Need some last minute tech gifts for your favorite tech, geek, or nerd? Let me introduce you to The Grommet. They have the perfect gift for the person who wants to really know what the check engine light is really trying to tell him or her. The Automatic App Fueled Car Diagnostic is just the thing. Just plug it into the diagnostic link connector under the dash, and check the smartphone app for more detailed information. ...
Continue Reading →
Just received an email from WordFence, the WordPress security plugin-developer, that popular WordPress hosting company WPEngine had a breach that may have included customer user name and password information. The full text of the email I received follows.
Continue Reading →“We learned about an hour ago that there has been a data breach at WPEngine. Some of their customer login credentials have been exposed. ...
If you are involved in the management of a commercial bank, The Federal Financial Institutions Examination Council (FFIEC) has developed a Cybersecurity Assessment Tool that was released in June 2015. As a cybersecurity practitioner who provides security audits, compliance audits, vulnerability scans, and penetration tests, I was encouraged to see another example of a federal government agency getting serious about improving cybersecurity ...
The Tor Project released the beta of their new Messenger app. This messenging client is based on Mozilla’s Instantbird, and works with several popular messaging platforms, including Facebook Chat, Twitter, Google Talk, and Jabber.
The encryption piece is handled using Tor’s OTR Protocol (for Off-The Record), and requires that users exchange a secret key. This is available in Windows, Linus, and OSX versions from the Tor website.
For more information:
Continue Reading →
I was surprised to discover proof that my business is a target of cyber-criminals. After installing some security and reporting tools on my websites, I was alerted to the almost constant state of attack that they were under. And all I am doing is writing a cybersecurity blog. And you, dear reader, what of your business? There is a good chance that you are too, but simply don’t know it ...
My Facebook friend Jeff Wegge asked: “Security question Bob. Is the hotspot on my mobile verizon phone any more secure than public Wi-Fi?”
This is a most excellent question! Generally speaking, the mobile hotspot will be more secure for two reasons The first is that only you are likely to be using it, unless you explicitly shared the SSID (network name) and passphrase with someone else. The second reason ...
Continue Reading →
Classical computer and network security has relied on perimeter defense, in the form of firewalls, intrusion detection devices, and similar technologies for quite some time. This is usually coupled with some form of endpoint security, typically in the form of a security software package. We are finding that this no longer is working. The reasons are many, but the big one ...
I was recently interviewed by Carolyn Heinze for ChannelPro Network magazine on the subject of ransomware. Ransomware is back (if it ever really left) and there are strategies you can use to defeat it. If you do nothing, there will be nothing for you but to pay up.
On October 21st at the Cyber Security Summit in Boston, comments by Joseph Bonavolonta, Assistant Special Agent in Charge ...
Continue Reading →
This week we have focused on the people part of the security puzzle. As we know, people are the weakest link and the easiest point of access. But beating this point into your employees will not help them be better at computer and network security, and just make them feel hopeless and badgered.
Getting employee buy-in requires a little bit of strategy mixed in with a lot of fun.
On Monday we discussed the effect that living in a code yellow world has on creating security fatigue. Peter Herzog, in his blog Dark Matters expanded on this theme recently, giving examples of how teaching your employees how to stay secure in an insecure world may be counter-intuitive to the way we usually accomplish this.
Here are his recommendations: