Wanna Get Away – Generals Password

I see this was posted 3 months ago to Youtube, but its new to me.   This being blogging, lets over-analyze. The General’s password is ihatemyjob1. Not a bad password.  Using a passphrase is easy to remember.  Easy to type. No doubt he should have capitalized the “I”.  Most systems can handle spaces, which would …

Continue reading ‘Wanna Get Away – Generals Password’ »

Websense’s Operation SpearPhish

Today I received an email from Websense that asked “how good are you at caching a “phish”.   It was promoting their email security products and had a link to “take the Operation Spear Phish Challenge”. As I clicked on the link I realized that I had just failed. Fortunately, the link actually was for a “spot the …

Continue reading ‘Websense’s Operation SpearPhish’ »

File Attachments, Security Awareness and Sophos

“We’ve done a pretty good job about teaching people not to open executable attachments in their email”, claims Sophos’ Chet Wisniewski in a recent YouTube video educating users about the dangers of PDF files. I nearly fell out my chair.   I took that as a general statement about Information Security and users.   While it may be …

Continue reading ‘File Attachments, Security Awareness and Sophos’ »

Yet Another Aitel Security Awareness Response

Users will click yes to anything, just so they can do what they want.   So it is easy to socially engineer them into saying yes to any prompt, oblivious that they are allowing malicious code to run.  As a result, security awareness training starts to feel like the fun police.   “Don’t run with scissors!”   “Don’t …

Continue reading ‘Yet Another Aitel Security Awareness Response’ »

CyberSecurity Awareness Month

October is designated Nation CyberSecurity Awareness Month by the National CyberSecurity Alliance and the Department of Homeland Security.  This month, I will be focusing on awareness topics.   Non-security people aren’t aware of the risks inherent in their computer use .  Campaigns like this seek to adjust perceptions of risk and remove the “it couldn’t happen …

Continue reading ‘CyberSecurity Awareness Month’ »