Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Cartoon: The Insider Threat
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
saipraneeth
50%
50%
saipraneeth,
User Rank: Apprentice
4/17/2015 | 6:58:46 AM
Re: Social engineering the office party..
nice post
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
12/16/2014 | 11:45:06 AM
Re: It's a small world
That was undoubtedly awkward for both of you. IT communities within a city are typically small and closely knit. I attend several tech conferences every year and I see the same people time and again, albeit sometimes with different companies. Unfortunately, non-IT executives rarely venture into those gatherings and it is difficult for them to network with IT professionals, so they sometimes have to rely on paper qualifications. I know some IT folks who look very good on paper, but somewhat lacking in actual experience. Things have a way of sorting themselves out though, especially in a highly technical field such as IT.
aws0513
50%
50%
aws0513,
User Rank: Ninja
12/16/2014 | 11:33:59 AM
Re: It's a small world
The situation was somewhat less than seredipitous.
From what I learned later, the guy omitted or "embellished" certain details about his work history.
Definitely an awkward situation for my friend.  He was desparate for a security professional leader for the executive team, but found out after the fact that he had possibly hired a lemon.

I told my friend that it was not uncommon for paths to cross in the security industry.  Good security professionals understand and commonly engage the power of human networking and knowledge sharing.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
12/16/2014 | 10:57:53 AM
Re: It's a small world
Reminds me of that long standing joke about government employees - if you do good work, you are considered invaluable in that position and simply stagnate; but if you screw up, you are removed from the position and then get promoted!
aws0513
100%
0%
aws0513,
User Rank: Ninja
12/15/2014 | 4:00:01 PM
It's a small world
Awhile back, I was attending a small scale IT security symposium.
The first part of the event was a short social time where everyone had bagels and coffee before the first presentation. 

It was shortly into that social time when I ran into a good friend who happened to be an executive for another company in the city where this conference was located.  He wanted to introduce me to his new CISO and sent his administrative assistant to fetch him from somewhere on the other side of the crowded room.

A few moments later, the assistant came back somewhat upset. She mentioned the CISO had to leave in a rush due to some kind of emergency.  My friend was visibly concerned and hoped that we could link up again in the future.  He then told me the name of this new CISO and if I had heard of him before.

When he told me the name of this new CISO, I first had to verify what the guy looked like and finalized that by mentioning the name of this new CISOs wife.  My friend was amazed I knew the guy and asked where we had crossed paths.

Then I proceeded to inform my friend how approximately a year prior I was involved in getting his new CISO released (fired) from a network manager position at another organization we both happened to work for.  The reasons for which I was not at liberty to disclose.

Awkward...
Soozy G. Miller
50%
50%
Soozy G. Miller,
User Rank: Apprentice
12/15/2014 | 1:18:01 PM
for a day
Maybe if it could be stolen for a day and I could be someone else for just that day, it would be cool. Like Madonna. Or Kate Middleton. Or Gwen Stefani. Would I get Gwen's voice along with her identity?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/4/2014 | 12:20:46 AM
Re: Who's stealing from whom?
@ODA155: haha, you flatter me.

Okay, someone with more money, then.  :p
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/3/2014 | 5:28:38 PM
Re: Who's stealing from whom?
@Joe Stanganelli,... Someone "cooler" than you... dude, how is that even possible?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
12/3/2014 | 10:57:48 AM
Re: Who's stealing from whom?
LOL, Joe. If only it was that simple..
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/3/2014 | 1:12:56 AM
Who's stealing from whom?
Sometimes I worry about having my identity stolen.

Then I think that if that ever happened, I could seize the opportunity to take on the identity of someone cooler.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15001
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
CVE-2020-15092
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
CVE-2020-15093
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
CVE-2020-15299
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
CVE-2020-4173
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...