security awareness

Is that a Shark? — Common Security Mistakes Organizations Make

At Secure Ideas, we work with a large number of organizations. These range from small mom-and-pop businesses to international corporations and government agencies. In any of these examples, we find that CIOs and management make the same mistakes when it comes to dealing with their security issues. When people talk about security and risk, we …

Is that a Shark? — Common Security Mistakes Organizations Make Read More »

Decoding Security Jargon

If you pick up just about any security textbook it will begin by describing security using terms such as threats, risks, vulnerabilities, exposures, agents, and so on.  These terms are fine for discussions between security professionals who agree on the definitions.  However, I find they are often too technical when striking up a conversation with …

Decoding Security Jargon Read More »

Are we a Target?

2014 has started out with a bang in terms of publicly disclosed compromised systems.  We entered the year with a slew of privacy events starting with Target’s massive breach, followed by other retailers such as Neiman Marcus and Michael’s and a current investigation with lodging and food services giant White Lodging.  The Syrian Electronic Army (SEA) has …

Are we a Target? Read More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s Request Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

Scroll to Top