Why You Should Secure Metadata Too

Posted on January 20, 2017 by Carmelo

Metadata is data about data. Some people don’t think that type of data is revealing. But it is!

Possibly NSFW below
.
.
.
.
.

Found online, someone was helping his sister move their mattress… That’s what I call an oops-find! Damn you memory foam!

Posted in Security Blog | Tagged , , , , | Comments Off on Why You Should Secure Metadata Too

Brilliant Video Showing The Anatomy of An Attack

Posted on January 19, 2017 by Carmelo

Cisco made a great video (4 minutes) that I honestly think everyone must see. It breaks down a complex ransomware attack. Picture this happening to your organization. Are you ready for it?

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Brilliant Video Showing The Anatomy of An Attack

The NIST CyberSecurity Framework

Posted on January 10, 2017 by Carmelo

According to Gartner, NIST says 30 percent of U.S. organizations used the framework in 2015, and it expects that percentage to grow to 50 percent by 2020.

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on The NIST CyberSecurity Framework

New Security Consulting Company Named ; DROP TABLE “COMPANIES”;– LTD

Posted on January 6, 2017 by Carmelo

There is a new security consulting company that has the amazingly funny name

; DROP TABLE “COMPANIES”;– LTD

Of course the first thing I think about is Exploits of a mom…
Little Bobby Tables

Posted in Security Blog | Tagged , , | Comments Off on New Security Consulting Company Named ; DROP TABLE “COMPANIES”;– LTD

Ransomware Decryption Key: Your Time Exchanged for Security Awareness

Posted on January 5, 2017 by Carmelo

In an odd twist, the Koolova ransomware will decrypt for the low price of reading two articles on ransomware… The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer’s Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article.

Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available.

You’ll most likely never run into this in the wild, it seems like a nice proof of concept and does extreme forced learning!

Posted in Security Blog | Tagged , , , , | Comments Off on Ransomware Decryption Key: Your Time Exchanged for Security Awareness

Is the C.I.A. Triad Old and Busted?

Posted on January 1, 2017 by Carmelo

Everyone knows that the CIA Triad stands for the Confidentiality, Integrity, and Availability of data, earlier in 2016 at a Gartner conference though, I ran across this. The CIAS model, which is improved to include the safety of people and environments. Keep that in mind as you plan out 2017 and beyond! Happy New Year!!!

 

CIA: Old Busted

 

CIAS: New Hotness (from a Gartner conference in 2016)

Posted in Security Blog | Tagged , | Comments Off on Is the C.I.A. Triad Old and Busted?

Auld Lang Syne

Posted on January 1, 2017 by Carmelo

Should auld acquaintance be forgot,
And never brought to mind?
Should auld acquaintance be forgot,
And days of auld lang syne?
And days of auld lang syne, my dear,
And days of auld lang syne.
Should auld acquaintance be forgot,
And days of auld lang syne?

Posted in life | Comments Off on Auld Lang Syne

Did Russia Hack the US Election?

Posted on December 31, 2016 by Carmelo

The information security community is abuzz about the DHS/FBI Joint Analysis Report which was published on December 29th, 2016. The report investigates if Russia interfered with the U.S. election process through hacks on the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton Campaign Chief John Podesta. All you need to know in the report is the first 3 pages.

The reporting is very lacking and more than half of it are actionable recommendations for future reference. It does reveal that the largest vulnerable attack target is the people, through spearphishing campaigns. I can almost guarantee that the majority of companies will have the take away that more money is needed in technical safeguards and not focus on the education of people to identify and report phishing attacks. Though it’s clearly identified that attackers were able to phish their targets, social engineer them to use a fraudulent password changing service to harvest credentials, the report does not list educating their staff as the number 1 mitigation strategy.

Did Russia do it? Quite possibly… Was it the Russian Federal Security Service? Not 100% sure.

Read more

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Did Russia Hack the US Election?

2016 in Review

Posted on December 30, 2016 by Carmelo

January

  • Double Funeral in Yuma for Uncle Forrest and Aunt Becky

February

  • Went to the Amazing Arizona Comicon
  • Went to the Renaissance Festival
  • Ran a Spartan Race with Damien
  • RSA Conference and met up with
    • Jack Jones
    • James Lynn
    • Charlie Miller and Chris Valasek
    • Rami Malek
  • Got to see old friends
    • Greg Fuse (Marine brother)
    • Visiting the Roses

March

  • I did a massive Enterprise Risk Assessment at work
  • Ukulele Serenade to Jaime
  • Damien’s wisdom teeth were finally pulled
  • Mom visiting for Easter
  • Viviana’s birthday (family get together)
  • Jaime’s Gall Bladder had to be removed

April

  • I took an Aspiring Leaders Development Class
  • Damien and I ran the Warrior Dash
  • I ran Pat’s Run
  • We attended Marc and Jolyn’s wedding
  • Spent the day at the Wildlife zoo with Family

May

  • RIP Jason Kossman (Marine brother)
  • Attended Jaime’s cousin, Julie and Tyler’s wedding in Yuma and spent time with the family
  • Damon Graduated high school!
  • Went to Walnut Creek
    • Visit the Roses
  • Jaime and I bought cars (cash!)

June

  • Cole and I went to the Gartner Summit in Washington DC (saw Colin Powell)
  • Washington mall
  • Visited Bismarck Lopez (Marine brother)
  • Visited John Rivera (Marine brother) and family

  • Knocked it out of the park at Comicon with our Venetian Carnivale themed Harlequin and Jester

July

  • Visited by Justin Neu (Marine brother) and family
  • Ukulele meetups begin and Jaime and I go
  • Cole, Earl, and I take NIST Cybersecurity Framework classes

August

  • Damien’s birthday (Big 2 oh!)
  • Lake Powell vacation with friends

September

  • Went to the Vegas PCI Conference

October

  • Walnut Creek X 2
    • Visited the Roses
  • Attended Phoenix Comicon Fanfest
  • Yoshi passed away :(

November

  • Bisbee Photographers Weekend
  • Rob passed away :( attended Rob’s Funeral

    • Friends get together
    • Morgan, Lorraine and Lawrence Greeff and Roxy
    • Glendale Glitters
  • Thanksgiving/Jaime’s birthday (family get together)

December

  • Attended the San Francisco CISO Summit
  • Auntie Gloria passed away :(
  • Victor’s birthday (family get together)
  • Jaime and I played in the Sam Ash Ukulele Concert
  • Jerell’s graduation (family get together)
  • Michigan for a “White” Christmas
  • 641.72 miles done in 2016, an additional 101.03 over last year’s :) but I gained 25 lbs due to eating too much! :(
Posted in life | Comments Off on 2016 in Review

Christmas in Michigan

Posted on December 25, 2016 by Carmelo

We had a great time in Michigan with the Michigan family for Christmas this year! The only thing that wasn’t pleasing was dealing with the airlines.

Posted in life | Comments Off on Christmas in Michigan