Blog

Blog

Women in Information Security: Claire Reckless

Last time, I had the opportunity to talk to Toronto’s own Jennifer Fernick. Somehow, she juggles graduate computer science studies with taking care of a bank’s cybersecurity. I couldn’t do that! This time, I had the honour of speaking with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity...
Blog

The Masquerade Ball: Train Yourself to Detect Spoofed Files

Masquerading is a technique used in which a file name is maliciously named something similar to one which may be trusted. This specific technique is outlined in detail in the MITRE ATT&CK framework, as well. For example, a file named explorer.exe may seem more benign than one called explor3r.exe. However, file names may not be so easy to spot like...
Blog

5 Insights From the 2018 Verizon DBIR

The 2018 Data Breach Investigations Report digs deep into data-driven findings about the state of global cybersecurity across a number of industries that include manufacturing, healthcare, financial and public administration. Verizon’s 11th annual report revealed the trends behind 53,000 cybersecurity incidents and 2,216 confirmed data breaches. As...
Blog

If Firm Implies Secure, Does That Imply My Firmware Is Secure?

Has there ever been a time in your life when you asked, “How does that work”? In the early days of computing, we learned that BIOS stood for “Basic Input Output (instruction) Set.” It is a set of nonvolatile instructions that dictate how a hardware system should function at startup. I remember my first experiences interacting with BIOS. I specifically...
Blog

DevOps Days – PDX 2018 Review

I had the opportunity to go to my local DevOps Days this year – DevOps PDX. If you've never been, and this was my first time attending, I highly recommend finding the next one closest to you and going. When I say closest to you, it's quite likely there will be one in a city nearby. Aside from the wonderful content, community and interactions, DevOps...
Blog

Staying Secure When Online Shopping: Getting the Basics Right

Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your...
Blog

Women in Information Security: Jennifer Fernick

Last time, I had the privilege of interviewing Fortalice Solutions founder Theresa Payton. Her combination of White House and private sector intelligence and cybersecurity experience gives her a truly one-of-a-kind perspective in this industry. This time, I got to speak to someone else I’ve met in person in Toronto’s cybersecurity community,...
Blog

Scraping Social Security Numbers on the Web

One of the most accredited forms of validation for a citizen’s identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised, it can lead to serious problems where an individual to impersonate someone. A citizen may never know that...
Blog

U.S. National Cyber Strategy: What You Need to Know

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...
Blog

NCSAM: Six Tips to Help Keep your Business Secure

During the last half of the 1990s, there was a concern for employees using their own home desktop computers to dial in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks and then how to mitigate them through documented policies and the use of new tools. Soon after the year...
Blog

35 Million US Voter Registration Records Found for Sale on Dark Web

Weeks before the November midterm elections, roughly 35 million U.S. voter registration records from 19 states have appeared for sale on the dark web. Researchers from Anomali Labs and Intel 471 discovered the data for sale, which reportedly includes voters’ “full name, phone numbers, physical addresses, voting history, and other unspecified voting...
Blog

Women in Information Security: Theresa Payton

Last time, I had fun speaking with my friend, red team-minded student/teacher Alana Staszczyszyn. This time, I had the privilege of speaking with cybersecurity and intelligence industry veteran Theresa Payton. She’s always had tons of responsibility. She went from the White House to start her own private sector firm, Fortalice Solutions. Kim Crawley...
Blog

Dating App for Trump Supporters Exposed Members' Information

A dating app geared towards connecting supporters of U.S. President Donald Trump exposed members' personal and account information. On 15 October, security researcher Baptiste Robert (who also goes by the name "Elliot Alderson") discovered security weaknesses in the Donald Daters dating app that exposed several pieces of users' information. https:/...