• 09 Feb 2015

    Back to basics in information security? Proven year after year but (apparently) unattainable for many.

    I'm often wrong about many things in life...just ask my wife. However, I'm feeling a bit vindicated regarding my long-standing approach to information security: address the basics, minimize your risks. You see, more and more research is backing up what I've been saying for over a decade. It what was uncovered in the new Cisco 2015 Annual Security Report. [i.e. "Less than 50 percent of respondents use standard tools such ...

    Continue Reading...
  • 05 Nov 2014

    Car racing and security breaches, you’re not as ready as you think you are!

    This past weekend I had the opportunity to run the race of my life - a 90 minute enduro car race in my Spec Miata - held at the America Road Race of Champions at Road Atlanta in Braselton, GA.It wasn't the most competitive race - there were only 17 entries, 14 that made it on track...I've raced with over 60 cars at once.  It wasn't the most stressful race. ...

    Continue Reading...
  • 08 Oct 2014

    What no one is saying about cyber insurance

    I race cars for fun and sport and found out the hard way not long ago that if I wanted to increase my life insurance I was going to have to jump through numerous hoops and pay enormous premiums for a minimal increase in my existing coverage. I was thinking about this scenario compared to 'cyber insurance' and, wow, what a difference. Knowing what I know, there appear to be minimal ...

    Continue Reading...
  • 17 Sep 2014

    What if The Home Depot looked to their own store policies for help with infosec?

    If The Home Depot's management were as strict with information security as they are with store policies I'm confident they could've avoided their data breach.Have you heard their policy monger guy on their intercom system while shopping?? He sounds like that guy we've seen in those disturbing Allstate commercials. A bit creepy. It's also quite uninviting - certainly doesn't make you feel welcome in their stores.At least they've covered their ...

    Continue Reading...
  • 02 Sep 2014

    Bits & pieces on the 2014 Home Depot data breach

    The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...

    Continue Reading...
  • 28 Aug 2014

    The latest Android / Gmail security flaw & why people don’t take IT & security seriously

    You may have heard about the recently-discovered Android exploit that makes Gmail vulnerable to criminal hackers. I read it over and realized that I have to use this opportunity share an example of what I talk about when "researchers" claim that all is bad in the world because of the latest and greatest exploit impacting whatever software or device they've discovered.This Android/Gmail finding in particular is a great example of ...

    Continue Reading...
  • 04 Jun 2014

    More Web security vulnerability assessment, audit, and pen testing resources

    I've been busy in the world of Web security testing - both with work and with writing. Check out these new pieces on the subject. I suspect I'll tick off a "researcher" or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security...Still, I hope that these are beneficial to you and what you're trying to accomplish in your organization:Key Web application ...

    Continue Reading...
  • 11 Apr 2014

    Heartbleed – the biggest Web security problem ever???

    I just came across this piece from NewsFactor: Is Heartbleed the Biggest Web Security Threat Ever? and couldn't help but chime in. Contrary to popular hype, I don't think the biggest web security issue we face (now or ever) is a technical problem...instead, it's something with hair on top like I talked about here.As with the hype over the Target breach and the gloom and doom over Windows XP's end ...

    Continue Reading...
  • 09 Apr 2014

    Windows XP: Goodbye my love…well, not really.

    Windows XP...ah, the memories!I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP - not to mention countless articles, security assessment reports and more over a 7-8 year span.It was nice working with you XP!I waited to write this post today, the day after all the Windows ...

    Continue Reading...
  • 03 Mar 2014

    Interesting sights at #RSAC 2014

    I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...

    Continue Reading...