Solutionary Security Stories
Jon Heimerl is a senior security strategist at Solutionary and a regular contributing author at SecurityWeek.Com. Jon, a graduate of the University of Wisconsin who majored in Management Information Systems and Computer Science, has 29 years experience in security and security programs. He found his first security job, after answering an ad in the Washington Post, working for the CIA. The job market for new graduates in the computer science industry was tight and his one other job option, straight out of college, was with Allstate Insurance. He is happy with his decision to take the job with the CIA.
How did you get started with IT security? What interested you?
I was a senior when my high school got a TRS-80 computer and a timesharing terminal from a nearby university. I thought it was awesome... read more >
This time of year, I like to have a little fun with my blogs. A couple of years ago, I blogged about how Santa Claus is similar to a managed security services provider (MSSP). Can’t you picture the jolly ole elf up at the North Pole, supervising his SOC (security operations center) and a team of elfin information security analysts?
The other day, Solutionary Security Engineering Research Team (SERT) director of research, Rob Kraus and I were joking around about what popular holiday songs could be twisted a bit to have IT security meanings. We came up with a few we liked together, and I added several of my own as well. We hope you’ll be singing these as you go about your jobs during the holiday season.
Malware is Coming to Town
Making a list and checking it twice
Gonna find out if... read more >
It seems like every time a data breach is announced, it is larger and larger, and impacts more and more people than the last. This week’s Web-stopping news revolved, and is continuing to evolve, around the Target data breach that affects upwards of 40 million credit and debit card account holders that purchased in-store items between November 27 and December 15, 2013. Brian Krebs reported that “there are no indications at this time that the breach affected customers who shopped at Target’s online stores…” and that the data taken could allow the thieves to create their own credit cards with the stolen data, to shop online or to create their own credit cards.
Clearly, this could have a major impact on any shoppers that made purchases during the previously-mentioned two-week period. Jon Heimerl, senior security strategist at... read more >
Watch What You are Doing, or Somone Else Will...
Upon reaching the appropriate altitude, the flight attendant for one of my recent flights announced “the use of electronic devices and Wi-Fi services is now permitted.” Almost immediately, the woman in seat 19A (in front and to the left of me) opened her laptop. The surrounding darkness in the cabin accentuated the light through the small crack between the seats in front of me, making it hard not to take a peek. From what I could tell, she was a master Tetris player and had a very short attention span. Tetris, online shopping and Facebook were all merely time killers while waiting for a video to buffer. You see, up until this point, I had been watching an amazingly skilled game of Tetris, as well as a severely interrupted episode of “Game of Thrones.” It's what she did next that was most concerning to me.
While perusing Facebook, she came across a site which, in order to view, had asked for some seemingly basic info that many people will divulge... read more >
An Unfortunate Part of the Online World
Around this time of year, you may associate the term “bully” with the infamous Scut Farkus, the bully in the classic holiday movie “A Christmas Story.” The image of Scut and his toadie pal forcing little Ralphie, Flick and Schwartz to scream “uncle” in the schoolyard may come to mind.
Bullying, however, has moved out of the schoolyard and has gone where so many other aspects of life have gone, the Internet. Now “cyberbullying,” sadly, is a term that is part of our everyday vocabulary. Moreover, you don’t have to be a parent to be affected by this.
It’s safe to say that humans aren't the only ones browsing the Web. Unfortunately, it's been that way for some time. There were several articles this week that captured a study by Incapsula, which revealed that an astounding 61.5 percent of Web traffic is controlled by bots, not humans. In this study, nearly 1.5 billion bot visits were observed over a 90-day period from around the globe. The findings were then compared to those from 2012.
You, or the bot reading this blog, might be wondering how these numbers stack up against last year’s. Well, bot traffic is up more than 10 percent from last March. Fortunately, the vast majority of the newly reported traffic is “good” bot activity, such as SEO crawlers and Web performance tools. CNet’s... read more >
In October, I wrote about Android permissions, and, based on its permissions, how to understand what an application may be doing. This month we will continue to explore some of the inner workings of the devious Android app, specifically, diving in to the realm of contact list access permissions.
I know, contacts are BORING, right? Maybe you will worry when an app tries to send a text message or connect to the Internet. Some of you may be thinking, “big deal, I am not a secret agent, celebrity or diplomat, who would want my contact list?” Well, you may not be a big deal in that respect, but you are important. And chances are that your friends and contacts are important to you. Would you want your contact list available to a complete stranger? Perhaps, someone who does not have the best intentions? You may not be a target, but rather the... read more >