For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security, Privacy

[Podcast] Dr. Tyrone Grandison on Data, Privacy and Security

Dr. Tyrone Grandison has done it all. He is an author, professor, mentor, board member, and a former White House Presidential Innovation Fellow. He has held various positions in the C-Suite, including his most recent role as Chief Information Officer at the Institute of Health Metrics and Evaluation, an independent health research center that provides metrics on the world’s most important health problems. In our interview, Tyrone shares what it’s like to lead a team…
Data Security

[Podcast] When Hackers Behave Like Ghosts

We’re a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! It’s hard to recreate and retrace an attacker’s steps when there are no fingerprints or evidence of forced entry. Let’s start with your boarding pass. Before you toss it, make sure you shred it, especially the barcode. It can reveal your frequent flyer number, your name, and other…
Data Security

Finding EU Personal Data With Regular Expressions (Regexes)

If there is one very important but under-appreciated point to make about complying with tough data security regulations such as the General Data Protection Regulation (GDPR), it’s the importance of finding and classifying the personally identifiable information, or personal data as it’s referred to in the EU. Discovering where personal data is located in file systems and the permissions used to protect it should be the first step in any action plan. You don’t have to…
Data Security

What You Can Learn About How to Secure an API from the FCC

Every day thousands of phishing emails are sent to unsuspecting people who are tricked into handing over their credentials for online services or directly bilked out of their money. Phishers go to great lengths to lean on the credibility of the organizations they’re impersonating. So what could be better than the ability to post a document onto an actual official website? Recently, it came to light that as part of the FCC’s public commenting system…
Data Security

[Podcast] Security Doesn’t Take a Vacation

Do you keep holiday photos away from social media when you’re on vacation? Security pros advise that it’s one way to reduce your security risk. Yes, the idea of an attacker mapping out a route to steal items from your home sound ambitious. However, we’ve seen actual examples of a phishing attack as well as theft occur. Alternatively, the panelists point out that this perspective depends on how vulnerable you might be. If attackers need…
Data Security, Privacy

[Podcast] Phishing Researcher Zinaida Benenson, Transcript

I’m always reluctant to make a direct shameless plea to read our IOS content. But you must read the following transcript of my recent interview with Dr. Zinaida Benenson, a German security researcher. Last year she presented at Black Hat the results of a nicely designed experiment to measure the susceptibility of college students to phish mail. Let’s just say the students could use some extra tutoring when it comes to the dangers of the…
Customer Success

University Secures Sensitive Student Data with Varonis

When hackers successfully breached a nearby university, the IT staff at Loyola University Maryland knew they had to act fast to secure their own environment. Academic institutions are prime targets for cyber criminals. A large university often has sensitive personal identifiable information (PII) and protected health information (PHI) on tens of thousands of students. During a Varonis risk assessment, Loyola gained visibility into the information housed on their network. They discovered large amounts of PII…
Data Security

[Podcast] The Security of Visually Impaired Self-Driving Cars

How long does it take you to tell the difference between fried chicken or poodle? What about a blueberry muffin or Chihuahua? When presented with these photos, it requires a closer look to differentiate the differences. It turns out that self-driving car cameras have the same problem. Recently security researchers were able to confuse self-driving car cameras by adhering small stickers to a standard stop sign. What did the cameras see instead? A 45 mph…
Data Security, Privacy

[Podcast] Dr. Zinaida Benenson and Secondary Defenses

Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the “Human Factors in Security and Privacy” group. She and her colleagues conducted a fascinating study into our spam clicking habits. Those of you who attended Black Hat last year may have heard her presentation on How to Make People Click on a Dangerous Link Despite their Security Awareness. In the second part of our interview, Benenson tells us that phishing…
IT Pros

Practical PowerShell for IT Security, Part V: Security Scripting Platform ...

A few months ago, I began a mission to prove that PowerShell can be used as a security monitoring tool. I left off with this post, which had PowerShell code to collect file system events, perform some basic analysis, and then present the results in graphical format. My Security Scripting Platform (SSP) may not be a minimally viable product, but it was, I think, useful as simple monitoring tool for a single file directory. After…
Data Security

[Podcast] Deleting a File Is More than Placing It into the Trash

When we delete a file, our computer’s user interface makes the file disappear as if it is just a simple drag and drop. The reality is that the file is still in your hard drive. In this episode of the Inside Out Security Show, our panelists elaborate on the complexities of deleting a file, the lengths IT pros go through to obliterate a file, and surprising places your files might reside. Kris Keyser explains, “When…
Privacy

[Podcast] Dr. Zinaida Benenson and the Human Urge to Click

Dr. Zinaida Benenson is a researcher at the University of Erlangen-Nuremberg, where she heads the “Human Factors in Security and Privacy” group. She and her colleagues conducted a fascinating study into our spam clicking habits. Those of you who attended Black Hat last year may have heard her presentation on How to Make People Click on a Dangerous Link Despite their Security Awareness. As we’ve already pointed on the IOS blog, phishing is a topic…