Time for Adobe Flash is more than over

The initial security discussion was all about browsers: Which one shows less vulnerabilities, which one is more secure? There were even government agencies in Europe recommending the use of a different browser every other week based on the “vulnerability de jour”. This changed a bit and modern browsers are more or less out of focus…

Top 15 Security Predictions for 2016

No, they are still not coming from me but this article is actually really interesting: Top 15 security predictions for 2016. A few of them are remarkable: At your criminal service (Kaspersky/Seculert) The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat.…

Lessons from Morgan Stanley – is monitoring outgoing data the silver bullet?

A lot of articles are looking into the Morgan Stanley breach case, which is definitely an interesting story all by itself. An employee illegally accesses information and stores it on his home server. Obviously not a very smart thing to do but initially it rested there. It would be interesting to understand what he planned to…

Security in 2016?

This time of the year typically two things happen: I am asked several times to either have a presentation or write an article about “Security in 2016”. The second thing is that everybody who writes a blog or otherwise thinks that they have to say something look into the crystal ball and writes an article…

Better Metrics Needed to Assess Security of Critical Infrastructure?

This is actually an interesting discussion: Critical Infrastructure: Better Cybersecurity Metrics Needed. From a high level view there is nothing you can object here. Definitely we need better metrics and definitely it would help us to understand the maturity of security in any given company – not just the critical infrastructure. But wait, I think…

Checklist for Incident Response

If you are in the process of setting up an Incident Response Team (or you just want to check back), there is a good article to check your status: Checklist for Incident Response Teams Roger Related articles After Ola, Uber Too Brings Disguised Phone Numbers For Passenger Privacy! (trak.in) Attackers forgo malware (linuxsecurity.com) App. State…

Securing WordPress

Currently, I am running two WordPress sites. One is my blog and the other one is the website of our bicycle/mountain bike club (www.vcvolketswil.ch). Securing them is part of the story for somebody like me, I guess. Normally you keep them just updated. Part of my responsibility is WordPress, all the plugins and the Themes.…