Today is the 17th anniversary of the first SysAdmin Day. If you know a SysAdmin, who would be the person you call when your computer is on the fritz, today is the day to buy them a Hallmark card, New Egg gift card, Star Wars poster or paraphernalia, or a Raspberry Pi. I am sure the electronic or the edible variety would both be enthusiastically received.
So give your computer tech ...
Continue Reading →
Having just discussed phishing on Monday, it makes sense to cover the social engineering practice called “baiting” today. Typically, this involves an attacker leaving removable media such as a USB flash drive or SD Media card lying around in a public location. The exploit depends entirely on the principle of “finders-keepers.” People pick these drives up, and plug them into the first computer ...
We continue to hear from security researchers and professionals that an astonishing 95% of all exploits begin with someone opening an attachment or clicking a link on a phishing email. I have a client where two different employees opened the attachment on an email from “FedEx” and became infected with crypto-malware. These incidents happened nearly a week apart, and you think that the ...
I discovered a while ago that my LG smart phone can be used fairly easily to make a surreptitious video of a meeting simply by turning on the video camera and slipping the phone into a shirt pocket. The camera lens clears the edge of the pocket nicely, and there is no indication, at least on my phone, the the camera is rolling. This is a great way to keep a record ...
Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going. This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences. I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference. Here are some highlights and ...
Maybe you like the idea of two-factor authentication, but the Google Authenticator smartphone app seems too cumbersome. Or maybe you are not a smartphone owner, because you don’t like the idea of a phone that can track your location to within a few feet, and keeps sharing all your personal data with the apps on your phone. So you own a flip phone ...
From Pinterest – file under Duh!
Saw this one in Wisconsin – didn’t know this needed to be explained
Again – isn’t this obvious?
And the Zen-like koan companion statement
And here is a sad statement about our educational system. ...
Continue Reading →
Google Authenticator is my favorite go-to app for setting up two-factor authentication. But what if you want to remove an account from Google Authenticator?
I set up two-factor authentication for Facebook and the Authenticator app did not work. So I tried again, and ended up with two accounts on the Authenticator list, neither of which worked. This pushed other working accounts down far enough ...
Continue Reading →Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →