“...
all websites should use HTTPS, even if they don't include private content, sign-in pages, or credit card details
...”
https://twitter.com/troyhunt/status/1010962299123712000?s=21
Sunday, June 24, 2018
Saturday, June 23, 2018
Infosec quotes - win 7 and 2008 end of support
571 Days was until Server 2008/2008R2 and Windows 7 end of support.
Infosec quotes - remove FileZilla
Andrew Case:
“...
After reading this thread
https://forum.filezilla-project.org/viewtopic.php?t=48441
I would strongly suggest removing FileZilla from enterprise systems:
...”
https://twitter.com/attrc/status/1010334619986808832?s=21
Friday, June 22, 2018
Infosec quotes - new nist
“...
NIST plans to publish the final public draft of Special Publication 800-53, Revision 5 (Security and Privacy Controls for Information Systems and Organizations) on 09-04-18. Final publication expected on 12-27-18.
...”
https://twitter.com/ronrossecure/status/1010005046405287941?s=21
Thursday, June 21, 2018
Infosec quotes - admin rights
“...
If you want to be secure, users cannot be logged in as an administrator
...”
https://twitter.com/avecto/status/1009357705524514816?s=21
Tuesday, June 19, 2018
Infosec quotes - asset list
“...
If you can’t produce an asset list then save the money you would have spent on pentests and download a copy of the CIS Top 20 Controls. Then start at the top, where it says to create an asset list.
...”
https://twitter.com/danielmiessler/status/1009024662175735808?s=21
Infosec quotes - cia leaker
“...
The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out
...”
https://twitter.com/flyryan/status/1008922224936484865?s=21
Monday, June 18, 2018
Infosec quotes - open folders
“...21% of all their folders open to everyone in the company... ‘That's absurd,’ he says, noting that this openness enables attackers and malware to penetrate one user and spread laterally throughout a network...”
Friday, June 15, 2018
Infosec quotes - physical pen test
Physical PenTest of newly constructed building
“...
reached a company through a newly constructed branch location ... slipped in in that short moment between them implementing the network and them implementing the security to protect that network
...”
https://twitter.com/tinkersec/status/1007609972346277888?s=21
Wednesday, June 13, 2018
Infosec quotes - what is normal
After seeing a that threat actor that names their malware after Microsoft patches
“...
Seems like it comes down to knowing what should be on your system. Aka knowing what's normal.
...”
https://twitter.com/k5pecial/status/1007012604743741441?s=21
Tuesday, June 12, 2018
Infosec quotes - pen test?
“...
If you don't know what's on your network, you don't need a pentest.
...”
https://twitter.com/averagesecguy/status/1006548503995314178?s=21
Infosec quotes - FIM sync
“...
Guard your FIM sync accounts just like you would a DA. If I get a FIM account hash, I can dcsync anything
...”
https://twitter.com/curi0usjack/status/1006718986258698240?s=21
Infosec quotes - security theatre
“...
Throw all the money at security that you want, but if you don’t have the basics of IT down like: asset management, least privilege account management, and decent IT structure like network segmentation, disabled macros etc… then your security program is just security theater.
...”
https://twitter.com/charlesdardaman/status/1006721375657177089?s=21
Friday, June 8, 2018
Infosec quotes - contractor theft
Chinese hackers stole sensitive U.S. Navy submarine plans from contractor
https://www.cyberscoop.com/submarine-contractor-hacked-china-us-navy/
Tuesday, June 5, 2018
Infosec quotes - smb1
“...
Stop using SMB1. For your children. For your children’s children. Please. We’re begging you.
...”
https://twitter.com/gossithedog/status/1003953079601987584?s=21
Sunday, June 3, 2018
Infosec quotes - security debt
“...
One of the main lessons of WannaCry was that apparently, organisations could run for years without patching and not face significant issues. Until they were hit badly. Security debt matters.
...”
https://twitter.com/martijn_grooten/status/1002819201558605824?s=21
Friday, June 1, 2018
Infosec quotes - google https
“...
Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying "Hey, it would be good if traffic wasn't eavesdropped on or modified". This is fixing a deficiency in the web as it has stood for years.
...”
Troy hunt
Subscribe to:
Posts (Atom)