WannaCry as the Regulatory Brown M&M
If you were under a rock for the last few weeks, WannaCry is one of those cyber-security events that made it into regular news. If it hits NPR, that means everyone who knows me or at least strikes up a conversation at the bar will ask me my opinion.
Roll for Initiative
I had the privilege of being at the Microsoft Security Response Center during the formation of their incident response planning. It’s a challenging thing to create as well as maintain. The concept of removing people from the equation and supplying a base level playbook is integral to the difference between a security incident bouncing bad or bouncing to a level where it can be handled.
Compliance as a Cost of Customer Acquisition
If you're like many of our clients, you're in customer acquisition mode. You've spent a bunch of money to build your product or service, and the marginal cost to support a new customer is relatively small. They're buying the same thing everyone else is, so there's some additional load you need to meet.
On Changing Password Guidance: A Good First Step From Microsoft
Passwords, as a security solution, have become untenable. Whereas 15 years ago you might only have needed to remember two passwords, your ISP or your work password, now we have a plethora of passwords to keep track of.
U.S. Regulatory Outlook for 2017
I don't want to bring up politics but this is the first U.S. election where cybersecurity had sustained, serious attention by the press and the candidates.
Reverse Engineering Firefox and TOR Targeted Payload
This week, an exploit targeting Firefox and the Tor Browser was released, giving us a chance to exercise the capabilities of Lotan. In order to conduct an analysis, we extracted the shellcode from the exploit (the 'thecode' variable) and side loaded it into a bastion crashdump (see VirusTotal sample).