At Shmoocon 2013, Jake Williams and Mark Baggett presented a talk on techniques for malware persistence. We all know the correct course of action with an infected computer is to wipe it and start over. But when it comes down to it, we ignore that advice and attempt to recover. The reasons for this are many. The …
People often think they don’t need to worry about security because they have nothing of value to an attacker. In October Brian Krebs posted an updated chart on the value of a hacked computer. The Indian is reported to have used every part of the buffalo, letting none of it go to waste. While not …
Today I received an email from Websense that asked “how good are you at caching a “phish”. It was promoting their email security products and had a link to “take the Operation Spear Phish Challenge”. As I clicked on the link I realized that I had just failed. Fortunately, the link actually was for a “spot the …
“We’ve done a pretty good job about teaching people not to open executable attachments in their email”, claims Sophos’ Chet Wisniewski in a recent YouTube video educating users about the dangers of PDF files. I nearly fell out my chair. I took that as a general statement about Information Security and users. While it may be …
Continue reading ‘File Attachments, Security Awareness and Sophos’ »
Users will click yes to anything, just so they can do what they want. So it is easy to socially engineer them into saying yes to any prompt, oblivious that they are allowing malicious code to run. As a result, security awareness training starts to feel like the fun police. “Don’t run with scissors!” “Don’t …
Continue reading ‘Yet Another Aitel Security Awareness Response’ »
SANS’ Securing the Human has a special deal for small and midsize business (up to 750 users). Through July 15th you can get their Security Awareness training for 3k. More info at http://bit.ly/LJbotq
Police have warned Los Angeles residences of an increase in reports of thieves breaking into a home through doggie doors. Doggie doors are a hole cut in a door or wall to allow pets unrestricted ingress/egress. picture used under creative commons Pet/Dog doors for larger pets can be big enough for a person to climb …
Continue reading ‘The Doggie Door of Information Security’ »
Hilarious video from F-Secure. I’ve got people emailing their credit card numbers clear text. Perhaps this might get the message across.
October is designated Nation CyberSecurity Awareness Month by the National CyberSecurity Alliance and the Department of Homeland Security. This month, I will be focusing on awareness topics. Non-security people aren’t aware of the risks inherent in their computer use . Campaigns like this seek to adjust perceptions of risk and remove the “it couldn’t happen …
Radio hosts reading commercials often try to sound live and ad libbed (a “live read”) when doing commercials. Its one thing when discusing how great Snapple is, its another thing when discussing a technical topic. I wonder if these live reads are approved by legal. Today I heard a radio show advertising lifelock which used …