Posts tagged "Security"

1 in 21 million: The OPM data breach and me

It is now estimated that personal data for 21.5 million people was stolen when the Office of Personnel Management (OPM) was hacked. OPM held (I dare not say “managed”) background check records for current and former government employees. The data includes social security numbers, birthdates, current and former addresses, current and former employers, and lists... Read more »

HTTPS does not mean your data is safe

More and more websites are using Hypertext Transfer Protocol Secure (HTTPS) by default. Recently, the White House Office of Management and Budget (OMB) declared that all public-facing websites for U.S. government agencies will use HTTPS by the end of 2016. The increased use of HTTPS instead of unencrypted HTTP is great news for data security... Read more »

Do terms like 'cyber attack' prevent good computer security practices?

According to research by David Hauser, describing cancer as an enemy that needs to be fought reduces the extent to which people focus on preventive behaviors such as changing their diets. Hauser’s work seems to indicate that describing cancer in terms of war and battle metaphors focused people on direct attack actions and made them... Read more »

Valentine's Day cards for infosec geeks

Information security specialists are not just people who nag you about strong passwords and not clicking on strange things. We are also people. People with hearts. People with hearts that love. I’ve made some Valentine’s Day cards for my fellow infosec geeks. Enjoy. You have my permission┬áto save, print, and share these valentines with those... Read more »

The Internet's Own Boy: A movie everyone online should see

The Internet’s Own Boy is a documentary about computer prodigy, Internet pioneer, and activist hacker Aaron Swartz, but even if you’ve never heard of Aaron Swartz you should see this movie. The story has implications beyond the short life of one man. Through the passion, drama, and tragedy of Aaron Swartz’s life The Internet’s Own... Read more »

An airport security poem based on Jabberwocky by Lewis Carroll

For all of you who will be traveling on airplanes this summer here is a little poem about the TSA screening process and airport security. Sadly, it is still applicable years after I first wrote it. #200119491-002 / Scaerrorwocky (Based on Jabberwocky by Lewis Carroll) ‘Twas boardtime and the Ti Assay Did screem the... Read more »

What is the Heartbleed bug, and what should you do about it?

Do you use the Internet? Congratulations, your data has been vulnerable for about 2 years and is even more vulnerable now that the Heartbleed bug has been revealled publicly. Until web sites patch this OpenSSL vulnerability that little lock and https that you’ve been taught will keep your data safe as it travels across the... Read more »

25 most used passwords of 2013: Have people lost faith in Jesus?

SplashData has released their annual list of the “worst passwords” based on which passwords appeared most frequently in password files obtained by hackers. As an information security specialists these lists always make me feel happy about my job security but also despondent about how security awareness efforts still aren’t changing the behaviors of many computer... Read more »

Lesson from Target data breach: Don't shop with your debit card

Lesson from Target data breach: Don't shop with your debit card
The most shocking thing to me about the recent Target data breach was not that it happened. Although the scope of the Target breach is extraordinary, I am always aware of the risks of using credit cards. I used to manage a Payment Card Industry Data Security Standard (PCI DSS) compliance program. I understand the... Read more »

How to steal a fingerprint

How to steal a fingerprint
Apple announced that the new iPhone will include TouchID to allow users to make purchases by identifying themselves with a fingerprint. Sounds great, right? But while biometrics (such as fingerprints, palm prints, and retina scans) do have some advantages over passwords, they have their weaknesses too. And, yes, fingerprints can be stolen. I’m not talking... Read more »