(C) www.depositphotos.com / @ baloon111

The Cell Phone Wiping Conundrum

Losing a phone is painful. Getting a bill for fraudulent calls is a gut punch. And yet we get conflicting advice and misleading reliance on remote-wipe features and their effectiveness. What to do?

Continue Reading
Sunset Over Faux Falls

Friday Photo Post – Sunset over Faux Falls

I'm still working through my recent workshop and shoot in Moab, processing the files, and discovering some new gems.  Often at sunset you only have a few minutes of the perfect light, and this was no exception.  If I'd have taken a couple of steps father forward, I'd have missed the branches encroaching on the [...]
Continue Reading
(C) 2009 Andrew Lewis / istockphoto.com

WannaCry – Who’s to blame?

The latest strain of ransomware has been in the news, accompanied by somewhat sensationalistic news coverage. Yes, it’s a big deal, but not unexpected – ransomware is only going to get worse. Right now it’s focused on availability, next it’ll be integrity (more on that in the next post). One question that’s just starting to […]

Continue Reading
Doug Lhotka - 2017-04 Moab-1122-Pano

Friday Photo Post – Moab

And now for something completely different.  As I mention on my bio, I try to spend as much of my time not doing cyber security work as I can.  I'm an amateur photographer, and travel the world capturing images that tell stories about the amazing places I've been able to visit. Last month I went to [...]
Continue Reading
(c) Depositphotos / @ adogslifephoto

3D Facial Authentication on iPhone 8?

MacRumors has an interesting article on the iPhone8 with a rumor that it’ll forgo the fingerprint reader in favor of a 3D facial scanner. It’s an interesting idea that could be very convenient, but would it be secure?

Continue Reading
(c) www.depositphotos.com / ipag

iOS 10.2 Force-enables iCloud Drive [updated]

Cloud services can be great – helpful, convenient, and easy to use. They also can be unreliable, insecure, and a risk to privacy. Consumer cloud environments, like Google, Yahoo, and Apple have no SLA, no contractual remedy for a breach, and are rarely compliant with corporate security policies. I, like many security professionals, avoid using […]

Continue Reading
(c) www.depositphotos.com / innovatedcaptures

The Problem of Attribution

Let me describe a situation, and see if you can guess what I’m referring to: A high-profile hack occurred, including data disclosure, and has been attributed to a foreign government. The original source for that attribution was a leak to the press, followed by statements from the executive branch. Later, the intelligence community released a […]

Continue Reading
depositphotos_45712279_original

Cognitive Security: Introduction

It’s no secret that organizations are facing an onslaught of attacks - the Yahoo breach is only the most recent in an escalating pattern; we’re way beyond viruses and script kiddies, and while we continue to have layer 8 problems when users do dumb things, it’s a different age.  Our adversaries are very well organized, [...]
Continue Reading
dreamstime_6575969

Security Vulnerability Research = Stock Manipulation?

Last week a group of “security researchers” teamed up with an investment firm in order to make money shorting the stock just before releasing a report on alleged vulnerabilities.  Let’s look at this novel business model.  Disclaimer:  I am not an attorney. Anyone doing this needs to be very sure of their conclusions before trying [...]
Continue Reading

Powered by WordPress. Designed by WooThemes