Integrating Red and Blue InfoSec teams

InfoSec typically divides some their people into Red (attack) and Blue (defend) teams. While I agree with the general idea, I’ve often thought it wasn’t sufficiently granular and left a lot out of the InfoSec equation. Up comes this article (https://danielmiessler.com/study/red-blue-purple-teams/) which really digs into what’s missing and how to tie things together. A Purple “team” integrates and facilitates communication between the Red and Blue teams. Further, a Yellow team (builder) and then the combination of the various colors in the Build Attack Defend pyramid, leading to Orange and Green teams, in addition to the Purple team.

WHile it ay overly complicate the picture, the idea is sound, I think – encourage, faciitate, and integrate communications between the various teams/groups. Share knowledge and use that sharing to build a stronger security posture.

Integrating Red and Blue InfoSec teams Read More »

Government cybersecurity bill passes!

Last night, a few hours before the State of the Union address, congress passed a cybersecurity bill…finally! Some of the details, summarized from the article
* Businesses in certain sectors (e.g. financial, transportation, energy to name a few) MUST alert the government when hacked or when they pay ransomware
* Updates to rules how government agencies manage information security
* Changes to how the government assesses and manages the security the the cloud systems in use
CISA should get much more information and insight into the number and type of attacks U.S. companies are being subjected to on a daily basis and be able to share it with concerned entities in a more timely fashion.

Details at https://www.washingtonpost.com/politics/2022/03/02/senate-is-finally-passing-big-cyber-bills/ if you’re interested in more details.

Government cybersecurity bill passes! Read More »

I’ve been warning about this for years

I haven’t said anything about the Log4j issue here but this article from the Washington Post (https://www.washingtonpost.com/politics/2022/01/14/open-source-bugs-present-an-extermination-problem-government/) that discusses the recent meeting at the White House about securing open source software shows that people are finally waking up to the fact that open source needs to be patrolled better. Far too many developers pull in open source packages without regard to their exposures and those places that makes sure the packages are vetted often miss the packages that are pulled in as dependencies.

I’m not putting down any of the open source contributors but I’ve been a contributor and code reviewer and it’s just TOO easy to miss a vulnerability. Sure, automated processes can catch a lot but if someone is intent on introducing a vulnerability, it can be done without a lot of extra effort. No, I don’t have a solution but I’m certain the open source community can come up with some good ones.

I’ve been warning about this for years Read More »

256 qubits?!?

QuEra Computing (https://www.quera.com/) has just launched with a 256-qubit computer. They call it a simulator, I guess because it uses a different underlying technology but it supposedly really is a 256 qubit quantum computer! See https://venturebeat.com/2021/11/17/quera-offers-new-quantum-advantage-based-on-harvard-and-mit-research and. yes, this has significant implications on security which impacts on blockchain, wifi security, network security, ssh, and pretty much everything else that relies on encryption. https://www.fastcompany.com/90698019/quera-quantum-computing-startup is another good and short article.

This is really pretty new (just announced today) and there aren’t a lot of analyses out there yet so I’d encourage you to do your own searches to keep up with it.

256 qubits?!? Read More »

If you do nothing else, use a security conscious DNS

The easiest way to protect yourself from malware etc is to use a DNS provider like quad9.net or nextdns.io. They filter all hostname requests thru databases they maintain and WON’T LET YOU go to a known bad host by just not resolving that hostname! Please, for your own sake, do it now.

I won’t go into details about DNS…if you need more info check https://www.cloudflare.com/learning/dns/what-is-dns/

If you do nothing else, use a security conscious DNS Read More »