Comodo Takes Security Seriously... Wait, What?

October 04, 2019 by Marc Handelman in Security Incompetence, Security Heal Thyself, Security Failure, Information Insecurity

via Zach Whittaker, writing at Techcrunch, comes this interesting piece, describing a 'cybersecurity' company's (in this case - Comodo) abject faliure to protect it's own web presence (from a recently reported - and fixed-by-the-vendor flaw). A nearly perfect example of as to why security companies are generally distrusted (at least around here...).

Oh, and the ostensible cause? The highly reported on VBulletin Flaw (now fixed). However, the true cause was (and I assert still must be) gross incompetence displayed by Comodo, and of which, is certainly not the first time this company has appeared swimming in the murky sea of questionable practices, and behaviors indicative of criminality.

via the respected information security capabilities of Robert M. Lee & the superb illustration talents of Jeff Hass at Little Bobby Comics.

Robert M. Lee's & Jeff Hass' Little Bobby Comics: 'RSA' →

March 18, 2019 by Marc Handelman in Little Bobby Comics, Security Humor, Security Heal Thyself, Satire, Sarcasm, Information Security

Via the Erudite Security Mindset of Robert M. Lee & the Superlative Illustration Talents of Jeff Hass at Little Bobby Comics.

Robert M. Lee's and Jeff Hass' Little Bobby Comics: 'Internecine Wafare' →

November 25, 2018 by Marc Handelman in Little Bobby Comics, Security Humor, Security Heal Thyself, Satire, Sarcasm

via the Comically Security Mindset of Robert M. Lee and the Superb Illustration work of Jeff Hass at Little Bobby Comics

Robert M. Lee & Jeff Hass's 'Little Bobby - Security Magic' →

April 29, 2018 by Marc Handelman in Little Bobby Comics, Sarcasm, Satire, Security Heal Thyself, Security Humor, Security Magic

via the exacting observational skills of Daniel Stori at Turnoff.us!

Daniel Stori's 'Intel Bug' →

January 21, 2018 by Marc Handelman in turnoff.us, Satire, Sarcasm, Security Failure, Security Heal Thyself, Security Humor

Webroot, The Latest SNAFU →

April 25, 2017 by Marc Handelman in All is Information, Security Failure, Information Security, Governance, Security Governance, Security Heal Thyself, Security Testing, Vulnerabilities, Vulnerability Research

Iain Thomson, writng at El Reg, reports on Webroot's latest SNAFU. I'll leave it to his illustrative prose to tell the tale.

Self-Healing Endpoint

March 21, 2017 by Marc Handelman in All is Information, Blatant Stupidity, Information Security, Right to Privacy, Security Failure, Security Governance, Security Heal Thyself, Security Opinion, Demise of Privacy

Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.

Bad Relationship, Technical Debt →

December 29, 2015 by Marc Handelman in Security Heal Thyself, SecDevOps, Cybersecurity, Information Security

Technical Debt, and it's consequences... Illuminated for us - mere mortals - by Chris Hockings - IBM Master Inventor. Todays' MustRead.

In the worst-case scenario, an enterprise continues to invest in platforms that are no longer sufficiently effective, resulting in more personnel delivering currency rather than capability. Security debt is a term that has been coined to describe application vulnerabilities that result from such laggardly behavior. - via by Chris Hockings writing at SecurityIntelligence

Espionage, The Intelligence Files

September 16, 2015 by Marc Handelman in All is Information, Espionage, Information Security, Security Heal Thyself

News, via Lucian Constantin, writing at PCWorld, details the discovery of a targeted group of LinkedIn Corporation (NasdaqGS: LNKD) users (in this case information security professionals) unwittingly involved in a focused intelligence/espionage campaign to garner discrete corporate information. Another case of social networks as the baseline method for intelligence gathering by nations-states and illicit non-governmental organizations. Aye me buckos! A treasure-trove thee awaits!