Category: Computer security

  • Future of malware – December 2022

    Future of malware – December 2022

    “The future of malware” is a trigger for most of us in computer security. Most cyber professionals have an idea of what they think malware looks like in the next few years, but truly few of us write about it or document it in a formal way. In 2013, I presented on the “future of […]

  • Link checkers

    Link checkers

    The user experience is paramount to revisits. Dead links are frustrating for users, and reduces that “first” (or second!)_ impression. This article provides a few dead link checkers to validate a site’s internal and outbound links.

  • “Break glass” emergency privileged access

    “Break glass” emergency privileged access

    Break glass access is a required component of business recovery. It should only be used in emergency situations.

  • Link tracking – who clicked my link?

    Link tracking – who clicked my link?

    Looking to track who clicked your links, and when? This article will help!

  • Restricting outbound firewall rules in operational environments

    Restricting outbound firewall rules in operational environments

    Reconfiguring firewalls in operational environments potentially breaks things. This article helps to develop a plan for implementing change.

  • Domain search – how to avoid front runners

    Domain search – how to avoid front runners

    Have you every had that perfect domain name, searched online, found it was available… only to have it taken away in the couple of days it took you to decide to buy? Then this article is for you!

  • Coronavirus special report: Separating your Work and Personal identities

    Coronavirus special report: Separating your Work and Personal identities

    Whether working from home or working in an office, separating your “Work Identity” and “Personal Identity” remains very important, both for your protection and for the security of your company. Read this article for more information.

  • The first rule of security: “Be aware”

    The first rule of security: “Be aware”

    The COVID19 Coronavirus situation has affected our families, our homes, and our work environments. w can you protect yourself? The same methods you use to keep you safe “in real life” will also keep you safe in the digital world …

  • Vishing-don’t be a victim

    Vishing-don’t be a victim

    The vish: Vishing and social engineering are nefarious confidence scams that pretend to be helping you. This article will help you avoid being a victim.

  • Privacy at the workplace

    Privacy at the workplace

    In today’s world of privacy, you might be surprised that your company is recording every one of your keystrokes. Keep your private information private.

  • Credential theft

    Credential theft

    This presentation will help you understand the risks, recognize when you have been compromised, and avoid credential theft

  • Computer Security Incident Response (NIST SP800-61r2)

    Computer Security Incident Response (NIST SP800-61r2)

    The NIST Computer Security Incident Handling Guide provides a framework for creating a company focused computer security incident response plan.

  • Help I’ve fallen and my identity has been stolen!

    Help I’ve fallen and my identity has been stolen!

    This short article will explore what you can do if your information is compromised, and give you advice even if it hasn’t (yet).

  • Phish for phun and profit

    Phish for phun and profit

    Phishing is a real problem, and that problem is only increasing in frequency. Phish attacks come in many different forms. Everyone is affected by phishing. Whether it be that a credit card number is stolen from your family member, or your friend gets their Facebook account hijacked, or you have your company web site blacklisted […]

  • Exploiting the SDLC

    Exploiting the SDLC

    Attacking software is really attacking the software development process. The adversary is looking to take advantage of software defects before those defects are repaired. This paper explores the attack timeline.

  • Prevent content filtering from affecting your web site

    Prevent content filtering from affecting your web site

    Content filters categorize domains based on reputation. Many companies block domains based on those filters. This article will show you how to register your domains so that they are not inadvertently blocked.

  • Identity theft

    Identity theft

    Our online identity IS our identity. Someone masquerading as you is potentially a dangerous situation, but it is at least creepy. The problem is, as sure as everyone will pay taxes this year, we will all have our online identity compromised.What do you tell your colleagues who have had their identity stolen? What do you tell your family who have not *yet* had their identity stolen? What should they do? And what should they have done in order to reduce the vulnerability?This paper will give you ideas on preventing problems in online identity theft, and also provide guidance on how to fix a problem if it happens.

  • Zero day, 0day, ohday, oh my!

    Zero day, 0day, ohday, oh my!

    Hackers have a few things in their favor when it comes to getting into your network and stealing data.  One of those things is the elusive zero day.   When it comes to hacking, a zero day is an “exploitation against a publicly unknown vulnerability”. But hackers don’t need a zero day.  They only need a […]

  • Computer security hardening – safeguarding your systems

    Computer security hardening – safeguarding your systems

    Computer Security.  Kind of scary, actually.  With the likes of Target going down to hackers in late 2013, and a large attack on Home Depot in 2014, what can the rest of us do?  If Home Depot can be compromised, how can I protect myself? The bad news — you are a target.  Why though?  Well, […]