I had the fantastic opportunity to have a recorded video chat (a vidcast) with Mike Morris the Global Director of Business Development at Endace recently. Endace is in my mind the market leader when it comes to network packet capture solutions. They have really evolved network packet technology from its roots in open source TCPdump … Continue reading Secure Networks Vidcast with Mike Morris from Endace
Category: cybersecurity
Amazingly Great Read: Gates and Ladders
Before I was a programmer. Before I was a network expert. Before I was an educator. I was a car guy. Due to all these other things in my life I never got as deep into auto mechanics as others. Reading about and working on my cars has always been a great distraction from Internet … Continue reading Amazingly Great Read: Gates and Ladders
Inference, Aggregation, and Safe Cracking
I'm studying for the CISSP exam. Inference and aggregation are means used to take low level or partial information and use that to derive higher level information. Inference requires deduction. The lower level information provides clues. Aggregation is a mathematical or mechanical process. Apply inference and aggregation to safe cracking (or lock picking). Using inference … Continue reading Inference, Aggregation, and Safe Cracking
Enough Already. Stamos is right.
If you have not read this already I highly recommend Alex Stamos' opinion essay that appeared in the Washington Post on December 15th, 2020. Titled "Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks.", Stamos writes about how poor our response is today and what the United States government … Continue reading Enough Already. Stamos is right.
Examining PayPal Phishing Email Headers
Looking at the phishing email I received the other day telling me that my PayPal account had been suspended the next step in my investigation is to determine how it reached my inbox. There are many good resources available that describe manual email header analysis. To start out take a look at this article at … Continue reading Examining PayPal Phishing Email Headers
PayPal Phishing…
I received a really authentic looking email message today telling me that my PayPal account had been suspended. Only problem was that he email address the message was sent to doesn't actually have a PayPal account associated with it. But given the effort that must have been taken to undertake this campaign I thought I'd … Continue reading PayPal Phishing…
Summer Reading 101 – The Blue Team Field Manual
I read all the time. I admit that I read less now that I found and use Audible the Amazon audio book service). While Audible is great the books I chose to read (or re-read) this summer are probably not available there. I recently re-read the Blue Team Field Manual (BTFM) and read the Red … Continue reading Summer Reading 101 – The Blue Team Field Manual
Using Biometrics to Replace Passwords
I was recently asked this question...I'm working on a project right now where my team wants to substitute passwords and usernames for biometric authentication. I have expressed my multiple concerns for the security of such a system, but the idea has now come up that we could use a system with at least 2 factors … Continue reading Using Biometrics to Replace Passwords
Understanding the Traffic Light Protocol (TLP)
The Traffic Light Protocol (TLP) takes something that most people know and applies it to a new problem. In this case the simple concept of roadway traffic lights applied to information sharing. As defined by FIRST, an organization formed by cyber first responders; the Traffic Light Protocol is "a set of designations used to … Continue reading Understanding the Traffic Light Protocol (TLP)
It all in the Cloud(s)
The Internet is changing yet again. One of my predictions for 2018 is that everyone will witness a migration from corporate or private data centers to the 'Cloud', or Internet hosted data centers. There have been tremendous advances made in both securing the Cloud and sharing with the broader technical community how to secure the … Continue reading It all in the Cloud(s)