Saturday Security Maxim
Wolfe’s Maxim: If you don’t find it often, you often don’t find it. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Wolfe’s Maxim: If you don’t find it often, you often don’t find it. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
DarkMatters takes us down the slippery-slope of poorly configured Databases, and Database Management Systems. Threats abound, yet little is accomplished to remdiate (until after data loss). Today's Must Read.
'As of this writing, there are more than 27,000 instances of MongoDB and approximately 29,000 instances of Redis on the internet that do not have authorization enabled. Misconfigured databases are just as dangerous as vulnerabilities—they provide the bad guys an easy-access, exploitable front door to user data.' via DarkMatters
Microsoft Corporation (NasdaqGS: MSFT) has released the Redmond, Washington software leviathan's Privileged Access Workstations.
Essentially, PAWS provisions a workstation to perform high risk-determined activities (SysAdmin work, for example), and permits a user VM on the machine to perform less sensitive, mundane tasks such as normal office tasks.
Seems a might crufty, eh?
'In simplest terms, a PAW is a hardened and locked down workstation designed to provide high security assurances for sensitive accounts and tasks. PAWs are recommended for administration of identity systems, cloud services, and private cloud fabric as well as sensitive business functions.' - via Microsoft Technet
Any Donuts Left? Maxim: But paying attention is very difficult. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Caffeine Maxim: On a day-to-day basis, security is mostly about paying attention. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Interesting post at NODE, proffering advice to 中本哲史 Nakamoto Satoshi on the method to attain the penultimate viral outcome. Bitcoin users, rejoice...
Cyborg Maxim: Organizations and managers who automatically think “cyber” or “computer” when somebody says “security”, don’t have good security (including good cyber or computer security). Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
By the Book Maxim: Full compliance with security rules and regulations is not compatible with optimal security. Comment: Because security rules & regulations are typically dumb and unrealistic (at least partially). Moreover, they often lead to over-confidence, waste time and resources, create unhelpful distractions, engender cynicism about security, and encourage employees to find workarounds to get their job done— thus making security an “us vs. them” game. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory.
Welcome, my friends, to the show that (evidently) never ends... Of course, I am writing about our beloved interwebs, and in this case, L'internet Quantum.
"The future quantum Internet will need a network of satellites and ground stations, similar to that of the Global Positioning System, in order to exchange quantum keys instantaneously." - via Alexander Hellemans writing at IEEE Spectrum Magazine
PhoneBoy's thought provoking post, noting the unpreparedness [from a defence perspective] of our society to cybersecurity threats. Quite obviously, today's Must Read.
via the eponymous Pete Herzog, whilst writing at DarkMatters, comes this outstanding compilation of New Year Predictions. Enjoy.
Thomas Fox-Brewster, writing at Forbes, regales us with the latest display of the demise of privacy: The formerly private records of 191,000,000 United States citizen's voting data, apparently yearning to be free, was granted it's wish and published in an on-line database of reportedly unknown origins... Available for consumption on our beloved interwebs. Astounding.