Brown Hat Security - Business practices in the age of the wire fraud scam

The CEO/CFO wire fraud scam has grown increasingly common as of late, and has very successfully bilked businesses out of great quantities of money. This is, fundamentally, an information security problem and should be treated as such.

The scam goes like this: a CEO is traveling to a foreign ...

more ...

Brown Hat Security - Phishing the Government

The CISO of the Department of Homeland Security made a statement which the information security world has found to be somewhat controversial.

He is quoted in the above-linked article as saying:

"Someone who fails every single phishing campaign in the world should not be holding a TS SCI [top secret ...

more ...

Brown Hat Security - In Defense of Hard Deadlines

Security researchers inevitably have a conundrum when it comes to disclosure of vulnerabilities. On the one hand, if they try to do the right thing, they may suffer any number of legal penalties as uncooperative vendors or operators, resentful of the researcher's activities, seek to prosecute rather than patch ...

more ...

Brown Hat Security - Moving Targets

Security is a constantly moving target. There is no case where a given system can be presumed to be "secure" - information security is a process, not a goal. Even the best secured system will be vulnerable to new research over time: those who want to attack systems to extract information ...

more ...

Brown Hat Security - Attack Surfaces

To secure a building, you need to lock and alarm windows and doors, and restrict the capability of people to enter and exist to a known, monitored entrance. Information systems require the same kind of care and attention, though they frequently do not receive it.

Many home and business systems ...

more ...