Planet of the APIs
Yeah, sure I had fun making the Planet of the Apes pun, but this really is the planet of the APIs (application programming interfaces). Want to travel around the earth? You’ll go online to book your trip, and in doing so you’ll be using software that uses APIs. OK, you could call to book your […]
Putting Firewalls to the Test
The next generation firewall (NGFW) was invented by a gentleman named Jean-Luc Picard on September 28, 1987, but it would be several years before terrestrial bound enterprises (no pun intended) would adopt the technology. But before we dive into the topic of testing let’s take a look at Palo Alto Networks’ Theory of firewall evolution. […]
The Case Against Default Libraries
Windows has a sort of handy feature, but nobody has ever found it. Well, yeah, this one is ubiquitous. The “libraries.” Simple enough, a link to default folders for documents, pictures, etc. The helpful little feature is designed to minimize the amount of navigation required to open and/or save different types of files in easy […]
Vulnerabilities, Exploits, and Payloads
Unless you’ve been living under a rock or have a life, you’ve heard more about Log4j2 than you might care to have. You’ve probably heard talk of Log4Shell, Log4j, exploits, vulnerabilities, CVE-2021-44228, and countless Christmas songs this month. Why did I write exploits and vulnerabilities in bold and underline them? Don’t recall, I have a […]
Passphrases and the Passphrase Token Attack
Never say “passphrase” around a pedant. Peasants and pheasants are OK, but pedants will bring up the passphrase token attack, frequently overstate the threat, or flat out get it wrong. It isn’t that these pedants can’t do math, it’s just that it didn’t occur to them to do the math. Let’s start with some definitions […]
Must Have Uppercase, Lowercase, and Basket case.
If there’s one thing I hate more than bad password advice it’s okra. But this is about cybersecurity, not culinary mayhem. Thanks to the added security multi-factor authentication (MFA) provides, passwords have been given a new lease on life. Since passwords are going nowhere soon, let’s take the agony out of password creation and use. […]
Content Disarm and Reconstruction: Eh, What’s Up Docx?
Previously I wrote about content disarm and reconstruction (CDR) with respect to steganography. Stego is really cool stuff, but demonstrating what CDR does with respect to documents makes things less abstract. You can actually see what I am talking about. Like LibreOffice, OpenOffice, and a couple dozen other productivity applications, Microsoft Office documents use the […]
Content Disarm and Reconstruction: Don’t Let A Drunk Dinosaur Smoke Your Enterprise
In a previous blog, I discussed content disarm and reconstruction (CDR) at a high level. Today we’ll take a closer look at CDR with respect to steganography in images. Steganography is the art of hiding information in plain sight. Stealth is nothing new to cybercriminals, in fact back in 1986 the first PC virus, Brain, […]
Kaseya, Maersk, and Microsoft: Do You Do Due Diligence?
I subscribe to the Consumer Protection Law360 newsletter. Although I can’t justify a subscription to the full content, the newsletters have interesting one-paragraph blubs. Recently one such paragraph caught my eye and reads as follows: Kaseya Ransomware Hit Casts Wide Net Of Potential Liability A cyberattack on software vendor Kaseya that led to a widespread […]
Content Disarm and Reconstruct
For years I have been asked by reporters about data breaches as they made the news. We “pundits” had pre-fabricated responses for everything. The story says that an IT administrator had misconfigured a system. The pundit opens up the toolbox, takes a look, and tells the reporter that the solution is to get more sleep […]