Skip to content

{ Category Archives } Information Security

Related to information security, risk management, compliance, etc

The Rise of Personal Data Exfiltration

You may have heard that LG is collecting usage data, as well as more information, from its SmartTVs, even if you opt-out. They promise to issue a firmware update to fix it, but most consumers will never apply it as it requires a manual configuration to update and a wired Ethernet connection. In other words, […]

Top Posts for October

    The Other Effect of the Shutdown on Information Security What Are You Investing In? The Age of Self-Surveillance

Crowdsourced, Commercialized Surveillance

The Tile is an object you can put on things in order to find them using your phone. This is useful. But if your phone isn’t close enough to the object, what then? Well, you mark that item as lost and then everyone’s phone (with the app) will look for your missing item too. Think […]

The Age of Self-Surveillance

  If you see something, say something. Most of us are familiar with that little message, but I think we got it backwards. It’s focused on being the observer, not the observed; so inefficient. After all, we are all observing ourselves all the time. What if, instead, we went with “if you think something, share […]

The Other Effect of The Shutdown on Information Security

Last week I spent a little time talking to folks about the effect the shutdown has on information security. Here are the links: DefenseOne, CNN, Tripwire. There are lots of examples of how a lack of personnel may affect the ability of government agencies to respond, and how it may be a good time to […]

The term “Zero Day”

The varied use of this term has been bugging me lately. Zero Day Vulnerability A vulnerability that has not been published, either by the vendor or some other reasonably public entity (MITRE/NIST/OSVDB/ETC). The key here is that the vendor in question has has zero days to actually do anything about delivering a patch or mitigation. […]

Tweetsplanation: Paw Prints and the iPhone 5s

Look, a cat’s paw print can unlock an iPhone 5s. The Tweet: Seems silly, right? But there are some practical considerations of why this might be important. First, the technology to identify an individual animal via a paw print could be useful in animal control, in wildlife management. What if you could place these senors […]

Tweetsplanation: The NSA and Crypto

The Tweet: The Explanation: If one starts with the assumption that the NSA wants to actually compromise encryption mechanisms in some technical way, as opposed to legally compromising them, then the secrecy of those mechanisms is key. It’s not *the* key however. As long as there are cryptographically inclined persons who also subscribe to open […]

Pre-nomaly Detection: Generating Change to Identify Non-Conformance

It was recently reported that Belgacom, Belgium’s primary telecom company, discovered a compromise that had been present for years. It reminded me of the Nortel compromise that was discovered a while back. The fact is that we’ve seen an increase in these kinds of discoveries. Details on how exactly the compromise was found are hard […]

BYOD: Bring Your Old Dilemmas

Yay for lists! Here’s a list of four security issues around BYOD besides malware that you should worry about. Let me summarize: 1. Lost and Stolen Phones 2. Insecure Communications 3. Leaving the Walled Garden (uh, this is malware) 4. Vulnerable Development Frameworks Ignoring the fact for the moment that issue number 3 (jailbroken phones […]