Monday, January 25, 2016

On the Subject of Database Encryption


Hey everyone - In my last post, I mentioned that there are different ways to encrypt data that you want to store in the database.  I wanted to expand upon that a bit with a few examples and some considerations when storing data in a database.

Monday, January 18, 2016

On The Subject of The State of Apathy (and Protecting Data)

Hey everyone - I stumbled across an article about a recent breach that I am surprised that I have not heard much about.  Apparently, millions of U.S. voter registration records were leaked.  Even though this story is about a month old, I think it is a good opportunity to talk about why this matters.

Monday, January 11, 2016

On the Topic of Anti-Virus Software

Hey everyone - I spend some of my spare time reading articles about information security and browsing /r/netsec.  Lately in /r/netsec, there have been a few posts about issues with anti-virus software that weakens the security posture of the machine it is installed on.  Some of the comments on those posts say not to use any of these products at all.  Rather, the best preventative measure is "common sense."  Let's talk about it.

Monday, January 4, 2016

Maybe the Triad Needs a New Member?

Hey everyone - I hope you had a safe and happy new year.  A lot happened in 2015: breaches, greater visibility into some APTs, and more breaches.  The events of 2015 will likely cause ripple effects into 2016, and perhaps beyond.  The cat and mouse game of defender versus adversary will likely continue.  I think what will be an interesting factor is mainstream awareness.  This post is not about information security awareness amongst the masses, but seeing as it is a new year, I wanted to touch on this a bit because there is a lot of talk about 2016 might bring.

With breaches affecting so many people nowadays between health insurers, retailers, and anyone else that deals in information that someone else would want, it seems that more people realize how much of their information is out there for the taking.  I see it going one of two ways: breaches will become so common that they are no longer news (which may already be happening), or people will push for change when it comes to keeping their information secure.  That could mean that people take it into their own hands by taking proactive steps to keep their data safe (which is not trivial, and some might say impossible to do one hundred percent).

It will be interesting to see what happens.

I want to switch gears now to talk about something along this vein, but it is a topic that might be somewhat controversial.