CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
And to be clear, I also ask employees to not break the law for their own benefit. It’s a solid 10 minutes of reminding them to conduct business lawfully.
1
In my security awareness training, I cover ethics and ask employees to NOT break the law to benefit the company, then give a bunch of examples. I’ll be adding this one to to deck.
Ticketmaster to pay $10 MILLION fine for illegally accessing computer systems of a competitor in an attempt to "cut [its rival] off at the knees."
Read: thehackernews.com/2021/01/ti…
#infosec #cybersecurity #privacy #hacking #databreach
2
Best not to look at how much it costs taxpayers.
patheos.com/blogs/freethough…
1
2
Bil Corry retweeted
Hi!
I would like to release the new version of Tamper Chrome. It's a HTTP Request/Response interception tool.
It's very simple for now. If you have time, please help me test it to uncover embarrassing bugs!
tamper.dev/
Fixed the old bugs.
New version of Tamper Chrome under development. Looking for testers :)
Known Bugs:
- Deleting headers doesn't delete them
- You have to scroll to see new requests below
Missing Features:
- Response interception
- Repeating requests
github.com/google/tamperchro…
42
88
Bil Corry retweeted
XS-Leaks (cross-site leaks) is a class of issues which poses interesting challenges for security engineers and web browser developers due to a diversity of attacks and the complexity of building comprehensive defenses:
#XSLeaks
#AppSec
xsleaks.dev/
5
8
Warning from the FBI about swatting attacks that also include hacking of home smart devices, which are then used to interact with the police and stream the entire event.
ic3.gov/Media/Y2020/PSA20122…
1
1
Here's a short 28-minute documentary about the time that Big Tech colluded to cheat workers out of wages. Since it happens repeatedly, you'll have to watch to know which one this is about.
vimeo.com/327830855
1
Reminds me of the anti-competitive “no poaching” agreement from 2010.
Speaking of which, this 2019 documentary looks interesting.
mercurynews.com/2019/05/24/w…
1
Even better, don’t send phishing emails at all, save that money and time for other more valuable efforts, and instead use your real phishing emails as the basis for improving your program. 3/3
1
That’s why employees hate phishing tests when they’re held accountable, it doesn’t prove anything. It’s trivial to create a highly clicked-on email, I’ve created many. Use the click-thru rate as a means to shore up controls and training. 2/3
1
Phishing tests are testing the security team’s technical controls and education; if an employee is duped, it’s the security team, not the employee, that failed. 1/3
coppercourier.com/story/goda…
1
You might address the privacy and security concerns related to requiring testing surveillance software be installed.
Also, Pearson sends the recordings back to you which contain identity documents (per their privacy policy), but your privacy policy does not address this.
That’s not what “optional” means!
“The collection of such data is optional, but necessary if you choose to use the online proctoring function.”
Source:
home.pearsonvue.com/privacy#…
Bil Corry retweeted
"Details on proposed changes to HIPAA’s Privacy Rule" (via @DailyDashboard) ow.ly/OrMK50CSrZf
1
4