Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-12-29 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC StormCast for Tuesday, December 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4801

New Years Resolutions

Published: 2015-12-29
Last Updated: 2015-12-29 00:02:52 UTC
by Daniel Wesemann (Version: 1)
4 comment(s)

No, not eating more broccoli, or going to the gym ... I'm referring to security related resolutions only. It is time to think about them now, so that you don't have to pick the first thing that comes to mind at midnight on December 31. Because, knowing you geeks, that first thing would probably be "MUST buy new toy" :).

Here's a couple suggestions for improved security in your everyday computing use in 2016:


1. Remove Flash.

You won't miss it, and if you miss it, you'll get over it.  Today's vulnerability advisory was just one more in a long list of issues. I actually think Adobe should edit the corresponding text on their web page a little, to change it into something like this: Adobe Flash Player is the standard for delivering high-impact, rich Web content exploits. Designs, animation, and malicious applications user interfaces are deployed immediately across all browsers and platforms, attracting and engaging crooks users with a and making them rich Web experience.
 

2. Enable 2-Factor authentication where available.

Yes, logging in can be a bit more annoying and time consuming. And no, the security advantage that it provides isn't perfect. But you don't have to be perfect. You just have to be slightly better than average, because the average crooks are making their money off the average user. Don't be in that group.
 

3. Take the time to enable storage encryption on your mobile device

Yes it asks for the PIN more often. Maybe it even gets a bit more sluggish to use. But the number of mobile phones that are lost or misplaced every day in New York City alone would make a pile that can be seen from space. Imagine the doubt and anguish of the former owners, whose entire life is on those phones. Backups help against the loss, but only PIN & encryption help against the feeling of likely being violated by someone, somewhere, who browses through your private life.
 

What are your security resolutions, either for you personally or for your day job?  Please share in the comments below, or via our contact form.

 

4 comment(s)
Diary Archives