Biometrics · Electronic Voting · Mobile · Security

Voatz E voting Attacking Critics

They appear to be taking a page of the electric generation and telecom industry handbook and going after their critics. Instead of cleaning up the security of their voting platform, they are suing to make it illegal to make sure that their voting application can’t be used fraudulently. When I google Voatz, I get a… Continue reading Voatz E voting Attacking Critics

Security

Yet Another Reason to Automate Off Boarding

A Cisco employee was fired in April but in September he managed to access enough of Cisco’s infrastructure to delete thousands of accounts and virtual machines. How could he have done this five months after he was fired? Simple, the off boarding process at Cisco is either not automated or not sufficiently automated to cancel… Continue reading Yet Another Reason to Automate Off Boarding

Cloud Security · DevSecOps · Security

Misconfigured AWS S3 Buckets on the Rise

If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise

Automate Remediation · Security

Zerologon – So Bad Feds Are Patching Everything by Monday

If you have a Windows server, now is the time to patch it! This one is really bad since you can become an Domain Admin in one click. If you have been living under a rock, there is a flaw in the way that Netlogon works in Windows which allows you to impersonate the domain… Continue reading Zerologon – So Bad Feds Are Patching Everything by Monday

Authentication Tokens · Security

Google’s New Hardware Token Made in China

Ok maybe I should take my foil hat off, but Feitian is making the new Google Titan hardware authentication tokens. Since Google isn’t allowed to operate in China, I am puzzled as to why they would sell anything made there. In their position, I would simply refuse to do business with any business in China.… Continue reading Google’s New Hardware Token Made in China

DevSecOps · Security

Why SQL Injection is Inexcusable

I found this awesome infographic from Akamai and I wanted to talk about it a bit because while the infographic itself is awesome, what is represents is the terrible truth behind the point I keep making about DevSecOps. More than 148 million SQL injection attacks… Why? Well, in short, because they work but they only… Continue reading Why SQL Injection is Inexcusable

Fake News · Security · Social Media Engineering

What do Bears, Cranes, and Kittens Have in Common?

Russia, Iran, and China are all attempting to interfere in the November election using some very sophisticated techniques. Without very sophisticated data analysis, its virtually impossible to spot the fakes. The Russian misinformation campaign is back up and running again. This time its using AI to generate fake photos, fake LinkedIn profiles, fake Twitter Accounts,… Continue reading What do Bears, Cranes, and Kittens Have in Common?