Yes, You Can Patch Stupid
1/30/2019Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Post a Comment
Author
Profile of Ira Winkler
CISSP, President, Secure Mentem News & Commentary Posts: 13Ira Winkler is president of Secure Mentem and author of Advanced Persistent Security.
Articles by Ira Winkler
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Post a Comment
Kudos to the Unsung Rock Stars of Security
1/11/2019It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Post a Comment
The Case for a Human Security Officer
12/5/2018Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
8/21/2018If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Post a Comment
The Fundamental Flaw in Security Awareness Programs
7/19/2018It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Post a Comment
Indicting Chinese Military Officers Is A Huge Mistake
5/29/2014Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Post a Comment
NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job
4/4/2014When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Post a Comment
Target Mocks, Not Helps, Its Data Breach Victims
1/22/2014The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Post a Comment
Why Security Awareness Is Like An Umbrella
12/5/2013A small security awareness program will protect you as much as a small umbrella. So don’t complain when you get wet.
Post a Comment
Make The Most Of National Cyber Security Awareness Month
10/1/2013NCSAM is a catalyst to get extra attention for your security programs
Post a Comment
Arguments Against Security Awareness Are Shortsighted
3/25/2013A counterpoint to Bruce Schneier's recent post on security awareness training for users
Post a Comment
Stupid IRS Spam
9/30/2009I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Post a Comment
Why Social Engineers Need Training
9/10/2009Many security professionals who think they know anything about penetration testing also think they know enough to perform social engineering. After all, they are successful time and time again, so they think they know what they are doing. However, what follows is a textbook example of how a little knowledge in the wrong hands can be very dangerous.
Post a Comment
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8423
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
PUBLISHED: 2019-02-18
From DHS/US-CERT's National Vulnerability Database CVE-2019-8423
PUBLISHED: 2019-02-18
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424PUBLISHED: 2019-02-18
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425PUBLISHED: 2019-02-18
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426PUBLISHED: 2019-02-18
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427PUBLISHED: 2019-02-18
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This