Our personal financial identities are exposed, and we’re mad. A sick, visceral, exhausted anger that hits us in the pit of our stomachs and makes us feel powerless. People are understandably furious about the Equifax breach- to a degree that makes it tough to have a rational discussion about what happened. Unfortunately for information security… Read More Whose Fault Is It? (A brief discussion on misconceptions about Equifax)
I commissioned the very talented artist Bryan Ward to make a good quality version of my previous credit card security infographic. This is meant as a tool to educate and inform people who post photos of their credit cards on the internet, and you may link to or repost it accordingly. Please give credit and… Read More Credit Card Security Infographic
NotPetya may not have been the most sophisticated malware ever written. However, it was exceptionally effective due to the authors’ savvy exploitation of common security misconceptions and their deep understanding of poor security architecture. I want to briefly express my personal thoughts on why I found NotPetya particularly concerning and a bad omen for things… Read More Why NotPetya Kept Me Awake (& You Should Worry Too)
A common practice of researchers studying a piece of malware is to seize control of its malicious command and control domains, then redirect traffic to them to benign research servers for analysis and victim notification. I always highly recommend monitoring for traffic to these sinkholes – it is frequently indicative of infection. I’ve found no… Read More Consolidated Malware Sinkhole List
So, you love to hack, and you’re going to get that dream job in infosec! Except, now what? A wide array of certification firms and colleges are willing to sell you an infosec program, with shiny advertisements and clever sales pitches. Unfortunately, college is massively expensive in the US, and the learning environment isn’t great… Read More College and Infosec: To Degree or not to Degree?
A number of people have asked about what I carry at a typical hacking con. In the blog below, I provide a brief overview. This article isn’t meant to be an endorsement and was in no way sponsored. Use what works for you, but I have included links for things when I can remember where… Read More What’s in my (Hacking Con) bag?
I was sent some very challenging scenarios this week, from entry level remote work to anonymity. As always, submit your problems here! Hi Lesley, I’ll add a little background before my question I’ve always wanted to break into the infosec industry as I love tinkering and figuring out how things work. I managed to… Read More Ask Lesley InfoSec Advice Column: 2017-04-26
This week, I address some burning questions about education and training. As always, submit your problems here! Dear Lesley, Let’s cut to the chase. I hate coding. I don’t enjoy building things from scratch. I do, however, love taking things apart, and would probably be able to learn to code if I started in… Read More Ask Lesley InfoSec Advice Column: 2017-03-16
Much like open offices and outsourcing in business, information security is subject to trends. One you probably saw in your vendor spam folder over the past couple of years is phishing awareness exercises. The premise sounds simple – phish your employees before the bad guys do, monitor how they respond, and react accordingly. In reality,… Read More Phishing Exercises, without the “Ish”