security

Sometimes, if you get a new device, or if you connect to a network you’ve never connected to, you can receive a message that says your Wi-Fi is not secure. Why does my wifi say not secure? Here’s why, and also why you shouldn’t ignore that message.

That message got your attention, didn’t it? It’s designed to get your attention. And it’s really easy to dismiss it as being alarmist. People have a tendency to either greatly overestimate or underestimate how much interest someone might have in attacking them. Especially if I tell you that the security that you’re getting a warning about has much more to do with privacy than it does with viruses. That message does not mean that this network is any more or less likely to infect you with a viruses.

But you need to do something about it when you see this message. First let me tell you why, then I will tell you what you need to do.

Read More »Why does my wifi say not secure?

Over the weekend of Nov 13, 2021, the FBI acknowledged unauthorized emails coming from a legitimate FBI email address to about 100,000 organizations warning them about ransomware. It appears to be the work of a self-styled white hat hacker, or security researcher.

I am a security professional. I am going to remind everyone that these are not the opinion of my current or any former employer. I have strong opinions on the, and those opinions are incredibly unpopular among security professionals. They may or may not agree with me privately, but agreeing with me publicly is not a great idea.

Read More »What motivated the FBI e-mail hacker

I hear the argument all the time that if you aren’t doing anything wrong, you don’t have to worry about privacy. So is data privacy important? I’ll tell you why it is.

There was a very vocal element of society that was very anti-data privacy until 2021. Once the COVID vaccine was released, suddenly they became very concerned about their privacy. I hope that element of society learned some empathy from this. How they felt about their privacy is how the rest of us feel when it comes to large corporations tracking our every move.

Read More »Is data privacy important?

What is ASM in security? ASM stands for attack surface management. It solves a real security problem. But it may not be the security problem that you think it solves, and it also doesn’t solve it as completely as it sounds like it may. Let’s talk about what ASM does and whether you might want it.

Read More »What is ASM in security?

In Australia, they have a national day called R U Ok. And one of my Australian coworkers used that as an opportunity to reach out to the rest of the company. We all thanked him. Mental health is a problem in the field of computer security, and IT as a whole, and we rarely talk about it. It’s time that we start. Let’s take the taboo out of mental health and infosec.

Read More »Mental health and infosec

Here’s a tough question that follows me wherever I go, as a vulnerability management practitioner. Can Qualys scan a mainframe? I’m going to answer that question in a way that proves I probably should run for office someday. It depends what you mean by “scan.” I’ll also hedge by saying the appropriate first word in that sentence is “should,” rather than “can.”

Read More »Can Qualys scan a mainframe?

A former coworker called me up the other day. He interviewed for a job and they asked him how to secure an API. Which reminded me of the many times people asked me how to scan an API with Qualys when I worked at Qualys. You’re certainly not going to give a complete answer in a job interview, and I’m not sure I can do much besides send you down the right path, but there are certainly some wrong answers to this. So let’s talk about how you secure an API.

Read More »How do you secure an API?