Notes from the Cyber Security Summit 2016

cyber-security-summit-2016A couple of weeks ago I attended the Minneapolis Cyber Security Summit 2016 at the J.W. Marriot Hotel in Bloomington Minnesota.  There were two days of presentations on cybersecurity issues, and here are a few of the takeaways for small and medium sized business owners.

  • There are 28 million small businesses in the United States.  The Small Business Administration classifies a business with fewer than 500 employees as a small business.
  • Small businesses account ...
Continue Reading →
0

What is The Dark Web?

dark-web-1When I am doing a cybersecurity presentation, someone is bound to ask about the Dark Web.  What is it, exactly, and how does someone get there?  The how part we discussed on Friday.  Linux Tails is a great tool for accessing and browsing the Dark Web, should you be so inclined.  Before we delve into the Dark Web, let’s talk about the different parts of the web.

  • The Clear Web – This ...
Continue Reading →
0

Use Linux Tails for Privacy

Linux-TailsYou don’t need to be a journalist, freedom fighter, or living under an oppressive political regime to have the desire for some online privacy.  Maybe you are trying to put the contents of your life back into the Pandora’s box you opened when you signed up on Facebook.  Maybe you would like a little privacy in your online life.

Linux Tails is an ...

Continue Reading →
0

Mobile Security Tips

smartphone-securityAs we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important.  Smartphones, tablets, wearable tech,  and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off.  When these devices are stolen, you lose much more than the hardware.  Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile ...

Continue Reading →
0

NIST Nixes TFA Via SMS

NISTHoly acronyms Batman!  What the heck does this headline mean?  Well, the National Institute for Standards and Technology (NIST) has removed two-factor authentication (TFA) via short-messaging service (SMS) from the approved list of two-factor authentication methods.  The reason is that SMS is an unencrypted service, and the lack of encryption makes it too insecure for use in Federal authentication systems.  NIST is recommending that all companies ...

Continue Reading →
0

Which Is Better – SMS or App-based TFA?

google-authenticatorI am a firm believer in, and user of two-factor authentication (TFA or 2FA).  Heck, if there was three-factor authentication I would probably sign up.  The two most popular authenticator apps are Authy and Google Authenticator.  I primarily use Google Authenticator wherever I can.  I use SMS when Authenticator isn’t an option, or won’t work.  I had trouble, for instance, getting Facebook to work and ...

Continue Reading →
0

Prepare and Prevent Ransomware Attacks

cryptolockerThis week we will be focusing on preventing, detecting, and recovering from the many variants of the crypto-ransomware exploit.  Ransomware attacks, such as CryptoLocker, CyrptoWall, Locky, Chimera, Zepto, and the like, have become one of the best money-making exploits for cyber-criminals, with new variants appearing on the scene every month.  These attacks usually start with a phishing email and a ZIP file attachment or a malicious link, so email vigilance can help. ...

Continue Reading →
0

HTTPoxy Poses New Threats For Web Site Owners

A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy.  This stands for HTTP requests and poisoned proxy settings.  Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.

HTTPoxy Continue Reading →

0

Cybersecurity – Where Are We?

cybersecurity_436x270Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going.  This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences.  I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference.  Here are some highlights and insights ...

Continue Reading →
0

Personal Privacy Through Email Encryption

encrypted-emailOne of the easiest ways for an intruder to learn about you is through a compromised email account.  And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic.  Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.

You can set up secure email yourself using ...

Continue Reading →
0
Page 2 of 4 1234