For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security
Internet Security Basics - How to Protect Yourself Online

Internet Security Basics: How to Protect Yourself Online

It’s the holidays, which means one thing if you’re in IT: dealing with eggnog related support tickets. It’s hard to get excited about a small holiday light display that comes around once a year when you spend weeks at a time in a large frosty room, sporting thousands of machines with dozens of flashing leds each. Well, Varonis has got you this year. We’ve developed a security course designed specifically for you to give to…
Data Security

[Podcast] Password Expert Per Thorsheim on Biometrics and Keystroke Dynamic...

Based in Norway, Per Thorsheim is an independent security adviser for governments as well as organizations worldwide. He is also the founder of PasswordsCon.org, an annual conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference invites security professionals & academic researchers to better understand and improve security. In part one of our discussion with Per, we examined two well-known forms of authentication – passwords and hardware.  In this segment, he talks about a lesser…
Data Security, IT Pros

New Mirai Attacks, But It’s Still About Passwords

Last week, Mirai-like wormware made the news again with attacks on ISPs in the UK. Specifically, customers of TalkTalk and PostOffice reported Internet outages. As with the last Mirai incident involving consumer cameras, this one also took advantage of an exposed router port. And by an amazing coincidence, some of the overall points about these ISP incidents were covered in two recent posts of ours: injection exploits are still a plague, and consumers should learn…
Data Security

[Podcast] A Technologist’s Hippocratic Oath

Last month, there was a thought-provoking article on programmers who were asked to do unethical work on the job. We often talk about balancing security with precaution and paranoia, but I wondered about the balance of ethics and execution. As always, I was curious to hear the reactions from the Inside Out Security Show panel – Mike Buckbee, Kris Keyser, and Mike Thompson. Here’s what they had to say: Thompson: “The downside in technology is…
Data Security

[Podcast] Password Expert Per Thorsheim On Life After Two-Factor Authentica...

Based in Norway, Per Thorsheim is an independent security adviser for governments as well as organizations worldwide. He is also the founder of PasswordsCon.org, an annual conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference invites security professionals & academic researchers to better understand and improve security. In part one of our conversation, Per explains why we continue to use passwords, the difference between 2-factor authentication and 2-step verification, as well…
Data Security, IT Pros

Pen Testing Active Directory Environments, Part II: Getting Stuff Done With...

In my last post, I began discussing how valuable pen testing and risk assessments can be done by just gathering information from Active Directory. I also introduced PowerView, which is a relatively new tool for helping pen testers and “red teamers” explore offensive Active Directory techniques. To get more background on how hackers have been using and abusing Active Directory over the years, I recommend taking a look at some of the slides and talks…
Data Security

Why UBA Will Catch the Zero-Day Ransomware Attacks (That Endpoint Protectio...

Ransomware attacks have become a major security threat. It feels like each week a new variant is announced –Ransom32, 7ev3n. This malware may even be involved in the next big breach. New variants such as Chimera threaten to not just ransom your data, but also leak it online if you don’t pay up. These cyber extortionists are not exactly the most scrupulous people, and so who’s to say they won’t sell your data online even…
Data Security

[Podcast] Life of an IT Pro

Like many in IT, you can probably commiserate with this week’s Inside Out Security Show panel – Mike Buckbee and Alan Cizenski – on elaborating when someone asks you, “What Do You Do for a Living?” Whether you’re a programmer or a sysadmin, the scope of your role is often multi-faceted and complex. In this episode, we talk about various responsibilities of those in IT – differentiating similar tools, testing and evaluating, balancing practical decision…
Data Security

Understanding SQL Injection, Identification and Prevention

A Word of Caution When you think of a website getting hacked, you might picture someone in a hoodie in a high tech bunker (or their mom’s basement), wailing on a keyboard, controlling thousands of remote machines in coordinated attacks, while output that looks like http://hackertyper.com/ scrolls past in a blur. You probably aren’t thinking: “I added a couple characters onto the end of a URL in my browser, now I’m committing felony unlawful access…
Data Security

[Podcast] More Sheila FitzPatrick: Data Privacy and EU Law

In the next part of our discussion, data privacy attorney Sheila FitzPatrick gets into the weeds and talks to us about her work in setting up Binding Corporate Rules (BCRs) for multinational companies. These are actually the toughest rules of the road for data privacy and security. What are BCRs? They allow companies to internally transfer EU personal data to any of their locations in the world.  The BCR agreement has to get approval from…
Data Security

[Podcast] The Case for Giving IT a Raise

Earlier this month at the awesome O’Reilly Security Conference, I learned from world-leading security pros about the most serious threats facing IT. Hmm, sounds like that would make a great topic to discuss with the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Peter TerSteeg. Let’s go meta. According to expert Becky Bace, you can generalize security challenges as a cycle of new attacks and vulnerabilities, requiring damage control and remedies, and…
Data Security

[Podcast] “Hacked Again” Author Scott Schober on Small Business...

Scott Schober wears many hats. He’s an inventor, software engineer, and runs his own wireless security company. He’s also written Hacked Again, which tells about his long running battle against cyber thieves. Scott has appeared on Bloomberg TV, Good Morning America, CNBC, and CNN. We continue our discussion with Scott. In this segment, he talks about the importance of having layers of security in place to reduce the risks of an attack. Scott also points out…