Fighting Diversity With Diversity
How do you fight diversity with diversity? To answer that question, we need to understand the diversity we are fighting. Flying Kitten Fox Kitten Wizard Spider Stone Panda Mustang Panda (Not related to Mustang Sally) What do those have in common? These are all names of some APT (Advanced persistent threat) groups. You can check […]
Don’t Get Your Breaches in a Knot
A few years ago, I wrote a blog about why enterprises don’t care about the 10,000 worst passwords. The reason is simple. Not a single one of those passwords met typical length and complexity requirements. That means that an employee can use the same password everywhere and it probably isn’t their corporate password. If it […]
Business Center Insecurity – The Case for DRM
Right after your hotel thanks you for your business, let me than you for your business too. Right after the front desk person thanks you as you leave the airline lounge, I’ll thank you again. I’m not thanking you on behalf of the merchant, I’m thanking you for your data. OK, I’m not really doing […]
WAF or Gaffe: Comparing Cloud Web Application Firewalls
As a history buff, I was delighted when my manager asked me to write a blog about WAFs! Three thousand five hundred and seventy words later I was informed that “Women in the Airforce” (US) and Women’s Auxiliary Airforce (UK) weren’t the WAFs I was supposed to write about. My manager didn’t think my next […]
What Is SASE? Part One: Zero Trust
Before I go any further, I’ve got to walk the walk. To the right is my authentication; my business card. Conveniently my card has my phone number. You’ve got my name, employer, and phone number (MFA) so give me a call (not SMS) and let’s catch up for a beer or coffee while we share […]
If You’re Not Going To Take Privacy Seriously Neither Will I
If privacy ever did exist, it’s gone the way of the unicorn. Yes Victoria, unicorns once existed. Before proceeding, I’d like to give shout out to the multi-talented Bill Brenner who gave me the idea of mood music for a blog. With that in mind, how about listening to The Unicorn song and letting it […]
From Supply Chain to Kill Chain: Biometric Security
Before I proceed, for the pedants out there, yes, I know that the Greek Trojan Horse can be viewed as a supply chain attack involving a C-section on a wooden horse, but we’re talking cybersecurity here. OK? Supply chain attacks have been around for decades. However, reports of such attack wax and wane in the […]
The Supply Chain Looks Like A Bunny Rabbit With A Drum
Just in case you are not familiar with the Energizer Bunny take a quick look here to see the energetic bunny in action. The SolarWinds compromise has elevated already serious concerns about supply chain attacks (I’ll get to the bunny, bear with me), many people will breathe a sigh of relief because they don’t use […]
Biometric Legal Implications
Disclaimer: Neither SecureIQLab nor I are lawyers. Nothing in this blog should be construed as legal advice, which I understand costs a lot of money. Corporations increasingly collect and store biometric data, both of clients and employees. Biometric data is the details of your physical characteristics, for example your fingerprints, your voice patterns, or your […]
Inciting Supply Chain Attacks GoDaddy Style
GoDaddy took an axe and gave education 40 whacks. And when they saw what they had done, they gave their employees 41. Hanlon’s Razor states “never attribute to malice that which is adequately explained by stupidity”Occam’s Razor is widely stated as “the simplest explanation is usually the right one.” As a security veteran of […]