Jason A Lindsley

I agree that Tesla should continue to improve their application security, but I believe that the weakest link in this scenario (and most) is the user. It is difficult for app developers to develop apps that are secure enough to protect a completely compromised device.

It’s really disappointing that Facebook and LinkedIn could be vulnerable to such a common form of malware, putting millions and millions of users potentially at risk. I could be more sympathetic to a zero day vulnerability, but Locky is a very common form of malware that should be recognized by these social media giants.

This product sounds promising. I think it is only a matter of time until we are no longer relying on passwords and we are primarily leveraging biometrics and tokens. Someday I imagine our kids or grandkids will say “What’s a password?”

It will be especially interesting how Trump handles cybersecurity when it comes to regulating private industry. Trump has said he will make it a priority to deregulate private industry, however there are proposals on the table to further regulate cybersecurity associated with US critical infrastructure (e.g. financial and energy industries). I…[Read more]

The OverSight security product sounds really interesting. I think I’ll check it out.

I agree that it is invasive that the app is recording you even when you haven’t prompted it to. Thankfully this data was not transferring the data anywhere. I use SoundHound. Hopefully they are not recording me!

Wow – this team walked away with half of a million dollars just to ethically hack systems. It sounds like we are in the right field!

It also amazes me that Google and Microsoft rolled out these products that were hacked so easily. I wouldn’t be surprised if they try to hire some of these experts internally.

Interesting article Ahmed. It amazes me that anyone on the network could gain control of these IoT devices. Authentication should have been a core requirement in the preliminary design and architecture of the system. What is even more concerning is that these are well know brands. I’m glad they have addressed these flaws through firmware…[Read more]

Well at least China’s “state-run press agency” thinks this is a good idea. Of course they publish that these laws will protect the information of Chinese internet users and reduce fraud.

Our company does the same thing Ahmed and it is very effective. We have seen the click rates on these phishing simulations decline significantly over the past several rounds of these exercises. We also have effective phishing take down capabilities that help to identify fake sites impersonating our company and trying to trick our customers.…[Read more]

Interesting articles Bilaal. It’s very concerning that so many security products are becoming subject to these vulnerabilities and exploits, especially when we find out that they’ve been exploited for many years. It really shows the importance of secure product development (on the vendor side) and due diligence in software selection (on the…[Read more]

Interesting article and a good reason to use SHA-2 (e.g. 512 bit) for hash functions. MD5 could result in the use of fake SSL certificates and files sent with MD5 hash signatures could have their integrity compromised.

Thanks for sharing this Brent. Let’s sign this student up for the ITACS program!

Hopefully this student’s efforts and the recent attacks on campus are a good reminder of the importance of strong physical security measures on campus.

The article says that “Mirai basically searches for telnet protocol availability,” I was curious what tests I could perform to determine if my environment was vulnerable. One resource I found was ShieldsUP! Have any of you used this to scan your ports and security?

https://www.grc.com/x/ne.dll?rh1dkyd2

Thanks for sharing Scott. I updated to iOS 10.1 yesterday. Glad to see that this was addressed in that update. It’s interesting that mobile malware following the same trajectory of desktop malware and is starting to mature. I think a lot of this is due to nation state actor investments in these activities and subsequently leaking their efforts…[Read more]

Cool follow-up post Bilaal. I am amazed at how easy it is to

I do see one silver-lining out of this whole ordeal – ISPs are cleaning-up how they monitor traffic (e.g. an IP camera has no business sending traffic to a blog!).

I’m actually in the middle of watching an interesting Youtube video by Eli the Computer guy on IoT security in the…[Read more]