Bill Burr, the guy that originally recommended password rules at NIST years ago, seems to regret how far that advice traveled and was used. While it's possible people will misstate his current views on the subject (proving his point again), at issue is how we simple humans use passwords…
Recently, the Federal Trade Commission (FTC) announced a $250,000 fine and a Consent Order with Henry Schein over misleading claims about encryption in their software. If we're honest, for the average consumer it’s not even a blip on the radar. That changes when we're talking about a child's health records. I've…
At work, home, or in public, everyone is exposed to threats while using WiFi on their phones, tablets or computers. Fortunately, many Wi-Fi risks can be mitigated easily. "Open" hotspots create an immediate risk of eavesdropping with few barriers, but even secured networks in public can compromise the path between…
Updated: This is an outdated list, but I leave it here as a reminder. Software has security a half-life. That half-life is the combination of how long it takes for an attacker to find a weakness, for an exploit to be developed, and for you to realize it's…
"Good News for hackers: People still plug found USB sticks into their Computers", a great example of social engineering by CompTIA. As it turns out, more than 1 in 6 people will pick up a "found" USB flash drive from a public place and plug it in to see what’s…
In what has become a “tip of the iceberg” wave of security breach reporting, most companies suffer the effects quietly. Each year we look back on countless examples of large and small companies falling victim to cyber security breaches. While the largest cases (often with tens…
It's unavoidable today. Personal computers, smart phones, tablets, and other network and Internet connected devices run software from multiple sources. That’s great and it makes us pretty happy most of the time. We get great software, communicate fluidly and quickly, and work more efficiently. The problem is that software can…