Engineering Security
The United States Government Accountability Office (GAO) recently released a report on the 2017 Equifax data breach. The GAO report documents a number of shortcomings in Equifax’s infrastructure and can be used to identify lessons that should be learned.
Continue reading “Thoughts on the Equifax 2017 Breach Report”
Recent news stories highlight the danger of unwanted data exfiltration by popular applications. The use of apps is increasingly important across working environments; recognizing the potential threat that they pose and implementing appropriate safeguards tailored to organizational needs is critical.
Continue reading “Data in mysterious places – the subtle crisis of data harvesting apps”
“Hey, Mike, where can I find our current project calculation? Our client keeps asking questions … ”
“It’s in our team’s Box folder like all the previous versions. Wait a second, I’ll share the link with you!”
“Great! Maybe you can share that file directly with them? And please, add their purchasing department as well. You’ll find the contact in Salesforce.”
Continue reading “Cloud Security 101 – Do you already CASB?”
With mitmproxy, a ncurses-based tool to intercept HTTP(s) connections is available as Open Source Software. This blog post reflects a more advanced usage of mitmproxy and its scripting engine for modifying passing traffic automatically. We have chosen, the communication of a Continue reading “Intercepting Twofish-encrypted HTTP traffic with mitmproxy”
When individuals, companies, organizations, and governments register a domain, they are required to provide information to a domain registration company, called a registrar. This information usually includes their name, address, email address, phone number, administrative contact details (who has legal power and usually also who pays the bills), and technical contact details (who runs the infrastructure).1 Continue reading “The impact of GDPR on security research: A look at WHOIS”
Portable devices like smartphones and tablets have developed from being just single-purpose communication tools to becoming valuable assets in business infrastructures and in personal life. Smartphones have become the most important devices in consuming digital media, purchasing goods Continue reading “Mobile Threat Defense – trying to extend established Enterprise Mobility Management”