Do you force your users to take security awareness modules once a year on generic security topics. Do you feel like it is making the impact you are expecting? We all know that security is everyone’s responsibility and to be successful everyone needs to play their part. Unfortunately, we don’t do a great job of really defining how security fits within each person’s area. Instead, we force generic phishing simulations and then assign annual awareness training modules. Modules that … [Read more...] about Security Awareness: Beyond Typical Training
security awareness
HTTPS Isn’t Just For Sensitive Info
When we think about HTTP vs. HTTPS, we often focus on the risk to sensitive information. HTTP transmits our data in clear-text, while HTTPS encrypts the data to stop people from snooping. But that is not all that HTTPS does. What about tampering? One of the other key aspects of HTTPS is to protect our communication with the server from tampering. In this case, we would be concerned with someone being able to manipulate the responses that are sent back to the user's browser. While no sensitive … [Read more...] about HTTPS Isn’t Just For Sensitive Info
Don’t Shift Left, Expand
The last few years the biggest buzzword was shifting left. You have seen it everywhere. The concept is pretty simple when you think about the evolution of application security. We started out with a huge focus on penetration testing and providing a report back to the development team. The majority of organizations didn't have application security teams, and if they did, they were usually pretty small and limited in function. This method of app security was easy because it was in a time where … [Read more...] about Don’t Shift Left, Expand
Phishing With QR Codes?
I think all of us are aware of what phishing is. It is basically the use of an email to target a victim. This is a form of social engineering where the attacker wants to get something from the target. The two most common attacks with this are: - Download or open an attachment that is malicious. - Click a link that redirects the user to a malicious site. This often leads to trying to trick the user into entering their credentials. There is a fairly new tactic that is becoming more popular that … [Read more...] about Phishing With QR Codes?
How Can I Find The Version of Serv-U FTP on Custom Branded Login?
It is possible to put a custom login page up for the Serv-U login screen. When this happens, the page is most likely not displaying the version number. One way that may help identify the version is to visit the Mobile login page at /Web Client/Mobile/MLogin.htm. Why is this important? When performing external security scans with tools like Nessus, it may report that the version of Serv-U is incorrect. Finding the version number is important in identifying potential false positives. … [Read more...] about How Can I Find The Version of Serv-U FTP on Custom Branded Login?
What is the difference between encryption and hashing?
Encryption is a reversible process, whereas hashing is one-way only. Data that has been encrypted can be decrypted back to the original value. Data that has been hashed cannot be transformed back to its original value. Encryption is used to protect sensitive information like Social Security Numbers, credit card numbers or other sensitive information that may need to be accessed at some point. Hashing is used to create data signatures or comparison only features. For example, user passwords … [Read more...] about What is the difference between encryption and hashing?