Future of malware – December 2022
“The future of malware” is a trigger for most of us in computer security. Most cyber professionals have an idea of what they think malware looks like in the next few years, but truly few of us write about it or document it in a formal way. In 2013, I presented on the “future of […]
Link checkers
The user experience is paramount to revisits. Dead links are frustrating for users, and reduces that “first” (or second!)_ impression. This article provides a few dead link checkers to validate a site’s internal and outbound links.
“Break glass” emergency privileged access
Break glass access is a required component of business recovery. It should only be used in emergency situations.
Link tracking – who clicked my link?
Looking to track who clicked your links, and when? This article will help!
Restricting outbound firewall rules in operational environments
Reconfiguring firewalls in operational environments potentially breaks things. This article helps to develop a plan for implementing change.
Domain search – how to avoid front runners
Have you every had that perfect domain name, searched online, found it was available… only to have it taken away in the couple of days it took you to decide to buy? Then this article is for you!
Coronavirus special report: Separating your Work and Personal identities
Whether working from home or working in an office, separating your “Work Identity” and “Personal Identity” remains very important, both for your protection and for the security of your company. Read this article for more information.
Privacy at the workplace
In today’s world of privacy, you might be surprised that your company is recording every one of your keystrokes. Keep your private information private.
Credential theft
This presentation will help you understand the risks, recognize when you have been compromised, and avoid credential theft
WordPress host hardening: password protect wp-login
This article explains adding an additional password to the wp-login.php file. Every user will have to enter a secondary password before retrieving wp-login.
Computer Security Incident Response (NIST SP800-61r2)
The NIST Computer Security Incident Handling Guide provides a framework for creating a company focused computer security incident response plan.
Help I’ve fallen and my identity has been stolen!
This short article will explore what you can do if your information is compromised, and give you advice even if it hasn’t (yet).
Phish for phun and profit
Phishing is a real problem, and that problem is only increasing in frequency. Phish attacks come in many different forms. Everyone is affected by phishing. Whether it be that a credit card number is stolen from your family member, or your friend gets their Facebook account hijacked, or you have your company web site blacklisted […]
Exploiting the SDLC
Attacking software is really attacking the software development process. The adversary is looking to take advantage of software defects before those defects are repaired. This paper explores the attack timeline.
Prevent content filtering from affecting your web site
Content filters categorize domains based on reputation. Many companies block domains based on those filters. This article will show you how to register your domains so that they are not inadvertently blocked.
Identity theft
Our online identity IS our identity. Someone masquerading as you is potentially a dangerous situation, but it is at least creepy. The problem is, as sure as everyone will pay taxes this year, we will all have our online identity compromised.What do you tell your colleagues who have had their identity stolen? What do you tell your family who have not *yet* had their identity stolen? What should they do? And what should they have done in order to reduce the vulnerability?This paper will give you ideas on preventing problems in online identity theft, and also provide guidance on how to fix a problem if it happens.
Zero day, 0day, ohday, oh my!
Hackers have a few things in their favor when it comes to getting into your network and stealing data. One of those things is the elusive zero day. When it comes to hacking, a zero day is an “exploitation against a publicly unknown vulnerability”. But hackers don’t need a zero day. They only need a […]
Computer security hardening – safeguarding your systems
Computer Security. Kind of scary, actually. With the likes of Target going down to hackers in late 2013, and a large attack on Home Depot in 2014, what can the rest of us do? If Home Depot can be compromised, how can I protect myself? The bad news — you are a target. Why though? Well, […]