ITsecurity
twitter facebook rss

Uh Oh 365

Posted by Martin Zinaich on January 10, 2018

In an earlier post, I talked about how some vendors tend to push enterprises into a weaker security posture. In this post, I continue with information relating to Office 365. Microsoft’s cloud implementation of the Office suite is mind boggling in its complexity and sheer want of native connectivity. If you are using a proxy, […]

Credit Due Where Credit Deserved – Microsoft

Posted by Martin Zinaich on December 21, 2017

In the past, I have criticized Microsoft for the privacy invasive defaults of Win10. I failed to mention a feature that sheds a bit of light on what they collect. Beyond changing many of the settings using tools (which I highlighted here), you can actually review and delete some of the metadata being collected. If […]

The Equifax Breach – Another case for professionalizing Information Security

Posted by Martin Zinaich on September 23, 2017

One of my part-time hobbies is pushing to professionalize the Information Security profession. Admittedly, it is a lonely pastime and not nearly as exhilarating as it sounds. I wrote a multi-part article about the topic called “What does Information Security have in common with Eastern Air Lines Flight 401?” Allow me to quote myself: Providing […]

DirectDefense vs Carbon Black

Posted by Martin Zinaich on August 10, 2017

Attacks come from many angles in the Information Security game. To wit, a spat between two security vendors – Carbon Black and DirectDefense. DirectDefense released a report on Carbon Black’s Cb Response product. In a report titled “Harvesting Cb Response Data Leaks for fun and profit,” DirectDefense uncovered some disturbing data leakage. Is so doing, […]

When Scanners Attack

Posted by Martin Zinaich on July 30, 2017

When scanners attack, it just makes you WannaCry. So we had WannaCry, DoublePulsar, Petya – the whole EternalBlue exploit release. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from […]

Injunction of Technology (IoT)

Posted by Martin Zinaich on April 16, 2017

Soon coming to the Internet of Things (IoT) is the Injunction of Technology (IoT). In another post I noted that my WiFi router’s power brick had a UL certification, yet the actual WiFi router had nothing similar stating it was safe to use on the Internet. In addition, nothing to ensure it would not hurt […]

Duplicitous Doublespeak

Posted by Martin Zinaich on March 26, 2017

Part of what I like about ITSecurity.co.uk is this Technology / Political mix. In addition, if you will bear with me, I will tie this post back to technology. We have fully entered the Orwellian Doublespeak age. We have not only entered this doublespeak world, we have embraced this very duplicitous speak in our very […]

How vendors empower weak security

Posted by Martin Zinaich on February 6, 2017

I wrote about this before in a post called “Big Things and Small Things”. I documented how two very large companies failed to support Information Security in a corporate environment with even a basic level of accommodation. More came to light this week when reviewing Microsoft Exchange 2016. The issue has been around since 2013, […]

2017 InfoSec Predictions

Posted by Martin Zinaich on January 4, 2017

As usual, we have the requisite Information Security Predictions for the coming New Year: Jeff Harris, vice president of solutions for Ixiamp, sees a ramp up in weaponization of the Internet of Things (IoT) to carry out widescale DDoS attacks in 2017 James Carder, CISO of LogRhythm, predicts that in 2017 we could be in […]

Fast Incident Response Expected

Posted by Martin Zinaich on October 8, 2016

From time to time, I like to compare and contrast the nascent Information Security profession with more traditional and established occupations. For example when I had lunch with a police officer friend and gave it some food for thought. I had such occasion the other day in a breakout session on the topic of Incident […]