Let’s assume somehow with “magic” your passwords are stolen. Now what? It is useful to make this risk assessment exercises to see what can happen in your network. This is why one does not want to give more access than absolutely necessary. If … Read more
Although on December 7th is another year gone by for remembering Pearl Harbor attack in 1941 (74 years ago) I want to focus on the suprise attack angle. Tora Tora Tora トラ・トラ・トラ means “We have achieved complete surprise” in Japanese codeword. A translation is Tiger. Tora (Tορα) is translated to “now” from Greek. Torah … Read more
Checking your Logs for anomalies is getting more difficult as time goes on. There is a new report out by FOX IT¹ and the report dissects a long running botnet (botnet is a program that connects to itself across the Internet). This botnet may be considered the largest and longest running as it started around … Read more
There was a presentation on the “Psychology of Security” which is a favorite topic of mine(past blogposts): http://oversitesentry.com/the-psychology-of-security/ http://oversitesentry.com/how-much-should-i-spend-on-cybersecurity/ http://oversitesentry.com/security-people-are-scaremongerers/ The topics in this slide from Stefan Schumacher presentation at BSides https://bsidesvienna.at/slides/2015/the_psychology_of_security.pdf Users Choose weak passwords. Users are not interested in Security Users don’t understand Security Programmers create Buffer overflows and forget safety regulations Admins … Read more
Rob Alexander is CIO of Capital One and was very proud of his move to AWS http://t.co/ix9TamNPAW here is one of his slides touting the his efforts. “We can provide higher security with AWS than with our own data centers” They are developing new mobile and web apps to connect to your bank account “Mobile … Read more
