Not all of my content can be found on blogs, podcasts and other linked sites. Here are selected appearances from around the web.
Security perspectives, posts and articles for Dell
- Drone Hacking and Information Security referencing Die Hard 2 and then-recent news that Iran claimed to have downed a US drone safely by redirecting the GPS to land in their territory.
- Home Improvement and Information Security comparing home improvement shows to improving organizations’ security programs, and the folly of trying to do what everyone else does (“best practice”).
- Technology Products and Implementation: A Short Historical Perspective is a tongue-in-cheek treatment of the way too many vendors and buyers work in our industry, using the technology of fire as an analog.
- SCADA Vulns and Exploits Published gives technical information on the then-recently released information about a wealth of issues found in equipment that control industrial controls systems that control much of the power generation, transmission and distribution, as well as other critical infrastructure.
- PCI Guidance on Virtualization and Cloud walks through then-recent clarification and guidance the Payment Card Industry Council gave for complying with the Data Security Standard when using virtualization technology and cloud service providers.
- Are Your Browser CAs Considered Critical Vendors shines the light on the often overlooked trust relationships that could – and have – been exploited to gain access to information, such as by nation-states and government agencies.
- Securely Deleting Data gives information and tools to help organizations and individuals ensure their information is erased when disposing of hard drives, USB sticks, and other data storage media.
- Spam and the Changing Business Model of Cyber Crime uses a Freakonomics article to dissect new business models used by criminals, using more targeted email attacks as the market of victims and consumers change.
- CIA Confirms Cyber Attack Caused Multi-City Power Outage references Die Hard 4: Live Free and Die Hard as well as the original Die Hard movie (can you tell I’m a fan of John McClaine?) and discusses many different incidents where malicious attackers supposedly have disrupted power and other critical services.
- How to Prevent HIPAA Violations is a set of tips and advice, rather than the canonical guide.
Security articles on Infosec Island
- Firewalls and Anti-Virus Aren’t Dead – Should they be? looks at the role firewalls and anti-virus play in the protection of information and computer systems and whether or not they are needed today or are merely historical legacy.
- What Infosec can Learn from Enron compares the role of auditors and stakeholders at Enron to that of Infosec, specifically pointing out that a passed audit doesn’t mean you are secure.
- Cybercrime Does(n’t?) Pay examines whether or not cyber crime is as lucrative as it is painted in the media, as well as who wins and loses.
- New Study Published on Mobile Malware looks at the then-recently begun Mobile Android Genome Project which attempts to identify mobile malware lineages.
- On the Recent Blizzard and Diablo 3 Account Compromises looks at account safety and security, how account holders can protect themselves, and how organizations can protect their acount holders.
Videos and presentations
- Economics of Security and Cyber Crime is a fun presentation on some of the fundamental laws of economics and human behavior and how they affect our ability to influence cyber crime and improve our security.
- GTFO FTW: Hacking Your Lifestyle for Fun and Profit is the presentation that ties into the GTFOutcast podcast and blog.
- Interview: FOSE/GovSec 2010 is a short interview about security.
- Concur Travel and Expense Mobile Application – Password Disclosure Vulnerability
- Audible Mobile Application – Password Disclosure Vulnerability
- Bambuser Mobile Application – Password Disclosure Vulnerability
- Ustream Mobile Application – Password Disclosure Vulnerability