Many times when people think about security principles the one that jumps out to them is the principle of least privilege. However, there are other security principles to consider. Let’s look at 8 security principles laid out decades ago that are still relevant today.Read More »
The proliferation of online login accounts has made our lives easier and more convenient to gather information, pay bills, etc. However, it comes at a cost. Our password management hasn’t changed much – and that creates a vulnerability that can really hurt.
Read on to see the pros and cons of password management systems.Read More »
Using a VPN is critical for protecting yourself online and maintaining a level of privacy. It might sound technical and intimidating but it is as easy as checking email – and the benefits are significant.
Let’s discuss what you can do and why to stay safe online.Read More »
Recently there were two huge data breaches of two very large companies. Both organizations collected a ton of information about their clients. The breaches were both spectacular in scope. Furthermore, both were among the largest known data breaches.
I see a large contrast between the Marriott breach and the Equifax breach. The difference between the two massive breaches clearly demonstrates the importance of basic security methods.Read More »
Many years ago Microsoft published a list of the “10 immutable laws of security”. The page has since been removed; however, another version popped up with very slight changes.
Read on the see the security principles from decades ago which are still prevelant today.Read More »
Since 2004 the Department of Homeland Security has organized October as National Cyber Security Awareness Month. The goal is to promote cyber security to help keep Americans safe online. Fast forward 14 years and the security landscape has only become more dangerous. More opportunities exist for online abuses than ever before. The proliferation of internet connected devices that comprise the IOT creates additional attack surfaces which often have security as an afterthought instead of baked into the design.
Today I want to focus on the low hanging fruit i.e. the easy wins we can achieve to significantly improve our online safety and security. Read on to see the simple things most people can do to improve their situation.
Cory Doctorow wrote an excellent piece about the disclosure of software security defects. The post “Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.” spells out the current predicament and suggests a way forward.
This topic is contemporary, impactful, and fascinating. It spans various domains such as InfoSec, free speech, censorship, and private corporate rights
Read on as I analyze the article and offer my thoughts about security vulnerability disclosures.
Troy Hunt recently testified before the US Congress about Data Breaches. The focus was how data breaches affect knowledge based authentication. Identity verification in a post breach world is more challenging than ever.
His testimony is available on his blog. It is worth a read – I’ll wait here until you return.
You can watch the hearing on YouTube. (1.5 hours)
Much of his talk comes from his experience running a website tracking data breaches. If you have not already checked your information in Have I Been Pwned take a look. You can have it notify you if your account has been in a data breach.
A SHA-1 vulnerability discussed 10 years ago has now been exploited. On February 23, researchers at Google and the CWI Institute in Amsterdam announced they have demonstrated its 1st known hash collision.