Categories ArchivesEnterprise Security

OK, yeah, that was a reach. As long as it makes me giggle, things will be just fine. I assume most of you are away from your RSS readers this week because you are furiously patching your DNS servers. The attack is actually quite genius, and continues to demonstrate the inordinate amount of trust we place in servers and data that should not be trusted. The details of how the attack works can be read in the above linked article if you are interested. You probably don’t have the time right now because you are rushing to patch though. Bruce Schneier takes this opportunity to lash out at the patching process. While some security pundits don’t take Bruce seriously, he’s ...

Well, it has happened again. I received a rather menacing looking note in the mail today. You know, one of those heavy stock sealed letters that has the perforated edges? Yeah. That kind. Inside it looks like my information is on a lost tape from a bank. The funny thing is, I don’t remember banking with this institution… ever. I have a feeling that one of the brokerage firms I use (or used) was backed by this institution, but nevertheless, I thought of an interesting type of phishing attack that I bet would work. When I looked through this notice, it did appear to have a corresponding breach on PrivacyRights.org. I have already placed my fraud alerts, so I should ...

Wired reports that a Citibank hack may be responsible for a recent ATM crime spree. Edit: Looks like some arrests have been made! I’ve discussed issues around hacking ATMs and challenges with skimming in the past, but this one appeared to be pretty lucrative. While bank networks are not impenetrable, attacking endpoints is becoming much easier and more lucrative. Anyone remember the old days when you had to make sure the ATM you were going to use was real? Speaking of that… Ladies, you should beware of this. Something of interest to me… As a consumer, do you check your bank statement with all of your receipts? Would you know if money started disappearing from your account in $10-$30 increments? ...

The ISSA has posted the electronic version of the journal, so if you are itching to read what is coming to you via the post, go check it out! My column this month is titled “Don’t Get Cyberjacked!” It may be the first time that the phrase “This ain’t your daddy’s security incident” and the word “stripper” appear on the same page (or ever) in that fantastic publication. Go check it out! Possibly Related Posts: Selective Domain Filtering with Postfix and a SPAM Filtering Service Preventing Account Takeover, Enable MFA! Proofpoint Patches URL Sandbox Bypass Bug Improve Outbound Email with SPF, DKIM, and DMARC Life after G-Suite/Postini

Monday was presentation day at CSI-SX. I had a decent crowd, for the breakout session! One day, I’ll do a talk that is not the last session of the day 🙂 While I was in between sessions sitting in the speakers lounge, one of the other speakers (I did not catch his name) dropped his computer bag and jacket on the chair across from me. I looked up, nodded, and went back to my work. He proceeded to pull out one of those laptop locking devices that you see at public terminals. You know, the ones you can beat with a toilet paper tube. He then secured the whole apparatus (bag included) to the chair! A conference chair. The ones ...

If so, LOOK ME UP! I’m speaking on Monday afternoon at 4pm at the conference. Hope to see you there! As always, I’ll be sending tweets! Possibly Related Posts: Selective Domain Filtering with Postfix and a SPAM Filtering Service Preventing Account Takeover, Enable MFA! Proofpoint Patches URL Sandbox Bypass Bug Improve Outbound Email with SPF, DKIM, and DMARC Life after G-Suite/Postini

Just finished up with the last booth work at the show. Today was fairly slow (as to be expected), though there were still plenty of people coming through. I got to see the VeriSign VIP token work, and that was pretty cool! Hope you stopped by to get your free token! As I was leaving, the last hunters of conference trinket treasure were hurriedly making the rounds before the expo closed. All in all, quite a show. If I missed you this time, I hope to see you somewhere else soon! Possibly Related Posts: Selective Domain Filtering with Postfix and a SPAM Filtering Service Preventing Account Takeover, Enable MFA! Proofpoint Patches URL Sandbox Bypass Bug Improve Outbound Email with SPF, ...

Today has been filled with all kinds of activities, including meeting with some customers and vendors. I just finished the first meeting of the NSS Advisory Group and I am very pleased with the direction that it is heading. I think there is a lot of promise there for helping customers figure out which vendors DO solve PCI issues, and which ones don’t. I will be AT THE BOOTH at 10am tomorrow! Please stop by! I have a pretty “Blog This!” button on (Thanks K-Dog!). Also you can follow me on Twitter at http://twitter.com/brandenwilliams. See you there! Possibly Related Posts: Selective Domain Filtering with Postfix and a SPAM Filtering Service Preventing Account Takeover, Enable MFA! Proofpoint Patches URL Sandbox Bypass ...