This reddit thread warns us that in case we get a call claiming to be from our bank or other organization, we should not give out any of our private info, but request that we end the call and call them back on a verified official number, even if the call we received originates from it.
The reason is that the traditional calling system is vulnerable to number spoofing, so caller ID cannot be trusted. So, this is one more thing to remember, on top of SMS being easy to intercept.
Good luck explaining thisattack & defense to elderly laymen 😨.
March 31, 2019
March 20, 2019
Meta: Management and employee retention
A few articles that I like, explaining how employee motivation works.
Great for all managers, pretty interesting for the rest of us.
- must-read: Why your employees are losing motivation,
- should-read: A bit over-sensational, but this guy is right, remove the toxic people from your company!
- could-read: A view of a millennial, catching some important points nicely (although I don't agree with everything).
November 18, 2018
DevSecCon London 2018 takeaways
I recently visited DevSecCon London 2018 and kept notes of my takeaways. Read about them in this Google Doc and feel free to comment on it.
November 6, 2018
IoT security
Here's the best recent article/opinion I've read on IoT security, written by Bruce Schneier.
It touches upon the market dynamics and covers the inevitable government regulation.
Very well put! Highly recommended read.
It touches upon the market dynamics and covers the inevitable government regulation.
Very well put! Highly recommended read.
September 12, 2018
Handy tool to check CSP
https://blog.thomasorlita.cz/vulns/google-csp-evaluator/
Useful to defenders and attackers (bug bounty hunters?) alike.
Useful to defenders and attackers (bug bounty hunters?) alike.
September 1, 2018
Sec tools: Should you buy or build?
Are you contemplating buying a security blinky box that will solve your problem? Could the team build something similar from scratch or re-using open source components? Valid dilemma.
This should help. Especially the analysis of steps #2, #3 and #4.
This should help. Especially the analysis of steps #2, #3 and #4.
August 29, 2018
Lessons on implementing SAST
Long but great reading on how Google does SAST. Contains things that didn't work for them and what they did to end up with working solutions.
The Lessons and Conclusion chapters are must read! Especially for anyone that tries to implement SAST in an organization.
Subscribe to:
Posts (Atom)