Education: CISSP, RHCSA
Highlights of your career? Reverse engineering human brain patterns.
What malware do you hate the most? Nation state sponsored low and slow.
Favorite activities? Building and flying airplanes.
What is your golden rule for cyberspace? Stupid hurts.
When did you get your first computer and what kind was it? 1988, Radio Shack TRS-80.
Favorite computer game/activity? Java/Big Data algorithms to find brain patterns.
There’s a new batch of malware making the rounds, this time directed at spreading banking malware through childrens’ games. Though it’s hard to imagine, the scammers are taking advantage of the naivete of kids, who may not be as skilled at detecting scams as their more seasoned parents. According to an article in Softpedia, the
Citing weaknesses in security controls at 24 major agencies, a new report by the U.S. Government Accountability Office (GAO) charts the stellar rise in incidents, and tries to highlight what went wrong. Just today my colleague Stephen Cobb also posted a government-related incident in the health care sector. The timeframe of the study, starting in
On the heels of the arrest of Cory Kretsinger, aka “Recursion”, for one of the Sony data breaches, following an FBI request for traffic records from his VPN provider, users wonder whether anonymizing service providers really are all that anonymous. Using a VPN to connect securely out of reach of prying eyes, is a common
Actually $26, according to a study conducted by Argonne National Laboratory in Illinois, which was able to hack a Diebold voting machine with “about $26 and an 8th-grade science education.” In light of the rapidly approaching 2012 U.S. Presidential Election, it seems there may be a need to give serious attention to securing our election
According to a post by a Facebook Photos engineer, they receive around 200 million photo uploads per DAY, or about 6 billion per month. A separate post says Facebook currently hosts 4% of all photos ever taken. Specifically, it hosts 140 billion photos out of 3.5 trillion photos taken in history. Also, we see “it
Unless you specifically cancel the 2-way communication aspect, the default setting will be to continue a communication link to OnStar once the subscription expires, raising the ire of customers who wonder what the company does with the data. OnStar says that data is anonymized, but customers fear data showing current vehicle location doesn’t seem very
Following the recent landmark Newsbin2 ruling requiring ISP’s to take a more active role in policing pirate websites, UK ISP’s are working to speed the court ordered actions though to block pirated sites. The implementation details haven’t been finalized between the creative industries and ISP’s, but copyright-owners seem to be optimistic. The goal is to
This morning we recorded a podcast posing the question “can legislation solve cybercrime?” Well, The Senate Judiciary Committee seems eager to play a part, passing a measure yesterday attempting to thwart computer attacks. Measure S.1151 sets a national standard for data breach notification, replacing the various state initiatives already in place. It also makes concealing
Google+ seems to be continuing building steam and putting itself on the map as a contender, not merely an also-ran to the Facebook behemoth. Part of its strategy is to enforce the use of real names, not just the more common online pseudonym. The logic goes that this will reduce the likelihood that cybercriminals might
Since 2010 that is, following a law enacted in 2007 that requires all companies doing business in Massachusetts to inform consumers and state regulators about security breaches that might result in identity theft. Attorney General Martha Coakley’s office released the information, including a breakdown of the data. It seems her office received 1,166 data breach
Recently, we’ve noted a steep rise in Android malware and predicted the rise in banking malware, now we see another example in the wild, this time SpyEye. Trusteer has a good rundown on it, saying “It seems that SpyEye distributors are catching up with the mobile market as they (finally) target the Android mobile platform.
Following the recent spree of data breaches at Sony, resulting in a bevy of class-action lawsuits, it has updated the Terms of Service to preclude future class action suits from being leveled. To be sure, Sony has had sleepless nights following the breaches, but they’d prefer not to deepen the stack of lawsuits if similar
With all the recent headlines about data breaches, should your organization hire a “thief to catch a thief?” That’s a question Kevin Mitnick, sitting near the top of the hacker hall-of-fame for famous hack sprees in decades past, has been contemplating. He’s not alone – many companies are wondering the same thing. There is a
With fantastic teeny model helicopters sporting mini hacked Linux platforms that long to take over your wireless network and wreak havoc, or so recent headlines would suggest. Now, we’re big fans of innovation, and technology on the go, but these pseudo-drones (built on the cheap, for the under-budgeted aspirer of wireless world domination) lack the
What happens after you share data online, and others re-share it, etc.? As data becomes increasingly inter-connected, with multiple parties touching the same data, Internet users are starting to wonder: who DOES have access to their data? Are they acting in your best interest? And who should be checking to make sure they do? The
According to a tweet from World Privacy Forum, California state governor just signed an update to a data breach notification law that would require organizations to submit a sample of the breach notification sent to customers also to the Attorney General, to ensure what’s being sent out, and that it’s sent out in a timely
Facebook recently rolled out a program we thought was a good step, bounties paid to hackers to find and report bugs, rather than exploit them. So far that payout has totaled around $40,000, no small sum for the aspiring hackers, and probably a boon for Facebook’s efforts to proactively fix security issues before a potential
Awhile back we mused that the rapid rise in Android malware would hit its stride near the intersection of widespread mobile financial transaction use, and the continuing steep rise in adoption of the platform. Now we see AT&T, T-Mobile and Verizon entering a joint venture to back a payment service for, guess what: Mobile financial
So you get a Twitter tweet or Facebook notification from what “seems to be” a friend saying they have the latest information in the development of Hurricane Irene, if you just “click here.” When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake
Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) style attack. Since the Apache application serves up north of 65% of the websites on the internet, a plausible attack becomes quite an issue, especially if
