It’s been a while since I’ve done some Splunk work on my home network, but lately I’ve been thinking about port scans, specifically about reporting on port scans against my environment. I’m not terribly worried about people scanning my network since it is quite locked down, but why not check on it to see if anything interesting… Continue reading Splunk Reporting: Port Scans
Category: Security
The cost of NSA exploitation
There are plenty of good technical overviews of the Heartbleed vulnerability (including a great overview by XKCD). The security impacts of this issue have been covered well by people far smarter than me. But I feel the need to pile on to reports that the NSA has known about this vulnerability and exploited it for… Continue reading The cost of NSA exploitation
Dealing With Stolen Credit Cards
How funny: the day after I write about password breaches, I learn that one of my credit care numbers has been stolen. Thankfully, though, I was well prepared for this event, and should be back to normal operations very quickly.
Password Breaches: Don’t Panic, Be Prepared
Hey, look, there’s been another password breach! Is it time to panic? I decided not to. In fact, I decided to pretty much ignore the whole story. As a result of this breach, I only rotated one password, and frankly, it wasn’t because I was worried that this password had been compromised. Wait, shouldn’t you… Continue reading Password Breaches: Don’t Panic, Be Prepared
Breaking Encryption
The big news today is that the NSA has “broken” much internet encryption. Details are scarce, and comments are plentiful, but it’s important to understand at a high level what it means to “break” encryption. There are essentially three ways to “break” encryption, and they all mean different things.
Spying and corporate fallout
For good reason, a lot of discussion about recent NSA revelations has focused on the government, what they are actually doing, and what controls are in place. However, it’s important to keep in mind, however, that most of the data collection utilized the services of private companies in one of the best examples of outsourcing… Continue reading Spying and corporate fallout
Chrome security and best practices
Many in the security community are all atwitter about the Chrome browser not encrypting passwords. They call this bad security; a lot of people disagree. I tend to agree with the latter group: putting a master password or otherwise putting some kind of encryption in Chrome’s password store wouldn’t materially increase security, and would give… Continue reading Chrome security and best practices
The CISSP Exam
Last Sunday, I took and passed the CISSP exam. I had made it a personal goal to pass the exam before the end of the year, and I’m happy to say that I have achieved my goal. What was my study plan? Read on…
DropBox Two-Factor Authentication
DropBox is cool. I use it to keep my many computers in sync. This includes keeping my password manager master safe file in sync (you all use password managers, right?) Even though that file is encrypted with a good encryption algorithm, it’s still a file I would like to protect. I used a pretty strong… Continue reading DropBox Two-Factor Authentication
Privacy Around Me
There has been a lot of ink spilled about the Girls Around Me app that was introduced, and then pulled from the iPhone App Store. For those who are unaware, the app used the geolocation aspects of existing websites, such as Foursquare and Facebook, to show the user where women were located close to them.… Continue reading Privacy Around Me