For those who lack the time to read the entire report, here are some of the key findings along with some comments. Attackers 75% of breaches done by outsiders. 25% involved internal actors. 18% state actors. 51% involved organized crime actors. I see 25% involving internal actors as quite high, but that depends on the definition of “involved”….

For some silly reason I was just awoken by the following thoughts about how application tests will be done in the future. I’m thinking this starts phasing in over the next 3-10 years. The application will be decomposed using an automated tool to break it into the binary, the source, the network interfaces, the application-layer interfaces, and any…

I’ve been continuing to improve my Splunk> game, and part of that has been improving the information that comes in email alerts. The image above shows the final result I am looking for, where you get custom information that’s contextual to the alert that was generated. The problem The issue is that this doesn’t work by default. You…

This week’s topics: Verizon’s DBIR report, Chipotle (again), USAF bounty, NSA surveillance hampered, Android hacks, Taser and computer vision, Google fights fake news, Exercise types & mental skills, Perfect pitch recording, Lifecasting, RF X-Ray, discovered links, and more… This is Episode No. 75 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology,…

This week’s topics: DoublePulsar in the wild, vigilante IoT worms, Bose listening headphones, PoS hacking sentence, Google ad blocking, best anti-aging exercises, unqualified Indian engineers, , discovered links, and more… This is Episode No. 75 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute…

I do lots of monitoring on my site (I’d rather watch logs than Netflix) which I’ll talk about in separate posts, but today I want to talk about SSH. I’m going to cover how I log, how I get those longs into Splunk, and what kinds of searches and alerts I have set up. Getting Splunk to monitor…

What is IAM IAM Users IAM Roles Access Keys IAM Policies Security Groups AWS naming can be a bit strange, and there are a lot of components within their security infrastructure, known as IAM. This page will introduce you to the various components are and what they’re used for. Keep in mind this is just a primer; there’s…

This week’s topics: Shadow Brokers, fingerprinting Netflix traffic, Magneto vuln, Juniper advisories, Amazon speaker tech, Facebook’s 100Gbit optical switches, Google Hire, Minecraft currency, a solar-powered water harvester, OWASP Top 10 draft comments, remote SSH, EC2 and NAT firewalls, deep learning is a black box, discovered links, and more… This is Episode No. 74 of Unsupervised Learning—a weekly show…

One of major differences I’ve noticed after making the switch from Linode to AWS is how network security works. On Digital Ocean, Linode, and most other VPS hosts, when you get an IP the IP is live on the internet. People can ping it directly, in other words (assuming you allow that in your OS itself), and any…

I’m going to make some comments about the proposed 2017 update of the flagship OWASP Project—the OWASP Top 10. Before I do, I just want to say that as a present and former leader of multiple OWASP projects (IoT Security, Mobile Top 10, Game Security Framework, etc.) over the last seven years, I empathize with the difficulty of…

This week’s topics: Word 0-day, BrickerBot, iOS GIF, Russian arrested, Tizen, OilRig, APT10 MSPs, Dallas sirens, ATM drilling, Watson golf, Uber Italy, AI memory, links, projects, and more… This is Episode No. 73 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec, technology, and humans into a 15 to 30 minute summary. The…