Almost 20 million records exposed in breach affecting Quest and LabCorp

Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]

Pen tests and baby pictures

I had a conversation a few days ago that highlighted an interesting similarity between offensive security and, oddly enough, baby pictures. The conversation was with a photographer who worked extensively with families (family portraits, baby pictures, etc.). The photographer mentioned that they offer a package for parents to get pictures of their babies at newborn, […]

The Cyber Defense Certainty Act, Active Defense or Hacking Back?

The Active Cyber Defense Certainty Act seeks to “…provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes“. The [draft] bill seems well intentioned but overly ambiguous, leaving a lot of room for abuse (and for other purposes […]

A top-down approach to cyber security will not work, and here’s why

Recent computer / network security breaches combined with the fact that it’s an election year in the US has led to asignificant amount of focus on [information] security and technology and interesting responses from [mostly] politicians on what the appropriate solution should be. One of the solutions that I have heard tossed about in the […]