CarmeloWalsh[.]com

Are You Being Tracked?

Posted on July 12, 2016 by Carmelo

Posted in Security Blog | Tagged 2016, lol, pokemon go | Comments Off

Jaime and I got the boat, Poseidon’s Raft, back up and running smoothly. We had to clean it pretty good as it sat for two years since the last time we used it. I loved getting back out to the lake and having a nice relaxing time with Damien and Jaime.

Posted in Boating, life | Tagged Carmelo, Damien, Jaime, Lake Pleasant | Comments Off

Top 5 CyberThreats of 2016 To Attack or Defend Against

Posted on July 8, 2016 by Carmelo

Depending on what color hat you wear, here are the top cyberthreats that most companies face, according to research.

5. Cross Site Scripting or XSS

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

A great tutorial website on using XSS for the n00bs can be found here.

The OWASP (Open Web Application Security Project) has an XSS Prevention sheet found here.

4. SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

A tutorial on performing SQL Injection can be found here.

To prevent SQL Injection on your web based applications or websites can be found here.

3. Social Engineering

Simply put, the application of sociological principles to specific social problems. Principles such as fear, confidence, authority… All behavioral characteristics that can be exploited through a multitude of attacks.

Everyone is susceptible to social engineering attacks, from the most advanced IT Administrators, to CEOs, to the janitorial staff. Attacks come in through fake websites, phishing attacks, plain old mail, phone calls, and impersonation.

Learning how social engineering attacks are performed are both the attack and the defense. Here is a website regarding both.

2. APT

An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.

Thoroughly covering the basics of information security is the best way to combat casual APT, adding second and third layers of defense (defense in depth) help protect and give intelligence to guardians of the data, as you can read here.

1. Insider Threats

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.

Here is a fantastic write up on personnel risk/security assessments and something that really intrigues me to further dive into.

Posted in Security Blog | Tagged 2016, advanced persistent threat, application security, APT, behavioral, cross site scripting, cyber risk, hackers, information security, insider threats, personnel risk assessment, pra, Security Awareness, social engineering, sql injection, top 5, xss | Comments Off

Virginia, Maryland, and Washington DC

Posted on June 15, 2016 by Carmelo

I attended a conference, the Gartner Security and Risk Management conference at National Harbor in Maryland. I have to say, this conference is just better quality than the RSA conference that I attended in March in San Francisco. Little did I know other than right after checking into my hotel, that I had a lot of friends nearby!

I was able to visit my Marine brother, Bismarck, whom I haven’t seen since 1996, and one my groomsmen and Marine brother, John, whom I went to bootcamp with back in 1992, and I haven’t seen since right after my wedding in 2011.

Walking to the plane, leaving on a Sunday

This was just interesting to see, sitting there in the airport.

Our hotel, it was a little different, the entrance was behind the building.

Bismarck and I, after twenty years!

Dropping me off, we had a great time!

His is my office set up in the hotel.

The conference, though it has a funny name to me, was really fantastic and beautiful. It was large and there was refreshments everywhere. Every seat to rest in had power to recharge devices.

Cole and I with our passes.

I was able to get a run in, that was nice. Ran up to Cameron Run.

Cool view from the bridge

Gotta run back to the hotel which is quite far from here.

Post-run selfie!

I caught a glimpse of the Marine Corps Museum on my way to visit John. Wish I had time to go see it

Spent the afternoon and evening with John and his family

Beautiful place and wonderful company. Love being treated like family by my friends.

Kins has gotten so big from the last time I saw her.

Kellan has turned into a young man

Just outside of the Marine Corps museum on the way back to the hotel, we went to check to see if it was open.. It wasn’t

There wasn’t any Ubers anywhere around when I needed to go home so John gave me a ride!

This is the Gaylord convention center in Maryland where the Gartner conference is.

Colin Powell was the keynote speaker and gave a great speech on leadership

Cole and I met up with Jesse, we seem to sync up at all conferences

I finally got to see the Washington memorial

The World War II memorial

The middle of the reflecting pool

The middle of the reflecting pool

The Lincoln memorial

Korean War Veterans memorial

Vietnam Veterans memorial

The White House

Thomas Jefferson memorial

Posted in life | Comments Off

Gartner Security and Risk Management Summit: Day 2

Posted on June 14, 2016 by Carmelo

Keynote Speaker Colin Powell
Biography link here

Posted in Security Blog | Tagged #gartnersec, 2016, Gartner, risk, risk analysis, risk management, security, Security Awareness | Comments Off

Gartner Security and Risk Management Summit: Day 1

Posted on June 13, 2016 by Carmelo

We arrived into town (Alexandria VA) yesterday and I have been crazy busy since. I hadn’t realized how many friends and how much family I have on this side of the world! So with the already busy conference schedule, I had to make time to visit them too.

Cole and I

The venue is very classy

This makes me think of a paper based Intranet for those who don’t have time to surf for information but would like it for later reference

This guy’s presentation and speech regarding Governance was great!

Governance Recommendations

Ha! Trick Question!

Assumptions

From another presentation today!

Dr. Larry Ponemon was on the line over Skype and had a very recent survey.

What’s the most likely cause of data breaches? Survey Says!!

Greatest Risks

The place was packed for lunch, and it was a good lunch!

Tracy and I, one of the Security Awareness Company people I had the pleasure of meeting at the RSA conference.

Posted in Security Blog | Tagged #gartnersec, 2016, Gartner, risk, risk analysis, risk management, security, Security Awareness | Comments Off

Locking Down Your Ports

Posted on June 9, 2016 by Carmelo

Well… that’s one way to lock down your ports!

Posted in Security Blog | Tagged lol, port security | Comments Off

Mark Zuckerberg’s Accounts Compromised

Posted on June 7, 2016 by Carmelo

Facebook founder, Mark ‘Zuck’ had his Twitter and Pinterest accounts compromised after the LinkedIn data breach that happened back in 2012, through the recent sale of the emerged data.

It’s proof positive that one must diversify usernames and passwords, close accounts that are not in use, and change your passwords more often than you probably do now!

Phoenix Comicon 2016

Posted on June 6, 2016 by Carmelo

We had a blast at the Phoenix Comicon this year! Saw family, friends, and coworkers out there; as well as some cosplayers we keep running into at these events. It’s a great time!