Categories
CyberSecurity Uncategorized

Nessus Vulnerability Meeting

Nessus is a great vulnerability scanner. I know very few really good security departments who don’t use it in some form. It’s output however can be a little bit… shall we say unwieldy? (Those who use it are either laughing or crying at that statement). Where I work, I’ve set up a weekly meeting where […]

Categories
CyberSecurity

App Privacy

I was going to write about something completely different today but sometimes life kicks you in one direction and you just have to keep going. Yesterday I was very excited to receive my new video lights! They do some pretty fantastic stuff including changing to millions of colors, building effects, light grouping I was so […]

Categories
CyberSecurity

The TSA and “security”

If you want an example of the worst security in the world, look no further than the TSA. This isn’t a statement out of spite or malice, they do actually have the worst security of any large organization I’ve ever seen. Consider if you will what the TSA is known for, securing airports. What kind […]

Categories
CyberSecurity

Global Awareness

Last week Belgium was hit with one of the largest DDOS attacks in history. It took down the Belgium government along with most of the rest of the country’s internet. Now, over a week later, the news has been strangely silent about it. The most likely culprit is the Chinese government. Belgium is the home […]

Categories
CyberSecurity Shell Scripting Uncategorized

Securing your script

Figuring out how to secure your shell script can be difficult. One of the great advantages to using a language such as PHP is some of the security items are already built into the functions you use. Many people believe this makes PHP more secure; however the same amount of security can be achieved with […]

Categories
CyberSecurity

What is DevOps/DevSecOps (or more to the point, what it is not)

I recently had a conversation with a CISO at a major automobile manufacturing company who uses a DevSecOps strategy and so I started inquiring about it. What I discovered was a definition of DevOps which was terribly unsecure. I later asked around and I discovered this was not a single case, most companies who claim […]

Categories
CyberSecurity

Your Password Complexity rules don’t work.

This sounds very strange. Security professionals and users alike are told we need to set up very complex passwords to protect our systems. This has been engrained in us so deeply we rely on it to protect all our most precious information. Current password complexity, however, is completely broken and our reliance on it is […]