Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Cartoon: The Insider Threat
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
saipraneeth
50%
50%
saipraneeth,
User Rank: Apprentice
4/17/2015 | 6:58:46 AM
Re: Social engineering the office party..
nice post
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
12/16/2014 | 11:45:06 AM
Re: It's a small world
That was undoubtedly awkward for both of you. IT communities within a city are typically small and closely knit. I attend several tech conferences every year and I see the same people time and again, albeit sometimes with different companies. Unfortunately, non-IT executives rarely venture into those gatherings and it is difficult for them to network with IT professionals, so they sometimes have to rely on paper qualifications. I know some IT folks who look very good on paper, but somewhat lacking in actual experience. Things have a way of sorting themselves out though, especially in a highly technical field such as IT.
aws0513
50%
50%
aws0513,
User Rank: Ninja
12/16/2014 | 11:33:59 AM
Re: It's a small world
The situation was somewhat less than seredipitous.
From what I learned later, the guy omitted or "embellished" certain details about his work history.
Definitely an awkward situation for my friend.  He was desparate for a security professional leader for the executive team, but found out after the fact that he had possibly hired a lemon.

I told my friend that it was not uncommon for paths to cross in the security industry.  Good security professionals understand and commonly engage the power of human networking and knowledge sharing.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
12/16/2014 | 10:57:53 AM
Re: It's a small world
Reminds me of that long standing joke about government employees - if you do good work, you are considered invaluable in that position and simply stagnate; but if you screw up, you are removed from the position and then get promoted!
aws0513
100%
0%
aws0513,
User Rank: Ninja
12/15/2014 | 4:00:01 PM
It's a small world
Awhile back, I was attending a small scale IT security symposium.
The first part of the event was a short social time where everyone had bagels and coffee before the first presentation. 

It was shortly into that social time when I ran into a good friend who happened to be an executive for another company in the city where this conference was located.  He wanted to introduce me to his new CISO and sent his administrative assistant to fetch him from somewhere on the other side of the crowded room.

A few moments later, the assistant came back somewhat upset. She mentioned the CISO had to leave in a rush due to some kind of emergency.  My friend was visibly concerned and hoped that we could link up again in the future.  He then told me the name of this new CISO and if I had heard of him before.

When he told me the name of this new CISO, I first had to verify what the guy looked like and finalized that by mentioning the name of this new CISOs wife.  My friend was amazed I knew the guy and asked where we had crossed paths.

Then I proceeded to inform my friend how approximately a year prior I was involved in getting his new CISO released (fired) from a network manager position at another organization we both happened to work for.  The reasons for which I was not at liberty to disclose.

Awkward...
Soozy G. Miller
50%
50%
Soozy G. Miller,
User Rank: Apprentice
12/15/2014 | 1:18:01 PM
for a day
Maybe if it could be stolen for a day and I could be someone else for just that day, it would be cool. Like Madonna. Or Kate Middleton. Or Gwen Stefani. Would I get Gwen's voice along with her identity?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/4/2014 | 12:20:46 AM
Re: Who's stealing from whom?
@ODA155: haha, you flatter me.

Okay, someone with more money, then.  :p
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/3/2014 | 5:28:38 PM
Re: Who's stealing from whom?
@Joe Stanganelli,... Someone "cooler" than you... dude, how is that even possible?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/3/2014 | 10:57:48 AM
Re: Who's stealing from whom?
LOL, Joe. If only it was that simple..
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/3/2014 | 1:12:56 AM
Who's stealing from whom?
Sometimes I worry about having my identity stolen.

Then I think that if that ever happened, I could seize the opportunity to take on the identity of someone cooler.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/31/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...