National Cyber Security Awareness Month – Low Hanging Fruit

October 23, 2018October 22, 2018 Jeff MlakarLeave a comment

Since 2004 the Department of Homeland Security has organized October as National Cyber Security Awareness Month. The goal is to promote cyber security to help keep Americans safe online. Fast forward 14 years and the security landscape has only become more dangerous. More opportunities exist for online abuses than ever before. The proliferation of internet connected devices that comprise the IOT creates additional attack surfaces which often have security as an afterthought instead of baked into the design.

Today I want to focus on the low hanging fruit i.e. the easy wins we can achieve to significantly improve our online safety and security. Read on to see the simple things most people can do to improve their situation.

Feature Photo: Image / License

The Prisoners Dilemma of Defect Disclosure

August 21, 2018August 22, 2018 Jeff Mlakar2 Comments

Cory Doctorow wrote an excellent piece about the disclosure of software security defects. The post “Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.” spells out the current predicament and suggests a way forward.

This topic is contemporary, impactful, and fascinating. It spans various domains such as InfoSec, free speech, censorship, and private corporate rights

Read on as I analyze the article and offer my thoughts about security vulnerability disclosures.

Feature Image Attribution and License.

Knowledge Based Authentication and Data Breaches – Your Security Questions Are Belong to Us

December 7, 2017July 12, 2018 Jeff Mlakar4 Comments

All your security questions are belong to us

Troy Hunt recently testified before the US Congress about Data Breaches. The focus was how data breaches affect knowledge based authentication. Identity verification in a post breach world is more challenging than ever.

His testimony is available on his blog. It is worth a read – I’ll wait here until you return.

You can watch the hearing on YouTube. (1.5 hours)

Much of his talk comes from his experience running a website tracking data breaches. If you have not already checked your information in Have I Been Pwned take a look. You can have it notify you if your account has been in a data breach.

SHA-1: When 2 Message Digests Collide

March 6, 2017March 12, 2017 Jeff Mlakar1 Comment

A SHA-1 vulnerability discussed 10 years ago has now been exploited. On February 23, researchers at Google and the CWI Institute in Amsterdam announced they have demonstrated its 1^st known hash collision.

DRM Security Concerns | Who does the IoT Obey?

January 8, 2017March 12, 2017 Jeff Mlakar1 Comment

I saw this video of a keynote speech given at the O`Reilly Security Conference in October 2016. Cory Doctorow gives a compelling talk about the thorny issues surrounding DRM and security research, privacy violations, and private property abuses.

Watch the video (32 min):