Riding the Blockchain Express to “De-Central” Station.
So, that image below? Think Facebook, Twitter, LinkedIn, Amazon, or any other of the many nexuses of information that populate the Internet.
Source: http://wikipedia.org
Riding the Blockchain Express to “De-Central” Station.
So, that image below? Think Facebook, Twitter, LinkedIn, Amazon, or any other of the many nexuses of information that populate the Internet.
Source: http://wikipedia.org
Another year, and again, another annual report (this one from SplashData) lists the easy and bad passwords have remained relatively unchanged.
As a domain network administrator, you may not be terribly concerned. You think you have a robust password policy as well as an account lockout policy to prevent brute force attacks. Your users cannot use any of those simple passwords on that list. No simple guessing a password is going to let an attacker into your network. Think again.
Most corporate domain password policies require complex passwords with a minimum password length. Many implement a minimum password length of 7 through 10, and with most password complexity rules, passwords should contain characters from 3 of 4 categories: uppercase, lowercase, numerals and special characters. Often times, the password is also restricted from containing the account name as well.
Continue reading
The mathematician as extortionist: ransomware “smart” contracts
Source: https://en.wikipedia.org/wiki/Brazen_head
A few weeks ago I wrote about the “proof of work” concept inherent in the implementation of the blockchain used to support bitcoin. I have continued down the blockchain path and have been exploring another child of the blockchain revolution: Ethereum.
A few weeks ago, we published the Business Email Compromise (BEC) Checklist. The question arose – what if you’re new to security, or your security program isn’t very mature?
Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.
Part 1 and Part 2 covered the first checkpoint in the list – Identify.
If you’re unfamiliar with the term “OSINT” (open-source intelligence) it boils down to finding information that’s publicly and freely available about you, your company or anything else. How can this help you? OSINT covers a very broad array of sources and uses, and one way it can be used is to help verify your external network surfaces, and if user emails have been found in datadumps from compromised sites.
I’ve been having a bit of a bizarre experience for the last couple of months, and decided to share…it’s bothering me a bit.
Back on September 10th, a lady – let’s call her Jane Doe – applied for a life insurance policy with specific funeral benefits. Only…Jane accidentally gave the company one of my personal email addresses by mistake.
“Healthcare…the only industry where employees are the predominant threat actors in breaches.” Straight out of Verizon’s 2017 Data Breach Investigations Report, p.22. No, no, no, you can’t lock out all your employees completely from the hospital network; The nurse needs to get to my medical profile to know what and how much of a drug dose to give me.
The healthcare industry has to balance between securing large amounts of private and sensitive data, yet allow quick access to it for doctors and nurses, emergency and healthcare personnel. 68% of threat actors within healthcare are from internal, and 64% of all incidents and breaches are financially motivated. And 80% of breaches are due to abuse of privileges, physical theft or loss and miscellaneous errors 1.
* The above image captured from Verizon’s 2017 Data Breach Investigations Report, p.22
Internal threat actors could be:
A few weeks ago, we published the Business Email Compromise (BEC) Checklist. The question arose – what if you’re new to security, or your security program isn’t very mature?
Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.
Bitcoin “Proof of Work”: 51% of Accountants Agree!
Source: Fox Photos/Getty Images
Those are the “accountants”, all working independently to validate bitcoin transactions.
I’ve read the original white-paper that is often cited as the foundation of the cryptocurrency, and particularly the “bitcoin“, phenomenon.
See: https://bitcoin.org/en/bitcoin-paper
The author is the mysterious “Satoshi Nakomoto“, who may be Japanese, or may be a collection of people, or may be (my take) some blockchain instance from the future that has developed self-awareness and has traveled back through time, using the identity of Satoshi to create itself.
Recently, we posted the Business Email Compromise (BEC) checklist. We’ve gotten a lot of great feedback on the checklist…as well as a few questions. What if you’re new to security? What if your organization’s security program is newer, and still maturing? How can you leverage this list?
Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.