Posted on 2021-07-25Categories MalwareTags , 1 Comment on IoT Attack, Incident Response

IoT Attack, Incident Response

I missed an installment on Friday, and maybe I’m a little tired of blogging about What’s Wrong With the World. So here’s a taste of something else. About a month ago, I had what I believe was a ransomware attack on my home infrastructure. I want to lay out what happened and what I have done about it since. Preparation One of the main elements of my computing environment here had been a QNap TS-451, running the current version of … Continue reading “IoT Attack, Incident Response”

Posted on 2019-08-11Categories Basics 1 Comment on Honesty


Wouldn’t it be good if all applications and websites let you know this? Because it’s true for almost all. Password storage is where many companies do not do all the right things, and do not do all the things right. There are many ways to mess it up and you only need one miss to enable someone who can steal the data to know all the passwords their users use. It doesn’t have to be that way. And it doesn’t … Continue reading “Honesty”

Posted on 2019-06-162019-06-16Categories Privacy 3 Comments on Risk Analysis at the AT&T Store

Risk Analysis at the AT&T Store

Smartphone shopping. More fun than a root canal, isn’t it? I needed a new phone to bring to my employer’s BYOD program. I decided not to use my personal phone number with that, so my existing device was not under consideration. Also our BYOD program puts the device I bring onto the AT&T network, and my existing account with Google Fi would have to be dropped. For a wide variety of reasons, including my ability to have text-message conversations from … Continue reading “Risk Analysis at the AT&T Store”

Posted on 2019-05-192019-05-19Categories Breaches and Other News 1 Comment on Over/Under


Starting Friday, Salesforce.Com had a fifteen-hour outage due to their having to “pull the plug” after a script went rogue and gave all comers full access to the database. Anyone logged in could do anything to anyone’s data. Not cool. Restricting access was the right thing to do. The interesting question in my mind is how people will evaluate this incident as it relates to their future judgment on the safety of SaaS platforms like Salesforce. I think people will … Continue reading “Over/Under”

Posted on 2019-04-012019-04-01Categories Basics 1 Comment on Lessons


What’s old will be new again.  Or, as in the old Jewish proverb: “Who is wise? One who learns from every person.“ My next infosec conference talk will be at the ISACA Western New York Controls & Compliance conference, on May 7.  Lessons from the Orange Book will be a talk about how the “old” first principles of computer security still apply in the era of the Cloud and IoT. After I deliver the talk I will blog a summary … Continue reading “Lessons”

Posted on 2019-03-242019-03-24Categories Basics 1 Comment on So That Was BSides

So That Was BSides

As cool as it was being at BSides Rochester yesterday, because of my role in it I did not get to attend any of the talks! Lucky for me, almost all the talks are now or will soon be online! See the whole raft of videos here. And then there’s #hatchan. It’s not just a hat, it’s an institution. It’s a WiFi hotspot. It’s a server. It’s hackable. At the end of the day, when he shut it down, there … Continue reading “So That Was BSides”

Posted on 2019-02-102019-02-10Categories Encryption, Malware 1 Comment on Ransomware


You have probably seen news of businesses and institutions being attacked by ransomware, and having to pay tens of thousands of dollars to get rid of it. Names like CryptoLocker, Fusob and WannaCry have floated by. But, what is ransomware? How does it work? How can I avoid being stung? Simply defined, ransomware is a specific type of malware that denies its victims the use of their data until a ransom is paid. Ransomware attacks typically operate as follows: The … Continue reading “Ransomware”

Posted on 2018-12-282019-01-02Categories Malware, Privacy 1 Comment on Ads Just Keep Getting Worse

Ads Just Keep Getting Worse

“Relevant” is the ad industry’s current excuse for all the spying, tracking and intruding on our lives that they are currently tormenting us with. They “need” to suck down every aspect of our personal lives and habits and idle thoughts… so they can show us better sneaker ads. Sneaker ads that creepily show up the minute we register to run in a 5K. Or walk past a Foot Locker. This is why I block all ads, everywhere on the Internet. … Continue reading “Ads Just Keep Getting Worse”

Posted on 2018-12-042018-12-04Categories Privacy 1 Comment on Breaches


Ah yes, breaches.  Not really a much better movie, I’m afraid, yet we keep seeing it over and over.  Big splashy headlines touting eye-popping numbers, followed by unsolicited offers of credit monitoring from companies who are really, really hoping their arbitration clauses hold up. They do seem to arrive in clusters, also.  The latest one-two punch is Marriott, then Quora.  Marriott managed to get hacked and then not detect it for four years, finally now disclosing that half a billion-with-a-B guest … Continue reading “Breaches”