- Malware A Delusive Sense of Security in Walled Gardens
Walled gardens like Facebook, corporate networks, and smartphone app stores encourage users to lower their guard, creating false security assumptions that scammers exploit. People click more readily...
- Authentication We Still Suck at Protecting Logon Credentials
Recent breaches at Lockheed Martin, Mt. Gox, PBS, and Sony PlayStation show we still fail at protecting credentials. Attackers compromise them via remote password guessing, SQL injection to retrieve...
- Malware 11 Recommendations for Coming Up to Speed on Bitcoin
Bitcoin represents a precursor to future distributed online payment approaches. Security implications include compromised computers being used for mining, trojans designed to steal Bitcoin wallets,...
- Malware 8 Practical Tips for Detecting a Website Compromise for Free
Detect website compromises using host intrusion detection tools like OSSEC, network IDS watching for anomalies, and centralized log review. Tactical measures include scanning for iframes and...
- Assessments 6 Qualities of a Good Information Security Assessment Report
Good security assessment reports start with strong executive summaries for non-technical readers, provide meaningful analysis beyond tool output, include supporting figures, describe methodology and...
- Incident Response Asymmetry of People's Time When Handling Major Security Incidents
Organizations without mature incident response programs overreact to breaches—calling all-hands meetings, micromanaging tasks, demanding night-and-day work—spending disproportionate time compared to...