- Authentication We Still Suck at Protecting Logon Credentials
Recent breaches at Lockheed Martin, Mt. Gox, PBS, and Sony PlayStation show we still fail at protecting credentials. Attackers compromise them via remote password guessing, SQL injection to retrieve...
- Malware 11 Recommendations for Coming Up to Speed on Bitcoin
Bitcoin's early rise as a peer-to-peer currency came with security risks that later became common, such as compromised computers mining coins and trojans built to steal wallets. The Silk Road...
- Malware 8 Practical Tips for Detecting a Website Compromise for Free
Detect website compromises using host intrusion detection tools like OSSEC, network IDS watching for anomalies, and centralized log review. Tactical measures include scanning for iframes and...
- Assessments Qualities of a Good Cybersecurity Assessment Report
However flawless the assessment itself is, your beneficiary judges it by the report. Use a strong executive summary, meaningful analysis, and decision-supporting structure to give the reader what...
- Incident Response Asymmetry of People's Time When Handling Major Security Incidents
Organizations without mature incident response programs overreact to breaches—calling all-hands meetings, micromanaging tasks, demanding night-and-day work—spending disproportionate time compared to...
- Deception Building Deception Into Your Security Architecture
Decoys add strategic asymmetry to your security architecture, strengthening your advantage against the attacker. Plant tripwires across network, identity, data, and AI agent configs for high fidelity...