Welcome to 2016, where malware is engineered to mutate to avoid detection, and 93% of all phishing emails contain ransomware. If you were hoping for a quiet life in the field of information security, abandon all hope ye who subscribed to that fantasy. Upon a time, infosec was casually patching holes in PCAnywhere and delicately shaming C-levels for opening the I Love You virus. Today, the difference between your healthy company’s … Continue reading Teach an employee to phish and he will protect you for a lifetime
Fundamental to your ransomware mitigation strategy is backup. If your plan is to pay your way out of this, consider that not a plan. For one, you have no assurance the threat actor can actually recover your files. Two, you have no assurance the threat actor really will recover your files once you pay. Backup is a complex science actually, but let’s distill a basic strategy into … Continue reading Ransomware Backup Strategy: RPO and RTO
Last night I returned home and heard the unmistakable, unnerving, familiar destiny of all mechanical hard drives: the click of death. My Time Machine drive had given up after exactly 4 years and 6 days on the job. That’s probably a fair length of service, especially for a Seagate drive; a brand which evokes mixed emotions in most product reviews. My reaction is visceral and … Continue reading Does External Storage Make Sense?
This week my inbox was hit over the head with at least five consumer outreach surveys. And all of them stink. You know what happens when your survey stinks? Something even worse than nothing. I get partway though, decide that I can’t take it anymore, and I just close the browser window without submitting, which means the company gets nothing, and I waste my time … Continue reading Your Surveys Are Terrible
A hot trend on Twitter this week is the use of imposter financial institution accounts originating from Hostinger‘s 16mb.com domain. I did what I could to curb the Chase Bank scheme that I encountered last Friday, and I’ve since found several others, all attempting to direct distressed users to elaborately staged fake web frontends. Santander and PayPal are the ones that immediately come to memory, and then there’s this … Continue reading It’s time for Twitter to go
On Friday night I received a fraud alert from Chase, indicating they had flagged a transaction: Their fraud algorithm is a mystery, although I am patently fascinated by it. My guess is that based on where the card was presented (they won’t say where, just that it was manually entered – so, given over the phone to a Domino’s employee), the amount (I am going … Continue reading Friday Night Phish Fry
I’m rolling off the first big project of my tenure here at The Academy. It was a success, but it didn’t come easy. There were some salient lessons learned that I think are worth sharing. Have extremely high standards, but be okay with the fact that they won’t be met entirely. When you start with, work toward, and fight for ideal processes and methods, you … Continue reading A Project Post-Mortem