Tag: hacker

The Do’s and Don’ts of Password Management

I’ve written quite a few words for CloudAccess on the importance of password management and cloud security, but I think this list I found through my friends over at iRise Security really hits the nail on the head. DON’T Reuse and recycle passwords. If you do, a hacker who gets just one of your accounts will own them all. Use a dictionary word as your password. If you must, then string several together into a pass phrase. Use names of loved ones, dogs, birthdays, birthdays of loved ones

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

My Security Playlist: now playing Access Management

While I peruse my morning inbox, I enjoy listening to music on my iPod. It just so happens this morning’s first random selection served as the inspiration for today’s blog: Let ‘Em In by Paul McCartney & Wings. “Someones knockin at the door Somebody’s ringin’ the bell Do me a favor, Open the door and let em in!” There is nothing more damaging to the overall enterprise operation and business reputation than permissive access policies. Considering the all the entry points from applications to social

Deploying cloud security for shifting and evolving defenses

I was watching my beloved San Diego Chargers lose in a most embarrassing way on Monday night. And in the waning seconds of blaming the quarterback for such ineffectual 2nd half play, it occurred to me, it wasn’t his fault.  It was the coach. It was the lack of planning for the type of attack the Denver Broncos would bring. It was the lack of leadership that should have easily closed the deal. In short, it was sticking to the status quo while everything around

Do you want to know what you don’t know?

In my experience there are two types of enterprise IT departments -those that maintain the status quo and those looking to continuously explore and improve. It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it’s an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep. I

Do you leave your keys in the car too?

I heard the sky was falling. Well, at least the cloud was plummeting groundward. And all it took was one tech journalist to get his iCLoud account (and essentially his entire digital footprint) hacked. “The cloud is just like the Wild Wild West. No rules, no laws, no protection” “Just can’t trust the cloud.” I’ve seen those forum posts lately. Even the reigning high priest of computing Steve Wozniak (co-founder of Apple) voiced concern “I really worry about everything going to the cloud. I think