Cloud “shiny rocks” and your SOC
Original post for HPE Security Research Blog 5/4/2015 I love the cloud. What could be better than access to my data from a beach, my phone in Las Vegas, or just between work and home without the need for a massive laptop hard drive? What’s not to love? Until someone mentions cloud security and reality […]
Think like a bad guy: Know your environment
Original post for HPE Security Research Blog 7/29/2015 Security teams often lament the lack of support from IT or application owners in identifying critical assets. The logic statement goes something like this: if we don’t know what is important, we don’t know what to protect. This frustration is an example of the buzzword context. Without […]
If you build it, will it be the Security Operations Center (SOC) you need?
Original post for HPE Security Research Blog 9/1/2015 Growing up, my mom used to tell me, “You get the guy you think you deserve.” Luckily, I found one who is better than I deserve, but the same principle applies to many aspects of life. During a conversation at Black Hat, an insurance organization security manager […]
Geek Post Alert: LulzSec aka Hacker group of the month
I have been pretty quiet on the whole LulzSec fiasco. Mostly because I feel like the traffic cop shouting “Nothing to see here, move along…” This is the hacking group du jour. That’s it, nothing special. They claim they have done some things that should set them apart (did they really hack the CIA)? Here […]
Geek Post Alert: Security Info for Consumers
In the last couple of weeks several things have come out that directly apply to consumers. So I thought I would point out a few of them for your awareness. 1) iPhone iOS Update: A couple of weeks ago Apple released an update for your iPhones. One of the fixes is the location tracking item I […]
Geek Post Alert: GPS, Friend or Foe
A couple of interesting tidbits caught my attention in my weekly SANS newsletter (www.sans.org; SANSBites), so I thought I would bounce some thoughts around. The first item is the discovery that the version 4 operating system of the iPhone apparently stores GPS location information and downloads it to your computer iTunes. According to the blurb […]
Geek Post Alert! Epsilon Breach & RSA Follow-Up
Most of you have probably received at least one email from a company notifying you that your email address was stolen in the recent Epsilon breach. So far this is the most complete list I have found for the companies breached emails: 1-800-Flowers, AbeBooks, Air Miles, Ameriprise Financial, Barclays Bank, Beachbody, bebe Stores, Best Buy, […]
Geek Post Alert: Wi-Fi Squatting!
I really want to make sure content here is original and mildly entertaining (or interesting) but when I read this article I decided to include it here in its entirety (it isn’t very long – that affected the decision). 😉 This has likely applied to all of us at one time or another. I know folks who have […]
Geek Post Alert! RSA
I have held it in as long as I can. REALLY? RSA? REALLY? Of course, I don’t know the details, just an infosec geek reading along with everyone else, but this is huge. I am not an alarmist and do happen to agree with Stephen Northcutt that the breach is not a game-changer, in the […]