security - Jonsdocs

Sign in Subscribe

security

IT security tips.

3d text saying "H F CON".The "F" is lying down.There is a pale yellow background with mauve & white shapes at the borders.

Human Firewall Conference

Human Firewall Conference 2023

A summary of my notes from the SoSafe Human Firewall conference, November 2023.

"ISC2 Spotlight" written in white on a green background, with "secure software development" in blue on a white background.

ISC2 Secure Software Development

ISC2 Spotlight: Secure Software Development conference - day two

Yesterday's conference sessions were interesting (you can read about them here), and today is the last day of the conference. Today's agenda: * Secure by Design: CISA's Plan to Foster Tech Ecosystem Security * SigStore to Secure the Code Supply Chain * What You Need to Know About the EU Cyber Resilience Act

"ISC2 Spotlight" written in white on a green background, with "secure software development" in blue on a white background.

ISC2 Secure Software Development

ISC2 Spotlight: Secure Software Development conference - day one

ISC2 (formerly (ISC)²) ran an online only "spotlight" (conference) on secure software development this week on the 8th and 9th of November. As this directly aligned to my work's industry (I work for a software development company), I took the time to attend this. ISC2 members were able to attend

Screenshot of Virus Total saying 14 out of 61 vendors believe the file is malicious.

A QBot near miss, and a look at what might have been

A look at some malware that would have been delivered to a colleague, but they noticed something dodgy was happening!

An orange rucksack with a gold padlock and labelled "go bag". In front is a torch / flashlight and some bottles of water.

A cyber security incident response "go bag"

I've heard this concept discussed before yet have failed to actually put one together. I started drafting this post back in October, when the concept came up again at a talk during (ISC)² Security Congress 2022 (day one, during "Incident Response Ready - Key Steps of a Ransomware Incident Response

When do you pay the ransom?

When do you pay the ransom?

Should you pay the ransom when attacked with ransomware? I don't think there's a clear cut answer to that...

Playing with honeypots: part 4

Playing with honeypots: part 4

Looking at a different attack on the honeypot I investigate an attempt to deploy a crypto currency miner.

Playing with honeypots: part 3

Playing with honeypots: part 3

Having built a honeypot and published it to the Internet, it's time to see what the attackers tried to do.

Playing with honeypots: part 2

Playing with honeypots: part 2

I build my honeypot in Microsoft's Azure cloud using open source software.

Playing with honeypots: part 1

Playing with honeypots: part 1

Let's look at what honeypots are, and why we might use them.

Receiving a security disclosure for an old subdomain

Receiving a security disclosure for an old subdomain

After receiving a security disclosure from a security researcher I knew I needed to investigate.

Thoughts on home automation / smart homes - security (part2)

home automation

Thoughts on home automation / smart homes - security (part2)

Considering privacy and security with the IoT and smart homes.

What is a Next Generation firewall?

What is a Next Generation firewall?

A look at Next Generation firewalls and the extra services they often provide.

What is a firewall?

What is a firewall?

A quick look at what a basic firewall is, and how it works.

Avoiding direct object reference problems

Avoiding direct object reference problems

Discussing some of the ways to prevent insecure direct object reference issues.

Be wary of attackers bearing old emails

Be wary of attackers bearing old emails

Analysis of some obfuscated VBScript that a malicious email wanted us to download.

The threat of security knowledge gaps (conference slides)

The threat of security knowledge gaps (conference slides)

Slides from my recent conference talk on the threat of security knowledge gaps.

My journey (so far) to a cyber security career

My journey (so far) to a cyber security career

How I got into cybersecurity - the story so far.

Moving from Keepass to Lastpass

Moving from Keepass to Lastpass

Having recently moved from Keepass to LastPass, I discuss my experience so far.

A plea to software developers, vendors and support companies

System administration

A plea to software developers, vendors and support companies

A plea to software vendors so we can all work better together.

What penetration tests have shown me

What penetration tests have shown me

Having worked with a few cyber security firms over the years, let's take a look at some of the findings.

Preparing for a penetration test

Preparing for a penetration test

Some simple preparations will help you get the best value from you penetration test. In this post I discuss some low cost suggestions.

My email signature isn't ID

My email signature isn't ID

Looking at why you shouldn't consider an email signature as ID.

HTTPS inspection exceptions for Google / Chromebooks / Play store

A list of HTTPS inspection exceptions I've found are needed to work with Google services. Includes those needed for Chromebooks and the Google Play Store (Android app installs).