UN Aviation Agency Attempted Coverup, Minimization Of 2016 Cyberattack

March 04, 2019 by Marc Handelman in Corruption, Security Governance, Security Incompetence

Another reason to not put significant trust in the United Nations.

"In an email to the ICAO, the Lockheed Martin cyberintelligence analyst described the attack as "a significant threat to the aviation industry." It had the characteristics of a "watering hole attack" that targets visitors to a website. The UN agency, working with 192 member states and industry groups, is responsible for setting international civil aviation standards, including for safety and security." - via PhysOrg

Webroot, The Latest SNAFU →

April 25, 2017 by Marc Handelman in All is Information, Security Failure, Information Security, Governance, Security Governance, Security Heal Thyself, Security Testing, Vulnerabilities, Vulnerability Research

Iain Thomson, writng at El Reg, reports on Webroot's latest SNAFU. I'll leave it to his illustrative prose to tell the tale.

Self-Healing Endpoint

March 21, 2017 by Marc Handelman in All is Information, Blatant Stupidity, Information Security, Right to Privacy, Security Failure, Security Governance, Security Heal Thyself, Security Opinion, Demise of Privacy

Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.

Shift →

March 09, 2015 by Marc Handelman in All is Information, Common Sense, Infosec Policy, Governance, Information Security, Security Education, Security Governance

Over One Billion Served →

February 17, 2015 by Marc Handelman in All is Information, Cybernetic Crime, Data Security, Database Security, Financial Security, Information Security, Must Read, Network Security, Security Failure, Security Governance, Bank Security, Social Engineering, Behavioral Security, APT, Persistent Threats, Moles

Suprised by the largest heist in history? Concerned about Carbanak APT? Clearly, proof-positive that advanced persistent threats are deeply evil - and highly efficient when coupled with other complimentary and stealth-like methodologies (aka Hiding in Plain Sight). Read on...

ENISA, Threat Landscape 2014 Analysis

February 03, 2015 by Marc Handelman in All is Information, Government, Information Security, Infosec Policy, Intelligence, National Security, Network Security, Security Governance, ENISA

ENISA, the European Union Agency for Network and Information Security has published the agency's yearly Threat Landscape Report 2014 [PDF, 3,335 KB) analysis. Today's' Must Read.

Government of Canada, Data From Canada Mandated To Remain In Canada →

February 02, 2015 by Marc Handelman in All is Information, Common Sense, Commerce, Compute Infrastructure, Data Loss Prevention, Cryptography, Database Security, Data Security, Encryption, Enterprise Management, Government, Information Security, Security Governance, Canada

Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).

Trust, Lack Thereof... →

December 29, 2014 by Marc Handelman in All is Information, Blatant Stupidity, Crime, Malware, Network Security, Racketeering, Sarcasm, Security Governance, Web Security, Security Failure

Information is Beautiful has created a diagrammatical tour de force, carving the litany of questionable security competence within the compromised companies, onto like-minded information security architects, engineers and researchers.

Read it and weep my friends...

Exactly →

December 02, 2014 by Marc Handelman in All is Information, Data Security, Database Security, Information Security, Infosec Policy, Security Governance, Data Classification

In a tour de force screed, published at InfosecIsland, Steve Martino, details exactly what is required for data classification to succeed, and the impact of that classification effort on an organization's information security posture. (Mr. Martino is CISCO Systems, Inc. (NasdaqGS: CSCO) CISO and VP of Information Security.)