Unless you’ve been living under a rock or have a life, you’ve heard more about Log4j2 than you might care to have. You’ve probably heard talk of Log4Shell, Log4j, exploits,…

Never say “passphrase” around a pedant. Peasants and pheasants are OK, but pedants will bring up the passphrase token attack, frequently overstate the threat, or flat out get it wrong.…

If there’s one thing I hate more than bad password advice it’s okra. But this is about cybersecurity, not culinary mayhem.Thanks to the added security multi-factor authentication (MFA) provides, passwords…

Previously I wrote about content disarm and reconstruction (CDR) with respect to steganography. Stego is really cool stuff, but demonstrating what CDR does with respect to documents makes things less…

In a previous blog, I discussed content disarm and reconstruction (CDR) at a high level. Today we’ll take a closer look at CDR with respect to steganography in images. Steganography…

I subscribe to the Consumer Protection Law360 newsletter. Although I can’t justify a subscription to the full content, the newsletters have interesting one-paragraph blubs. Recently one such paragraph caught my…

For years I have been asked by reporters about data breaches as they made the news. We “pundits” had pre-fabricated responses for everything. The story says that an IT administrator…

How do you fight diversity with diversity? To answer that question, we need to understand the diversity we are fighting.Flying KittenFox KittenWizard SpiderStone PandaMustang Panda (Not related to Mustang Sally)What…

A few years ago, I wrote a blog about why enterprises don’t care about the 10,000 worst passwords. The reason is simple. Not a single one of those passwords met…

Right after your hotel thanks you for your business, let me than you for your business too. Right after the front desk person thanks you as you leave the airline…