InfoSec Tools, Tips and Thoughts

William McBorrough

Subscribe to William McBorrough: eMailAlertsEmail Alerts
Get William McBorrough: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by William McBorrough

As more vendors dive into the cloud computing market, every possible claim regarding the supposed benefits of moving to a cloud-based service is being made.  I ran across an article titled ” Why Cloud-based Monitoring is more reliable and secure than Nagios. ” The author, who represented a cloud-based network monitoring company, contended that the Software-as-a-Service (SaaS) model offered by his company was better for companies than Nagios and other open source products. The question is not  Cloud Computing vs. Open Source.  In fact, there are open source SaaS providers like MindTouch out there.  If considering a product like Nagios, a better comparison would be open source vs. commercial.  In many cases, cost is the determining factor for companies to look  to open source technologies. Other considerations include flexibility and security. The more relevant  com... (more)

Pentagon and Congress Want Control of Your Network During Cyber Attack

There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure  and our ability to successfully defend against it.  Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will tell you that we are already under attack.  Is there a cyberwar going on?  Howard Schmidt, the White House’s Cyber Czar says “No”. But let’s not argue semantics. War, skirmish, tomfoolery…call it what you may. M... (more)

The Values Proposition for Allowing Users Access to Social Networks

What is the values proposition for allowing employees access to web 2.0 resources such as social networks? Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN,  malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny access to social networks from company systems and networks. Even within such organizations, there are user who need to access social networks to perform their job functions. LinkedIn has become a great tool for recruiting... (more)

Google Street View Wi-Fi Snooping: Commentary

On Saturday, April 28, the FCC released the full un-redacted report on Google’s Street View project. The report is only 25 pages long and can be found at the bottom of this post.  I find the following tidbits particularly interesting: " …Engineer Doe developed Wi-Fi data collection software code that, in addition to collecting Wi-Fi network data for Google’s location-based services, would collect payload  that Engineer Doe thought might be useful for other Google services. …Google made clear for the first time that Engineer Doe’s software was written specifically to capture payl... (more)

Cyber Security Alliance Helps Small Businesses Address Security Risks

Across all industries, small businesses are increasingly facing new threats related to cyber security. Whereas some have taken minimum steps to address these threats but most have not. New security threats and incidents are reported every day in news reports and a many remain unreported. This underscores the need for cyber security education of small business owners and managers. These threats have potentially serious consequences and could lead to unrecoverable damage to small businesses. What are some consequences of the lack of basic cyber security controls? Loss or stolen cus... (more)