Skip to main content

Posts

The enemies gate is down II

The enemy gate is down...in Security there is only one source of gravity. The health of the organization. In corporations that's revenue or improvements to process. That's the inherent complexity with working in security...you're actually working to enable the business.
Recent posts

Cash Rules everything around me

Cash rules everything around me CREAM, get the money Dollar dollar bill, y'all Cash rules everything around me CREAM, get the money Dollar dollar bill, y'all

January infosec Memes

Log4J Resources and memes

-Informational Posts: https://www.darkreading.com/dr-tech/what-to-do-while-waiting-for-the-log4ju-updates https://www.securityweek.com/companies-respond-log4shell-vulnerability-attacks-rise https://www.itworldcanada.com/article/it-could-take-years-for-applications-using-vulnerable-version-of-java-log4j-library-to-be-patched-says-expert/468238 https://www.helpnetsecurity.com/2021/12/13/log4shell-update-cve-2021-44228/ https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/ https://www.splunk.com/en_us/blog/security/log4shell-detecting-log4j-vulnerability-cve-2021-44228-continued.html -Blue team resources https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 https://github.com/cisagov/log4j-affected-db https://www.greynoise.io/blog/apache-log4j-vulnerability-CVE-2021-44228 -IP Tracking projects https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217 https://www.greynoise.io/viz/query/?gnql=tag

The enemy gate is down

if you're securing your organization what should be "down." Gravity is an undeniable force that contantly acts on objects. We can all agree on what "down" is on the planet earth... what is that concept for infosec?

Pirate on the wire

I was thinking about the best metaphor to speak about security and then it hit me...disregard the "security as it relates to a house" model and adopt the "security as it relates to the East India Trading Company. In the model our #hackers will be replaced with #pirates.I like this model because it allows us to distill business activitities and concerns to concepts that are more easily understood by non technical people but also gives us a great methaphor for the internet via the Ocean and the concept of ships sailing to distant shores. I think it's fitting to talk about complex orgnaization when talking about security. The individual components may vary but at the end of the day we are usually talking about something a little more dynamic than a house. You could also use the metaphor of security as it applies to a livign organism but I think that might become too abstract. So the security of an port in the Caribbean is easy to undertand. Islands can be

Learn (and remember) all the things!