ITsecurity
twitter facebook rss

Duplicitous Doublespeak

Posted by Martin Zinaich on March 26, 2017

Part of what I like about ITSecurity.co.uk is this Technology / Political mix. In addition, if you will bear with me, I will tie this post back to technology. We have fully entered the Orwellian Doublespeak age. We have not only entered this doublespeak world, we have embraced this very duplicitous speak in our very […]

How vendors empower weak security

Posted by Martin Zinaich on February 6, 2017

I wrote about this before in a post called “Big Things and Small Things”. I documented how two very large companies failed to support Information Security in a corporate environment with even a basic level of accommodation. More came to light this week when reviewing Microsoft Exchange 2016. The issue has been around since 2013, […]

2017 InfoSec Predictions

Posted by Martin Zinaich on January 4, 2017

As usual, we have the requisite Information Security Predictions for the coming New Year: Jeff Harris, vice president of solutions for Ixiamp, sees a ramp up in weaponization of the Internet of Things (IoT) to carry out widescale DDoS attacks in 2017 James Carder, CISO of LogRhythm, predicts that in 2017 we could be in […]

Fast Incident Response Expected

Posted by Martin Zinaich on October 8, 2016

From time to time, I like to compare and contrast the nascent Information Security profession with more traditional and established occupations. For example when I had lunch with a police officer friend and gave it some food for thought. I had such occasion the other day in a breakout session on the topic of Incident […]

Hack the Vote

Posted by Martin Zinaich on August 13, 2016

Hack the vote

As recent events with the Democratic National Committee (DNC) being hacked solidify the fact that we cannot seem to secure anything connected to the Internet, one has to wonder if elections can also be hacked. The topic of “Hacking the Vote” reminds me of one of my favorite InfoSec security maxims; “high technology is often […]

Serving Formal Notice to Microsoft Corporation

Posted by Martin Zinaich on July 23, 2016

Just three days after my last post on Windows 10 privacy issues, The Chair of the National Data Protection Commission (CNIL) issued a formal notice on Microsoft Corporation to stop collecting excessive data. The formal notice gave Microsoft Corporation three months to comply with the French Data Protection Act. The CNIL found that Microsoft was collecting […]

Falling into the Windows 10 PIT again

Posted by Martin Zinaich on July 17, 2016

In the past, I wrote about Microsoft’s “Asimov” and how it appeared to be running on my Windows 7 machine. I was not participating in the Microsoft Customer Experience Improvement Program but a KB was loaded and producing errors related to that program. I describe such applications as Privacy Invading Technology (PIT). Fast forward to […]

No Reasonable Expectation of Privacy

Posted by Martin Zinaich on July 1, 2016

Privacy

Is there a reasonable expectation of privacy on the Internet? A senior US district judge recently stated the technically obvious, but it may come as a shock to many. The FBI seized control of Playpen, a dark net website dedicated to child porn distribution (yes disgusting and good for the FBI). In building their case, […]

Delphi Disillusion

Posted by Martin Zinaich on June 19, 2016

What propels a company into higher markets has always been a mystery to me. Often it does not seem to require having the better product. When looking at the origins of some of my favorite companies, they certainly had the better products but failed to capitalize on their strengths. Take Word Perfect versus Word, or […]

Governance the often-missing piece of Information Security

Posted by Martin Zinaich on March 12, 2016

In the report, What does Information Security have in common with Eastern Air Lines Flight 401? – I posit that one byproduct of professionalizing Information Security will be elevating it to the board level where it belongs. I also wrote the following: “…it is no longer adequate that organizations secure only “their” network. Vendors, suppliers, […]