Dealing With the Insider Threat

IT security essentially comes down to protecting information and the systems that house it. Yes, it can be and is more complicated than that, but in the final analysis, that is what IT security is. Aligned against good IT security are the trends we see—mobile devices and BYOD (soon to be BYOI) and all the…

Secure Architecture: Securely Storing Data on SD Cards

If you are writing an app for Android, it makes sense to store large amounts of user data on the SD card. While the data might not be highly sensitive, like credit card numbers, the user likely needs it protected. Remember, the SD card is normally readable by any app. Each file that is stored…

Social Engineering a Brand Hijack

Naoki Hiroshima had a highly prized Twitter handle, @N, until a hacker or group of hackers were able to force him to give it up. How? By successfully social engineering a company which stores his payment data and personal information and then his domain registrar. This resulted in the loss of control of his web…

AIPO: All In, Priority Out

In my experience, security professionals are excellent at working problems.  Give them a few suspicious alerts, a few failed logins, some sneaky looking network traffic and then get out of their way.  Like bloodhounds on the trail of the fox, they aren’t afraid of sticking their nose on the scent and then following it to…

Secure Architecture: End-to-End Encryption

There has been a lot of talk lately about protecting data from interception through the use of end-to-end encryption. Writing applications for this architecture is difficult but here are a few tips. Requiring end-to-end encryption presupposes that the data is passing through one or more machines before reaching the destination. End-to-end encryption therefore requires that…

Our Digital Universe – The 5th Dimension

Who doesn’t remember lying in the grass on a clear summer night and feeling a sense of awe looking up at the night sky blistering with sparkling points of light?  It doesn’t matter if you are child, an adult or a scholarly astronomer, the sight of such amazing beauty and expanse in our universe is…

Identify Risk in a Heartbeat

By now, you most likely have heard of the announcement of the Heartbleed vulnerability in versions of OpenSSL.  Actually, by this time, your executives, your front line managers and your mother-in-law have probably heard of the Heartbleed vulnerability given it has hit every major new source (WSJ, CNET, CNN)  While this ubiquitous software is a foundation…

What You need to Know About Heartbleed

The world has been talking about a new security buzzword and that buzzword is “HeartBleed”.  What is Heartbleed? Heartbleed is the nickname given to the vulnerability known as CVE-2014-0160, which is a flaw in the TLS/DTLS heartbeat extension implementation in certain versions of OpenSSL.  In plain English, this vulnerability allows an attacker to use a…

RSA SecurWorld 5-STAR Partner Program Winner

For the fifth consecutive year in a row, I am happy to announce that the RSA SecurWorld Partner Program has been named a 5-STAR Program by CRN. Each year, the CRN Partner Program Guide recognizes the top vendors who service solution providers or provide products through the IT Channel. These vendors are assessed on criteria…

How Ease-of-Use and Flexibility are Improving IAM

The launch of Healthcare.gov last October was marred with issues. Users who attempted to navigate the exchange were greeted by a litany of errors so egregious, including login issues, incomprehensible data entry forms, enrollment delays, and outright crashes that signing up proved to be a near impossibility. Things got so bad that one leading publication…