Viewing entries tagged
cybersecurity

Comment

Personal OpSec - random notes

Hey. Happy Thursday. Really good version of Tom Ryan’s Security Mindset Clubhouse room last night. Talked a ton about personal OpSec. A few links and tips below. The team talked about various strategies to protect security and identity including:

  • There’s the obvious like not texting or emailing stuff like SSN, Pictures of ID or SS card, using as few identifiers as possible

  • Using services you have already shared data with instead of signing up for a new service to give more personal information to - like VISA, MC, AMEX… OR using the credit bureaus (Experian, Transunion, Equifax

  • Using a “standard” fake birthday when signing up for websites

  • Using a paid service like “Delete Me” to keep your personal data posted on the web to a minimum / remove personal data sold by brokers. How We Work - DeleteMe (joindeleteme.com) (Thanks Eric)

  • Making sure your family members know “the rules” about posting pictures of you on social

    • Mixed discussion of letting that happen at all

    • Stay out of pictures altogether if you can help it (Thanks Jane)

  • Elixabeth has shared in the past how she works with younger relatives to put together a fake persona for them when they join social. That way they start out NOT exposing their real contact info, but keeps consistent track of the data used.

  • Much discussion about using “standard” fakes for mother’s maiden and other key identifiers when setting up a non-financial account if you HAVE to use that info.

  • Using a fake email service like Nada (thanks Dave M) to individualize setup emails, or one time use (to sign up for whitepapers, etc) nada - Disposable Temp Email (getnada.com)

  • Reading stuff from Michael Bazzell, listening to his podcast, or usign his free workbooks on data removal and credit freeze IntelTechniques by Michael Bazzell (Very useful website.. thanks again Dave)

All in all, I highly recommend joining the Law, Tech and Infosec https://www.clubhouse.com/club/law-tech-infosec club (and Tuesday 11:30am PT / 2:30pm ET discussion) as well as the Security Mindset https://www.clubhouse.com/club/security-mindset club (and Wednesday 3:00pm PT/6:00pm ET discussion rooms to see for yourself.)

Watch your 6… See you there.

Comment

Comment

BlackHat 2021, DefCon 29 and Usenix 30th Security Symposium

Another summer has almost passed, and I missed the Vegas pilgrimage. What with masks and shots, sick people and crazy people… I am still not 100% down with travel. Don’t get me wrong, some crazy part of me really misses waking up in a hotel room wondering where I am and what is on my calendar for the day, but sadly it’s not really fully back to “normal” (which my sister says “is just a setting on the dryer”). All that said, my plan is to be there next year.

I’ve heard mixed reviews. The consensus was that it was lightly attended, and that there were many more “innovation vendors” than main stream big guys. But maybe that’s a good thing. I’ve always enjoyed the outside ring of vendors at shows like RSA, and think that we need more of those in the industry.

Consolidation continues on, and companies are recognizing that there is a balance to the idea that workers that have a less rigid onsite work schedule can be happier and more productive. Then there a great number of people that have not used the time wisely and have instead used this for an excuse to slack. Whichever you are, I hope you’re finding ways to be successful in the new normal.

But I digress.. Thanks to my good friend Tom Ryan, I have this killer list to share with you. Here are slides, talks and videos of some of the best of this year’s Vegas security fest. Check em out. Some great stuff here:

DefCon 29 Videos: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20video%20and%20slides/

DefCon 29 Slides: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/

BlackHat 2021 (Slides accessible within each talk's link): https://www.blackhat.com/us-21/briefings/schedule/index.html

30th Usenix Security Symposium (papers and presentations): https://www.usenix.org/conference/usenixsecurity21/technical-sessions

Do you have any training links to share? Information that might be useful? Post below please! I’m interested.

Comment