When I am investigating an email exploit, I will take a look at the email headers. Email headers in an email are a lot like the html code in a web site. This is information that the machines that create, send, and receive the email use for routing, and for providing other information about the message. As a human, we do not see the headers unless we specifically look for them, ...
NIST (National Institute for Standards and Technology) released Special Publication 800-53 version 4 recently, and it covers the shortcomings in privacy and security in the national power grid, water control systems, dams, oil and gas utilities and similar computer controlled systems. There are no coherent or enforceable standards for Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems ...
Last year we took a look at the emerging changes to password policy that were coming from NIST. The final document is out, and the changes we looked at last year have pretty much made it into the final draft.
One of the sacred cows that was skewered was the “complexity requirement.” This is the requirement to use upper and ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Robots can crack safes faster than humans — and differently. We’re going to have to start thinking about robot adversaries as we design our security systems. From Wired via Schneier.
https://www.wired.com/story/watch-robot-crack-safe/
Over the past month, the Wordfence team has been tracking a ...
Continue Reading →
The SANS institute released the results of a new survey recently, and found that cybersecurity professionals ranked phishing as the number one exploit this year. Phishing awareness training programs were seen by many as the best defense against phishing, spearphishing and whaling exploits. Something that was new this year was the reporting of so-called “malware-less” exploits that use “the built-in features of the operating system to turn it against itself without ...
One of the tactics that I am seeing more often is the clever use of web address spoofing in the web sites and landing pages used in phishing emails. This sort of spoofing has been used successfully even against people who have been training to detect phishing emails, and to check link destinations (using the hover trick) and double check web addresses in the browser address bar.
Here are some techniques ...
Continue Reading →A quick Saturday digest of cybersecurity news articles from other sources.
08/02/2017 10:08 PM EDT Original release date: August 02, 2017
The Internet Crime Complaint Center (IC3) has released an alert warning consumers of music gift card scams. This type of scam targets victims, gains their confidence, and tricks them into providing gift card information.
To stay safer online, review the IC3 alert on ...
Continue Reading →Most of us have been using web addresses for years without really understanding how they work. Today we are going to try to demystify the web address for you. Web addresses are basically “rented” for a period of time from a Domain Name Registrar, and are part of the Domain Name System (DNS). DNS changes the easy alphanumeric domain names we use into numerical IP addresses that computers and web ...
I was recently introduced to a personal cybersecurity service called Rubica. If you are looking for a company that can provide you and your family or your small business with the kind of cybersecurity operations that are available to larger companies, this may be for you.
A bad day for me starts with a client calling to say, “I was hacked,” or to hear that they have fallen ...
Continue Reading →