DevSecOps · Security · Soapbox

DevSecOps is Critical

In talking to one of my colleagues and explaining the difference between DevOps and DevSecOps to a colleague, I came across an interesting set of Google search results. When I google for ‘misconfigured AWS S3 bucket data breach’, I get 81,000+ results. 7 million Indian financial records exposed, 128 million US household records exposed, UK… Continue reading DevSecOps is Critical

Security

Service Accounts Now More Numerous than Human Accounts

More on the IoT “Revolution” we have going on. Your IoT devices and other service accounts probably account for the bulk of the entries in your Active Directory or LDAP. When was the last time any of them had their credentials updated? What do those accounts access? When did you last audit them to be… Continue reading Service Accounts Now More Numerous than Human Accounts

DevSecOps · Security

Twitter Hack of Obama, Musk, Others Started on Slack

The New York Times is reporting that the recent hack of high profile Twitter accounts started by unauthorized users gaining access to a Slack channel where the credentials to log in to the back end Twitter systems were posted. So Twitter employees are sharing credentials. Its not clear, at that moment anyway, how the malicious… Continue reading Twitter Hack of Obama, Musk, Others Started on Slack

Electronic Voting · Security · Technology

Voter Fraud and Election Manipulation in the Digital Age

“General Motors, General Mills, General Foods, general ignorance, general apathy, and general cussedness elect presidents and Congressmen and maintain them in power.” ― Herbert M Shelton While electronic voting seems like a good idea, please allow me to explain why it is extremely dangerous. I come from Texas and Duval County (in Texas) is quite… Continue reading Voter Fraud and Election Manipulation in the Digital Age

Security · Supply Chain Hacking

Government Susceptible to Supply Chain Hacking

Ok, so I don’t exactly have my shocky face on for this but a lot of Police and other security agencies got hacked through a supplier. Given the poor security at the city, county, state, and, all too often, federal levels of government, digital government should scare everyone. This time the supply chain vendor was… Continue reading Government Susceptible to Supply Chain Hacking