Wipe the Drive – Shmoocon 2013

At Shmoocon 2013, Jake Williams and Mark Baggett presented a talk on techniques for malware persistence. We all know the correct course of action with an infected computer is to wipe it and start over.  But when it comes down to it, we ignore that advice and attempt to recover.   The reasons for this are many.   The …

Continue reading ‘Wipe the Drive – Shmoocon 2013’ »

Websense’s Operation SpearPhish

Today I received an email from Websense that asked “how good are you at caching a “phish”.   It was promoting their email security products and had a link to “take the Operation Spear Phish Challenge”. As I clicked on the link I realized that I had just failed. Fortunately, the link actually was for a “spot the …

Continue reading ‘Websense’s Operation SpearPhish’ »

File Attachments, Security Awareness and Sophos

“We’ve done a pretty good job about teaching people not to open executable attachments in their email”, claims Sophos’ Chet Wisniewski in a recent YouTube video educating users about the dangers of PDF files. I nearly fell out my chair.   I took that as a general statement about Information Security and users.   While it may be …

Continue reading ‘File Attachments, Security Awareness and Sophos’ »

Yet Another Aitel Security Awareness Response

Users will click yes to anything, just so they can do what they want.   So it is easy to socially engineer them into saying yes to any prompt, oblivious that they are allowing malicious code to run.  As a result, security awareness training starts to feel like the fun police.   “Don’t run with scissors!”   “Don’t …

Continue reading ‘Yet Another Aitel Security Awareness Response’ »

The Doggie Door of Information Security

Police have warned Los Angeles residences of an increase in reports of thieves breaking into a home through doggie doors. Doggie doors are a hole cut in a door or wall to allow pets unrestricted ingress/egress. picture used under creative commons Pet/Dog doors for larger pets can be big enough for a person to climb …

Continue reading ‘The Doggie Door of Information Security’ »

CyberSecurity Awareness Month

October is designated Nation CyberSecurity Awareness Month by the National CyberSecurity Alliance and the Department of Homeland Security.  This month, I will be focusing on awareness topics.   Non-security people aren’t aware of the risks inherent in their computer use .  Campaigns like this seek to adjust perceptions of risk and remove the “it couldn’t happen …

Continue reading ‘CyberSecurity Awareness Month’ »

Lifelock and Menard

Radio hosts reading commercials often try to sound live and ad libbed (a “live read”) when doing commercials.   Its one thing when discusing how great Snapple is, its another thing when discussing a technical topic.   I wonder if these live reads are approved by legal. Today I heard a radio show advertising lifelock which used …

Continue reading ‘Lifelock and Menard’ »