In December of 2011, Tripwire published a list of security’s top 25 influencers. More than three years later, we are pleased to announce a new list for 2015 -- The Infosec Avengers! For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec...

Ever heard the phrase 'Loose lips sink ships?' If an attacker (or anyone else) wants to know what’s going on in an organization, all they need to do is go to lunch. Hitting the popular restaurants and cafes around the target location is a no-risk method for gathering data. If two or more coworkers are together for any length of time it’s almost...

I was just reading an article about an FBI investigation of whether US banks are attacking their cyber attackers in an attempt to fight back. Along similar lines, we recently saw reports of Sony taking an offensive position by DDOS-ing sites hosting its content. The question of whether it makes sense to attack your cyber attackers isn't new—this has...

There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents. For example, the Chthonic malware designed to steal banking details, exploits a known Microsoft...

On any given day, my inbox is a flurry of activity that would make a January snow squall in Canada feel like a light breeze with the occasional flake. Like a snowflake, each email is unique but many share common themes. One of these themes is my favourite discussion topic: vulnerability scoring. I was inspired to further discuss this issue after the...

The largest inflight Internet provider Gogo is under fire after a Google Chrome security engineer took to Twitter her discovery of the service issuing fake SSL certificates. During a recent flight, Adrienne Porter Felt (@__apf__) noted that while accessing Google sites, the SSL certificate was actually being issued by Gogo – an “unstrusted issuer “ ...

Only one percent of consumers believe using a third-party mobile payment provider, such as Apple Pay or Google Wallet, is a safe way to pay for in-store purchases, reveals Tripwire, Inc. This past holiday season, One Poll and Dimensional Research conducted a consumer survey of over 2,011 consumers in the United States and UK. The survey’s findings...

In anticipation of the New Year, Tripwire recently published an article that surveyed some of the better-known data breaches that occurred in 2014. We now present Part 2 of our two-part series, “2014: The Year of the Breach.” Home Depot (September) – On September 18th, Home Depot acknowledged that it had suffered a data breach. The attackers...

British authorities have allegedly arrested another member of the hacker group ‘Lizard Squad.’ The Daily Dot recently broke the story after it received an email from Vinnie Omari, a 22-year-old member of the hacker group. “They took everything,” Omari explained in the email, which allegedly also contained an image of the British authorities’ search...

One of Tripwire's many strengths is our ability to collect security data and build meaning from it. Meanwhile, the rapidly emerging Internet of Things (IoT) poses some juicy problems to tackle in this regard. I recently came across an interesting article titled 4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 1 of 2 by...