While some people tend to focus on the technical aspect of infosec, I often hammer on social engineering.  People are the weakest link in any security policy.  I can write an ACL for a router interface and the router doesn’t have a choice but to follow my instructions.  One can force an employee to sign [...]

https://twitter.com/ScreamingByte/status/218472596180709376   Via Marcus Evans Conferences: Key conference speakers Ira “Gus” Hunt Chief Technology Officer, Central Intelligence Agency Kenneth Brodie Chief Information Security Officer, US Air Force Dr. Ronald Ross Chief Computer Scientist and Info Security Researcher, National Institute for Standards and Technology (NIST) Dawn Meyerriecks Assistant Director of National Intelligence for Acquisition, Technology and [...]

I’m going to write a word and I want you to think of the first word that comes to mind.  Ready?  “Virus.”  Well, if you’re like me, the first word that came to mind was “lolpwned” (ok so it isn’t really a word), but for most people the first word that probably comes to mind [...]

https://twitter.com/SANSInstitute/status/214879344106016768   SANS released a poster with a vast collection of malware discovery processes and steps.  For those of you who are not aware, the SANS Institute is only the most trusted world-wide authority on Information Security and training.  They have a poster which you can see here in a direct link to a .PDF [...]

Hacking isn’t magic but to many people it may seem like it.  Sure, we often see Hollywood portray hackers as being able to guess a password in less than three tries, but that really isn’t how it’s done.  Actually, I have yet to see any kind of accurate portrayal of hacking anywhere outside of.. well.. [...]

I’m normally the first person to cheer on federal agencies and while I do applaud the FBI’s recent sting of some very nasty black hats involved in selling credit cards and other information online, I can’t help but look the cold hard facts in the eye. The FBI announced that it recently wrapped up an [...]

One of the most frustrating (and probably most frequent) issues that confront security specialists is the problem of entities wanting to have cake and eat it too.  Companies and individuals often want their information secured but don’t want to have to pay the price.  Unfortunately, virtually every security implement is going to have some kind [...]

Recently, I have had a ton of phishing attempts sent to one of my email accounts.  They’re quite obvious, because they’re not targeting me correctly.  First of all, I don’t play World of Warcraft, and if I did, I would probably nerd rage and quit after seeing the “Mists of Pandaria” expansion announcement (I did [...]