In God We Trust, but Security Vendors Need to Sign the Papers

December 26th, 2011

By: Lisa Vaas
Filed under: Anonymous, Data loss, Hacktivism, Law & order, Malware, Vulnerability
Tagged with: infosec, security, vendor management

If Anonymous, LulzSec et al. can pwn security vendors, who can protect us? Here’s help on how to rate security vendors on the sitting-duck scale.

In this two-part look at how to vet security vendors, my first article—In God We Trust, but Security Vendors Need to Sign the Papers—focuses on assessing a vendor. This is done at arm’s length by simple online research as well as by holding security vendors accountable for not living up to various agreed-upon levels of service, similar to what’s being done increasingly by the industries Veracode notes.

The second article, In God We Trust, but It’s Nice to Do a Physical Walk-Through on Security Vendors, features input from Infosec professionals on what to watch for if you can conduct an on-site visit to a security vendor.

Is Klout stalking your kids?

November 2nd, 2011

By: Lisa Vaas
Filed under: Klout, Privacy, Security, social networks
Tagged with: Klout, Lisa Vaas, NakedSecurity, privacy, security, social networks

One parent finds that, thanks to a lack of reliance on opt-in for Klout and Facebook’s Byzantine new platform rules, her son has been accorded a Klout profile without intent nor desire. It could easily happen to your kids, too. Read the story on NakedSecurity.

Thanks for Sharing

October 22nd, 2011

By: Lisa Vaas
Filed under: Uncategorized
Tagged with: cats as entrees, email, HPIO, phishing, privacy, security, social engineering, social media

Well of course we’re sharing too much on social media. The cat’s out of the bag, and it’s being served with a nice cat demi-glace. Herein, some suggestions from the infosec crowd on how to keep your and/or your organization’s little privacy kittens from being sadly easy to find and to use as phishing bait. Read the story at HP Input/Output.

Crowd-sourcing mischief on Google Maps leads customers astray

September 7th, 2011

By: Lisa Vaas
Filed under: Security, social networks
Tagged with: Google, Lisa Vaas, Naked Security, security, social networks, Sophos, spam

As if we weren’t already a drifting, confused mob of smartphone-jabbing zombies already, Google has presented a new way to baffle business customers. Read the story on #Naked Security. #social networks #spam #security

WikiLeaks Exposes Thousands of Sources In Written-Password SNAFU

September 2nd, 2011

By: Lisa Vaas
Filed under: Security, Technology, WikiLeaks
Tagged with: Assange, data security, Lisa Vaas, security, WikiLeaks

The cone of silence over WikiLeaks’ thousands of sources—many of whose lives are at risk if identified—has been shattered, all thanks to the most mundane, all-too-human security screwup imaginable. To wit: WikiLeaks founder Julian Assange wrote down the password on a piece of paper. Let us hope that this carelessness, this breathtaking lapse in security hygiene, leads to no loss of life. Read the story on Naked Security.

Safest Career Choices for Developers (If You Don’t Want Your Job To Go Away)

February 19th, 2011

By: Lisa Vaas
Filed under: Hiring, Job Hunt Science, Software development, Software Development, Technology, Uncategorized
Tagged with: .NET, Android, ASP.NET, cloud computing, Database management, developer jobs, Dice, Dice.com, Don Berbary, Elliott Martimbeau, iPad development, iPhone development, J2EE, Java, Java EE, Learning Tree, Lisa Vaas, mobile development, network security, Objective C, Oracle, project management, Sapphire Technologies, security, SharePoint, software development, Software Quality Connection, technology jobs, The Hackett Group, Tom Silver, Visual Designer

Mobile development’s the way to move. Nor will you starve if you’re picking up Java or Objective C. Check out the full story on the new Software Quality Connection site—is lovely, ya? Ya!

DirectAccess and the VPN Dragon

December 30th, 2009

By: Lisa Vaas
Filed under: Security, Windows 7
Tagged with: DirectAccess, IPv6, IT Expert Voice, Lisa Vaas, LOPSA, Microsoft, Mobility, security, virtual private network, VPN, Windows 7

Windows 7’s DirectAccess is a win for users: convenient network access, no virtual private network needed. But it’s a stickier prospect vis-a-vis security and administration. For this IT Expert Voice article, I got input from LOPSA, an early Windows 7 user and Sophos’ Chester Wisniewski. Check out the full article here.

Purveyor of High-Quality Verbiage

technology, information security, careers, technology careers, science, bees, neuroanatomy, and many etceteras

Blog Archives

In God We Trust, but Security Vendors Need to Sign the Papers

WikiLeaks Exposes Thousands of Sources In Written-Password SNAFU

DirectAccess and the VPN Dragon