« April 2012 | Main | June 2012 »

May 2012

Thursday, 31 May 2012

Security Awareness Sticker Program: Creative Behavior Change

The SANS Securing The Human Program has launched a Security Awareness Sticker Challenge.  Participation is simple: create a sticker that conveys a key security awareness message and submit it to [email protected] by the Friday, 15 June. If your sticker idea "sticks" you can win a cool shirt.

Details of participation can be found here. Basically, send an idea for a sticker that imparts a security message or suggests a behavior change. The folks at SANS Securing the Human Program will post all the ideas to stimulate even more ideas and also to make all the ideas available for any community member to use or remix.

You don't have to be a cartoonist or have any graphic arts skills (that's key because I have no such skillz). The sticker should be able to convey the security message without explanation. For fun, I found a cartoon at Flickr posted by AJC1 under a Creative Commons license. Here's my remix:

Secawarness

 

Posted at 09:41 AM in Stop Think Connect | | Comments (0)

Wednesday, 30 May 2012

Book Review: Counting to Zero

Counting to Zero (Kindle, paperback) is another of my recent reads in the security suspense genre. Like The Alexandria Project, the plot of Alan Johnston's novel is built around a malware threat. Alan spins his plot around a zero-day attack that his protaganist, Mick O'Malley, is uniquely positioned (both in terms of having the talent and opportunity) to prevent.

Alan's Mick O'Malley is a very interesting character. A blend of engaging nerd and savant, Mick has the tech savvy and hacking skills you expect in a cyber hero, but he's not so embedded in cyberspace that he isn't equally able to think fast in the real world, even in the heat of a chase (a nerd with motorcycle mechanic and crazy riding skillz no less). He even lands himself in a relationship with an attractive female Romanian firewall expert as he pits his skills against his adversaries.

Johnston incorporates blog posts and email exchanges by Mick O'Malley to expose non-technical readers to technical jargon: keylogging, botnets, encrypted (PGP) email and more are inserted in most chapters to demystify the dialog and the plot as it unfolds. These are distinguished using Courier font (of course). Some of these will seem too fundamental to security professionals or practitioners but I suspect it works well for non tech readers. 

The plot works well and the suspense builds nicely to conclusion. Counting to Zero is a fun read, with a fun protaganist. I finished the book looking forward to seeing more adventures with Mick O'Malley in the future.

Disclosure: I know Alan Johnston well yet we have never met. We co-authored  Understanding Voice over IP Security. I was hesitant to publish a review at first but then I realized that I'm not getting any compensation, I enjoyed the book, I hope you will, too.

Posted at 11:16 AM in Books | | Comments (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories