The LASCON Badge Game was back in 2018 and the feedback I received was that it was the best one so far. It started out with the following QR code on the back of the badge: Following that QR code took you to the URL https://pastebin.com/J61kDSe2. Viewing that URL gives you the following: V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSF= V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSE= […]
For those who don’t know, every year I put together a game that starts on the back of the LASCON badge. It’s typically some combination of crypto challenges alongside application security vulnerabilities with the goal of having it take somewhere around 1-3 hours, depending on experience, to complete. Those who complete the game are rewarded […]
As an Information Security Program Owner, I get a barrage of e-mails and phone calls multiple times a day from vendors looking to sell us their latest hotness security product. Between the e-mails, phone calls, expo floor at BlackHat this year, and several talks that I’ve seen at past conferences, I have noticed a disturbing […]
The other day I read that Comcast is launching a new plan to turn home internet users into unwilling participants in their new global wifi strategy. I’m sure that they will soon be touting how insanely awesome it will be to get “full strength” internet access virtually anywhere just by subscribing to this service. Other […]
The 2014 Verizon Data Breach Investigation Report (DBIR) is out and it paints quite the gloomy picture of the world we live in today where cyber security is concerned. With over 63,000 security incidents and 1,367 confirmed data breaches, the question is no longer if you get popped, but rather, when. According to the report, […]
I am going to start out here by saying that I do not now, nor have I ever, held the title of Chief Information Security Officer (CISO). That having been said, I do effectively fill this role as the Information Security Program Owner for a large, $1B+ per year, public company. Some of what follows […]
Last year I gave a talk at a number of different conferences called “The Magic of Symbiotic Security: Creating an Ecosystem of Security Systems” in which I spoke about how if we can break our security tools out of their silos, then they become far more useful. Lately, I’ve been doing a lot of work […]
I recently had the opportunity to play with a data analytics platform called LYNXeon by a local company (Austin, TX) called 21CT. The LYNXeon tool is billed as a “Big Data Analytics” tool that can assist you in finding answers among the flood of data that comes from your network and security devices and it […]
Much like many other companies these days, National Instruments hires many of our developers straight out of school. Many times when engaging with these new hire developers, I will ask them what kind of security they learned at their university. In almost all cases I’ve found that the answer hasn’t changed since I graduated back […]
Notice anything wrong with this picture? I was walking by one of the Iron Mountain Secure Shredding bins at work one day several months ago and noticed that the lock wasn’t actually locked. Being the security conscious individual that I am, I tried to latch the lock again, but the lock was so rusted that […]
