Policies. In theory they should be the backbone of any good information security program, but in reality few if any people actually read them and even fewer can understand what they mean. For ages we’ve been trying to solve this problem through education efforts, but maybe it’s time to look at how we construct policies in the first place and take a microservices approach to writing them?
I maintain a couple of blogs, one of which is the whiskey review site Thirty One Whiskey. That blog actually gets a good amount of traffic, and generates enough revenue from Google ads to (partially) fund my whiskey and cigar habits.
One problem that I had been running into was that the default code for Google’s AMP ads was breaking the formatting of my website on mobile devices. When rendered, the ad element was wider than the width of the page on mobile screens, so when you started to scroll, quite often the page would move to the left a bit and the text would start to be cut off.
Featured images are sometimes an afterthought. For older bloggers, featured images weren’t really a critical part of the web layout and often weren’t added to posts. And for newer bloggers, it’s just one more step that doesn’t seem necessary. But then there comes a point where you want a new theme that requires featured images to work, and now you have hundreds of posts without that featured image.
I like being able to keep an eye on everything that’s going on with the stuff I run. To that end I run a LibreNMS deployment in my house that monitors all my equipment, and I’v got a dashboard that gives me the vital statistics for everything I care about in one glance. One thing that has been sorely missing was a widget where I could see the stats for my WordPress sites, and I think I finally figured that out this week.
This past week I was excited to present a talk on the work I’m doing at Indeed, specifically the implementation of a risk based information security management program and the benefits both to security engineers and the business.
This past week I presented my talk “Learning from Failure: Tales of Incident Response Gone Wrong” at the 2019 SpiceWorld Conference in Austin, Texas. If you’re looking for the slides then I’ve got good news! They’re posted right here.
I use a MiniX Neo headless mini PC as a jumpbox into my home network. For the last couple years I had been running LogMeIn as the remote access client to connect back into the device, but with the recent pricing increase and lack of support for the iPad application I decided it was time to switch to TeamViewer. I knew that having an agent running on the device at all times would cause a performance hit, but I didn’t realize just how bad that hit would be.
UPDATE: This vulnerability has been assigned the Common Vulnerability and Exposure ID of CVE-2018-7698 by MITRE.
I’ve been testing out a beta version of an IDS (Intrusion Detection Sensor) that we’re planning to release sometime soon specifically for small businesses, tech savvy home users, and others. I currently have it running on my home network and the alerts I’ve been seeing have really made me much more aware of the potential risks we encounter every day. For example, a game my wife plays on her mobile phone has been triggering spyware and malware alerts thanks to the ads that constantly pop up.
Having all of your devices on a single subnet is easy and convenient. You can access network resources simply by using their hostname, and everything just works. But that kind of configuration also makes it easy for attackers to break into your systems and steal all of your critical data since there’s very little stopping them from jumping from one system to another.