security

How do you conduct yourself as a security professional?

Dave Farquhar security

At a recent job interview, the CISO asked me a really good question that I wish more people would ask.

He asked me how I conduct myself as a security professional when dealing with the rest of IT.

Read more

Work-life integration vs. work-life balance

Dave Farquhar Health, security

I wanted to bring up another subtopic from Dr. Ellen Langer’s interview on the Social Engineer podcast: work-life integration. It’s important to consider work-life integration vs. work-life balance.

Dr. Langer stated that work-life balance is inherently unhealthy, because the idea creates a notion that you have to be one person at home and a completely different person at work. She didn’t put it this bluntly, but essentially it means living a lie at least part of the time. She did say nobody should want to live life like that.

Read more

Why security pros still fly

Dave Farquhar security ,

Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.

When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.

Read more

Windows XP isn’t just a Navy problem

Dave Farquhar security , , ,

I’ve heard enough scoffing over the past few days over the Navy re-upping its contract for paid support for Windows XP to last a lifetime.

But it’s not just a Navy problem, and it’s not necessarily as bad of a problem as it sounds. Necessarily.

Read more

Nostalgia can make you younger

Dave Farquhar Health, Music, Retro Computing, security , , , , , ,

This month’s Social Engineer podcast featured psychology professor Dr. Ellen Langer, whose specialty is mindfulness. Dr. Langer brought up a lot of important things, including the idea of work-life integration rather than the more difficult work-life balance, but another thing she briefly touched on really resonated with me. She brought up a study, originally done in the late 1970s, where a group of 80-somethings were immersed in 1959 for a week. At the end of the week, they didn’t act like 80-somethings anymore. It seems nostalgia can make you younger.

That got me thinking about the power of nostalgia.

Read more

How to make your online banking more secure

Dave Farquhar security , , , ,

If you want to make your online banking more secure, I have a tip for you.

Due to the increasing amount of malware targeting bank accounts, it’s not a bad idea to dedicate a computer to online banking and only online banking. Of course, who wants to dedicate an expensive computer to that task?

You don’t have to. You can buy a $120 refurbished Chromebook to use. If you don’t want to spend any money but have a seldom-used computer still hanging around that isn’t good for much, load Linux Mint on it and use it exclusively for banking. My experience with Mint on an old netbook has been rather good. Linux Mint is, if anything, easier to get up and running than Windows.

Read more

Final thoughts on the Houston Astros’ database

Dave Farquhar Baseball, security , ,

One of my college buddies (Hi Christian!) shared my previous post on Facebook, pointing out that I’m a long-suffering Royals fan in Cardinals country, and adding that what I said was balanced and dispassionate.

I’m normally anything but dispassionate. But in this case, it’s not a baseball matter–it’s a business matter, and neither my employer nor any past employer is involved, so it’s easy to be detached and dispassionate. I guess you can say my take on hacking has changed. I was going to say “evolved,” but “changed” is more dispassionate.

Read more

What I would have done to secure the Astros’ database

Dave Farquhar Baseball, security , , , , ,

The now-infamous breached Houston Astros database sounds like a classic case of what security professionals call Shadow IT: a project that the business needs, done without adequate involvement from security and, most likely, from the IT department as well.

These kinds of things happen a lot. A go-getter implements it, cutting through red tape to get a useful project done in record time, and it’s great until something goes wrong.

In this case, “wrong” meant a competitor got into the database and stole trade secrets.

Read more

Minor-League hacking in the MLB

Dave Farquhar Baseball, security , , , , , ,

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Read more

Why someone would hack a WordPress account

Dave Farquhar security, Wordpress ,

I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.

If you have a WordPress blog, you’re probably in a similar situation.

Read more