Collaborate Disseminate
There are things that I will rarely rarely rarely do in my life.
For example, changing my main email. Adding a new computer. One security feature that is pretty much full proof that I know is delay.
Basically, say I want to… Continue reading Is delay based features a good idea for security? [on hold]
Some solutions (eg. FireEye ISight) can provide a daily feed where they will mention each reported issue with it’s severity and priority. Usually those companies will do some basic research and look for exploits on the wild a… Continue reading How to calculate the priority and the severity of our daily cyber security intelligence threat feeds?
We have continuous cybersecurity threat feeds that coming to our SOC on a daily basis from different sources that provide all the new CVEs, new malware variations and more. We just don’t know how to handle these alerts in the… Continue reading How should we mitigate threats that are keep coming to our security monitoring system?
We experienced a very interesting phenomenon in the last 6 months and that is that some employees found and reported to our security teams few very crucial security issues. We were thinking about encouraging this type of beha… Continue reading How should we implement responsible discovery program internally only for our organization employees?
As someone who is naturally good at recognizing risk and who are striving to maintain a wholistic view on security, I’m wondering how to evaluate and reduce the risks of hardware accessories (I.e. charging plug-ins, Thunderbolt cables), sp… Continue reading How to mitigate the risks of using new, third party imported electronic accessories?
As the title says,
are the mitigations provided by EMET as effective when running in a virtual machine as they are when it’s running on a real PC ?
If not, why ?
[ I am actually running a Windows 7 virtual machine with EM… Continue reading Microsoft EMET : does it work if used in a virtual machine?
A new attack was discovered which allows cracking a WPA2 passphrase without needing to capture the 4-way handshake. While this doesn’t weaken the password itself, it does mean that an attacker can begin their cracking attempts without need… Continue reading Mitigating the new attack on WPA2 involving PMKID
I’m implementing client side OAuth and I’m worried about the following scenario.
There is application A registered with service B that is offering access to its user resources – authorized by OAuth (Confidential, Authorizati… Continue reading OAuth2 and linking resources of one owner to another person account
I’m looking for templates to use when threat modelling and test scripts. I’ve constructed my own templates but each time I threat model a new system there’s always more question which I haven’t considered before. I was wonder… Continue reading Threat model templates? [on hold]
Amazon Resource Names (ARNs) uniquely identify AWS resources. Amazon requires an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS… Continue reading What are the risks of placing Amazon Resource Names (ARNs) in VCS repositories?