twitter facebook rss

Putting FUD Back in Information Security

Posted by Martin Zinaich on May 8, 2018

FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […]

Information Security and the Zero-Sum Game

Posted by Martin Zinaich on April 1, 2018

A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […]

Uh Oh 365

Posted by Martin Zinaich on January 10, 2018

In an earlier post, I talked about how some vendors tend to push enterprises into a weaker security posture. In this post, I continue with information relating to Office 365. Microsoft’s cloud implementation of the Office suite is mind boggling in its complexity and sheer want of native connectivity. If you are using a proxy, […]

Credit Due Where Credit Deserved – Microsoft

Posted by Martin Zinaich on December 21, 2017

In the past, I have criticized Microsoft for the privacy invasive defaults of Win10. I failed to mention a feature that sheds a bit of light on what they collect. Beyond changing many of the settings using tools (which I highlighted here), you can actually review and delete some of the metadata being collected. If […]

The Equifax Breach – Another case for professionalizing Information Security

Posted by Martin Zinaich on September 23, 2017

One of my part-time hobbies is pushing to professionalize the Information Security profession. Admittedly, it is a lonely pastime and not nearly as exhilarating as it sounds. I wrote a multi-part article about the topic called “What does Information Security have in common with Eastern Air Lines Flight 401?” Allow me to quote myself: Providing […]

DirectDefense vs Carbon Black

Posted by Martin Zinaich on August 10, 2017

Attacks come from many angles in the Information Security game. To wit, a spat between two security vendors – Carbon Black and DirectDefense. DirectDefense released a report on Carbon Black’s Cb Response product. In a report titled “Harvesting Cb Response Data Leaks for fun and profit,” DirectDefense uncovered some disturbing data leakage. Is so doing, […]

When Scanners Attack

Posted by Martin Zinaich on July 30, 2017

When scanners attack, it just makes you WannaCry. So we had WannaCry, DoublePulsar, Petya – the whole EternalBlue exploit release. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from […]

Injunction of Technology (IoT)

Posted by Martin Zinaich on April 16, 2017

Soon coming to the Internet of Things (IoT) is the Injunction of Technology (IoT). In another post I noted that my WiFi router’s power brick had a UL certification, yet the actual WiFi router had nothing similar stating it was safe to use on the Internet. In addition, nothing to ensure it would not hurt […]

Duplicitous Doublespeak

Posted by Martin Zinaich on March 26, 2017

Part of what I like about is this Technology / Political mix. In addition, if you will bear with me, I will tie this post back to technology. We have fully entered the Orwellian Doublespeak age. We have not only entered this doublespeak world, we have embraced this very duplicitous speak in our very […]

How vendors empower weak security

Posted by Martin Zinaich on February 6, 2017

I wrote about this before in a post called “Big Things and Small Things”. I documented how two very large companies failed to support Information Security in a corporate environment with even a basic level of accommodation. More came to light this week when reviewing Microsoft Exchange 2016. The issue has been around since 2013, […]