The 50 Most Used Passwords!

Last week I helped a few friends with setting up a new website for their business and their associated email accounts for the domain. At one point in the process, one of them told me the password they wanted to use to access the site. Not shockingly, it was something rudimentary and simple. Despite more[…]

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones.[…]

The Next Big Security Concern: The Internet of things and harvesting your private conversations

People often ask what “the next big thing” around IT security will come about next. In years past we’ve seen the rise of “big data”, “the cloud”, “cybersecurity”, and so on – but what’s next? I personally think one of the biggest unsolved problems in tech is the security of the “internet of things”. The “internet of things”[…]

How to Fix the Lenovo Superfish Security Hole

By now, everyone who works in the realm of IT Security has heard of the Lenovo Superfish fiasco. Today, I’m going to give a moderately technical overview of Self Signed Root Certificates and how Superfish exploited them. After this post, each of you can check the Root Certificates installed on your systems and take action against anything[…]

Advice for Taking the CISA Exam

This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 percentile of fellow test takers! With the test passed and the experience still very fresh on my mind, I felt I should take the opportunity[…]

The Sony Hack – Security Failures and Solutions

The news cycle is a buzz with news of the Sony hack. As I learn more, I can only shake my head in disbelief at two things: 1. the lack of understanding of basic technology concepts and the lazy attempts to coherently explain how IT security and breaches actually work by the media, and 2.[…]

Payment Tokenization: the Future of Electronic Transactions

Credit card data is notoriously susceptible to theft (home depot and target). The problem stems from the use of a single set of data points to authenticate your card for payment. For example, when you visit a merchant or online retailer, a single number, expiration date and CVV (card verification code) are used again and again for all[…]

Network Security: Chinese Hackers, Google, and the NSA

It is a good idea to have a few anecdotes in your back pocket to put I.T. Security and the importance of I.T. Audit into context. This article by Shane Harris is a great place to start when it comes to understanding the depth and breadth of Chinese Hacking and protecting your company’s and your client’s data.[…]

Online Voting and IT Security

Some election officials are considering a method to allow voters to cast their votes via email. Hypothetically, this would allow voters to more easily cast their ballots and allow voters who are unable to make it to the polls (disabled or out-of-the-country, for example) to participate in the election process. Some cyber-security experts; however, believe this opens[…]