Sunday, June 24, 2018

Infosec quotes - all https

“...
all websites should use HTTPS, even if they don't include private content, sign-in pages, or credit card details
...”




https://twitter.com/troyhunt/status/1010962299123712000?s=21

Saturday, June 23, 2018

Infosec quotes - win 7 and 2008 end of support

571 Days was until Server 2008/2008R2 and Windows 7 end of support.

Infosec quotes - remove FileZilla

Andrew Case:
“...
After reading this thread
https://forum.filezilla-project.org/viewtopic.php?t=48441
I would strongly suggest removing FileZilla from enterprise systems: 
...”

https://twitter.com/attrc/status/1010334619986808832?s=21


Friday, June 22, 2018

Infosec quotes - new nist

“...
NIST plans to publish the final public draft of Special Publication 800-53, Revision 5 (Security and Privacy Controls for Information Systems and Organizations) on 09-04-18. Final publication expected on 12-27-18.
...”



https://twitter.com/ronrossecure/status/1010005046405287941?s=21 

Thursday, June 21, 2018

Infosec quotes - admin rights

“...
If you want to be secure, users cannot be logged in as an administrator
...”


https://twitter.com/avecto/status/1009357705524514816?s=21

Tuesday, June 19, 2018

Infosec quotes - asset list

“...
If you can’t produce an asset list then save the money you would have spent on pentests and download a copy of the CIS Top 20 Controls. Then start at the top, where it says to create an asset list.
...”


https://twitter.com/danielmiessler/status/1009024662175735808?s=21

Infosec quotes - cia leaker

“...
The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out
...”


https://twitter.com/flyryan/status/1008922224936484865?s=21

Monday, June 18, 2018

Infosec quotes - open folders

“...21% of all their folders open to everyone in the company... ‘That's absurd,’ he says, noting that this openness enables attackers and malware to penetrate one user and spread laterally throughout a network...”

Friday, June 15, 2018

Infosec quotes - physical pen test

Physical PenTest of newly constructed building 

“...
reached a company through a newly constructed branch location ... slipped in in that short moment between them implementing the network and them implementing the security to protect that network
...”



https://twitter.com/tinkersec/status/1007609972346277888?s=21 

Wednesday, June 13, 2018

Infosec quotes - what is normal

After seeing a that threat actor that names their malware after Microsoft patches

“...
Seems like it comes down to knowing what should be on your system. Aka knowing what's normal.
...”


https://twitter.com/k5pecial/status/1007012604743741441?s=21

Tuesday, June 12, 2018

Infosec quotes - pen test?



“...
If you don't know what's on your network, you don't need a pentest.
...”


https://twitter.com/averagesecguy/status/1006548503995314178?s=21 

Infosec quotes - FIM sync

“...
Guard your FIM sync accounts just like you would a DA. If I get a FIM account hash, I can dcsync anything 
...”


https://twitter.com/curi0usjack/status/1006718986258698240?s=21

Infosec quotes - security theatre

“...
Throw all the money at security that you want, but if you don’t have the basics of IT down like: asset management, least privilege account management, and decent IT structure like network segmentation, disabled macros etc… then your security program is just security theater.
...”


https://twitter.com/charlesdardaman/status/1006721375657177089?s=21

Friday, June 8, 2018

Infosec quotes - contractor theft

Chinese hackers stole sensitive U.S. Navy submarine plans from contractor


https://www.cyberscoop.com/submarine-contractor-hacked-china-us-navy/

Tuesday, June 5, 2018

Infosec quotes - smb1

“...
Stop using SMB1. For your children. For your children’s children. Please. We’re begging you.
...”


https://twitter.com/gossithedog/status/1003953079601987584?s=21

Sunday, June 3, 2018

Infosec quotes - security debt

“...
One of the main lessons of WannaCry was that apparently, organisations could run for years without patching and not face significant issues. Until they were hit badly. Security debt matters.
...”


https://twitter.com/martijn_grooten/status/1002819201558605824?s=21

Friday, June 1, 2018

Infosec quotes - google https

“...
Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying "Hey, it would be good if traffic wasn't eavesdropped on or modified". This is fixing a deficiency in the web as it has stood for years.
...”

Troy hunt