(C) 2009 Andrew Lewis / istockphoto.com

WannaCry – Who’s to blame?

The latest strain of ransomware has been in the news, accompanied by somewhat sensationalistic news coverage. Yes, it’s a big deal, but not unexpected – ransomware is only going to get worse. Right now it’s focused on availability, next it’ll be integrity (more on that in the next post). One question that’s just starting to […]

Continue Reading
Doug Lhotka - 2017-04 Moab-1122-Pano

Friday Photo Post – Moab

And now for something completely different.  As I mention on my bio, I try to spend as much of my time not doing cyber security work as I can.  I'm an amateur photographer, and travel the world capturing images that tell stories about the amazing places I've been able to visit. Last month I went to [...]
Continue Reading
(c) Depositphotos / @ adogslifephoto

3D Facial Authentication on iPhone 8?

MacRumors has an interesting article on the iPhone8 with a rumor that it’ll forgo the fingerprint reader in favor of a 3D facial scanner. It’s an interesting idea that could be very convenient, but would it be secure?

Continue Reading
(c) www.depositphotos.com / ipag

iOS 10.2 Force-enables iCloud Drive [updated]

Cloud services can be great – helpful, convenient, and easy to use. They also can be unreliable, insecure, and a risk to privacy. Consumer cloud environments, like Google, Yahoo, and Apple have no SLA, no contractual remedy for a breach, and are rarely compliant with corporate security policies. I, like many security professionals, avoid using […]

Continue Reading
(c) www.depositphotos.com / innovatedcaptures

The Problem of Attribution

Let me describe a situation, and see if you can guess what I’m referring to: A high-profile hack occurred, including data disclosure, and has been attributed to a foreign government. The original source for that attribution was a leak to the press, followed by statements from the executive branch. Later, the intelligence community released a […]

Continue Reading

Cognitive Security: Introduction

It’s no secret that organizations are facing an onslaught of attacks - the Yahoo breach is only the most recent in an escalating pattern; we’re way beyond viruses and script kiddies, and while we continue to have layer 8 problems when users do dumb things, it’s a different age.  Our adversaries are very well organized, [...]
Continue Reading

Security Vulnerability Research = Stock Manipulation?

Last week a group of “security researchers” teamed up with an investment firm in order to make money shorting the stock just before releasing a report on alleged vulnerabilities.  Let’s look at this novel business model.  Disclaimer:  I am not an attorney. Anyone doing this needs to be very sure of their conclusions before trying [...]
Continue Reading

Do you know where your endpoints are?

The Register recently reported that a quarter of banks data breaches are due to lost laptops and phones. Let’s look at that for a minute, because it shows that there’s some basic blocking and tackling that needs to be put in place.    I suspect that the vast majority of that loss isn’t due to active [...]
Continue Reading

Can someone bring (more) chaos to an airport for less than $50?

Last month, according to this article, a Verizon wireless crash disabled wifi at JFK, causing huge backups as agents had to hand-write boarding passes and baggage tags.  It's interesting for many reasons, but we've just learned about a vulnerability at that airport. If the article is correct, it means that someone with a $50 wifi or [...]
Continue Reading