Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going. This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences. I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference. Here are some highlights and insights ...
Maybe you like the idea of two-factor authentication, but the Google Authenticator smartphone app seems too cumbersome. Or maybe you are not a smartphone owner, because you don’t like the idea of a phone that can track your location to within a few feet, and keeps sharing all your personal data with the apps on your phone. So you own a flip phone ...
From Pinterest – file under Duh!
Saw this one in Wisconsin – didn’t know this needed to be explained
Again – isn’t this obvious?
And the Zen-like koan companion statement
And here is a sad statement about our educational system. ...
Continue Reading →
Google Authenticator is my favorite go-to app for setting up two-factor authentication. But what if you want to remove an account from Google Authenticator?
I set up two-factor authentication for Facebook and the Authenticator app did not work. So I tried again, and ended up with two accounts on the Authenticator list, neither of which worked. This pushed other working accounts down far enough ...
Continue Reading →Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →We have all received a fake tech support call from someone claiming to be a Microsoft employee. Now there is a new twist on the scam involving a fake screen pop-up and tech support fakers who claim to be from your Internet service provider. Google has an extensive collection of fake tech support pop-ups, these are all fake. Take a look.
We have reported on this issue several times in this blog. Like here and here and ...
Continue Reading →I saw this cartoon on an email from Cybrary, and thought it would be fun to use in my blog. I went to the creators’ website to check on the situation around acceptable use.
What I found was refreshing. Thanks guys.
Continue Reading →Use Policy
Please feel free to re-post, share, and otherwise use any of the Little Bobby comics in any ...
One of the easiest ways for an intruder to learn about you is through a compromised email account. And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic. Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.
You can set up secure email yourself ...
Continue Reading →
I very rarely will publish a news item or statistics, because we focus on discussing vulnerabilities, exploits, and countermeasures and leave the cyber news to others. This report is important enough I had to share it.
On June 14th the Internet Crime Complaint Center of the FBI reported loss numbers for businesses that succumbed to the “Business Email Compromise” scam. This scam works when an attacker is able to get ...
Continue Reading →
Two hundred and forty years ago a bunch of “terrorists” (one man’s terrorist is another man’s freedom fighter) signed the Declaration of Independence in Philadelphia, Pennsylvania, and declared the founding of a new nation “conceived in liberty, and dedicated to the proposition that all men are created equal.”
Not everybody in the colonies was in favor of the concept of independence. There were many British born citizens of the colonies who we ...
Continue Reading →