I just came across this piece from NewsFactor: Is Heartbleed the Biggest Web Security Threat Ever? and couldn't help but chime in. Contrary to popular hype, I don't think the biggest web security issue we face (now or ever) is a technical problem...instead, it's something with hair on top like I talked about here.As with the hype over the Target breach and the gloom and doom over Windows XP's end ...
Continue Reading...Windows XP...ah, the memories!I wrote many of my books including the first two editions of Hacking For Dummies and the first edition of The Practical Guide to HIPAA Privacy and Security Compliance originally on Windows XP - not to mention countless articles, security assessment reports and more over a 7-8 year span.It was nice working with you XP!I waited to write this post today, the day after all the Windows ...
Continue Reading...I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...
Continue Reading...I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...
Continue Reading...I thought you might be interested in these recent information security articles and webcasts I've written and recorded:Information security project considerations for project managersThe information security basics your organization should already knowHow VARs can help customers securely discard e-waste Regulatory compliance requirements for security solutions providersKeeping resilientExtending HIPAA Compliance from Electronic Health Records to Document and Data TransmissionsInformation Technology and Business Continuity – Filling the gaps to protect your businessBe ...
Continue Reading...I noticed a lot of interesting topics/news coming from the Black Hat conference last week such as: SSH Communications Security Unveils General Availability Of SSH Risk Assessor ToolPreparing For Possible Future Crypto AttacksCrack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone HTTPS Hackable In 30 Seconds: DHS AlertNo doubt, these are all worthy topics that will help improve information security over the ...
Continue Reading...Every time I browse the Chronology of Data Breaches and read the headlines coming out from Dark Reading, threatpost, and the like, I can't help but shake my head. What is it really going to take to get people - mostly management, but some in IT - to fix the stupid, silly, low-hanging fruit that's plaguing so many networks today...? Well, here's a new piece I wrote for the nice ...
Continue Reading...Well, it's here...the fourth edition of my book Hacking For Dummies is officially available today!Starting summer of 2012 and ending just before Christmas, I put in over 200 hours of blood, sweat, tears, and occasional cussing into this edition...more than any previous updates to the book. That said, my savvy technical editor, Peter Davis, and the wonderful editors at Wiley, Becky Huehls, Virginia Sanders, and Amy Fandrei were the real ...
Continue Reading...If the person who heads the CIA can't keep his "secrets"; nothing's secret. It's as simple as that.What are you doing to ensure your intellectual property is protected?Lawyers will claim their contracts are enough. Management will leave their heads in the sand and claim their IT folks are handling it. Neither are enough.Fix the silly/ridiculous/inexcusable low-hanging fruit on your network and then put the proper technologies and procedures in place ...
Continue Reading...If you're in to big-picture IT and information security stuff like, say, your career and focusing on what matters, here are some new bits I've written for TechTarget and Security Technology Executive magazine that you may be interested in:Five habits of highly-successful IT prosSocial networking strategies to further your IT careerFive ways to advance your Windows careerUnderstanding management gets your IT department what it needsRSA's look at the big pictureEnjoy! ...
Continue Reading...