Matthew J. Harmon: Minneapolis, Minnesota, États-Unis, Earth

Action and Adventure on the High Seas of Information Security

infosec

  • EXP: Have you tried turning it off and on again? (Seriously)


    Forever being the advocate of resilient and high quality Information Technology (IT) infrastructure (a geek), I frequently get pulled into not-so-uber-sexy-cyber-security projects for friends and neighbors. This one time, a…

  • Update Apr 14: Heartbleed OpenSSL Vulnerability


    Significant OpenSSL Vulnerability (CVE-2014-0160) with PoC the wild. While only a CVSS 5, due to its memory grabbing ability, this is a CODE UPGRADE-NOW. This is OpenSSL vulnerability is testable…

  • OCD Diaries: The Courage of Brian Krebs


    The Courage of Brian Krebs by Bill Brenner at OCD Diaries brings to forefront of the "security industry journalism" disucssion many great points which are delivered well with the provided…

  • Bloomberg: NSA Said to Exploit Heartbleed Bug for Intelligence


    The U.S. National Security Agency knew (about Heartbleed) for at least two years via Michael Riley @ Bloomberg The U.S. National Security Agency knew for at least two years…

  • St. Paul College Keynote


    Thank you very much to the Saint Paul College ACM Club for the opportunity to provide the Keynote presentation for their Cyber Security Workshop.…

  • Minnesota Breach Notice Statutes 2013


    Minn. Stat. §§ 325E.61: DATA WAREHOUSES; NOTICE REQUIRED FOR CERTAIN DISCLOSURES. 325E.61 (d) For purposes of this section and section 13.055, subdivision 6, "breach of the security of…

  • Books: Red Team Field Manual


    Red Team Field Manual Fantastic no-nonsense RTFM. Author: Ben Clark Publisher: CreateSpace Independent Publishing Platform; 1.0 edition (February 11, 2014) Language: English ISBN-10: 1494295504 ISBN-13: 978-1494295509 Product Dimensions: 8.…

  • Inventory: Assets; Software and Hardware


    In order to be effective, you must know what you are trying to protect. Further, you can reuse your financial audit information to help accomplish this. Download a local copy…

  • Malware: Defense


    This cute kitten is harboring a malicious test file, four different ways, that every anti-virus should detect, don't blow your whole budget on buzzword bingo "anti-virus" software. Start with the…

  • Reduce your Attack Surface


    Every added device or installed software increases your attack surface. Adding software or devices to your environment increases your attack surface as they must be maintained and monitored. "Now you…

  • Passwords: Write them down.


    Store your passwords LastPass Password Safe KeePass Multi-factor authentication can be cheap, easy -and- secure. YubiKey Google Authenticator DuoSecurity (Facebook) Account lockouts: 10 tries. Account lockouts are necessary to prevent…

  • Patch & Update: All the Things


    Patch your operating systems and applications on a regular schedule. Use a tiered update system where the most technically savvy people get the updates first and report issues and then…

  • Internet Access: Security Basics


    Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Establish a secure perimeter Enable the security features on the existing hardware from your ISP Change the default passwords…

  • SOSB: Original Slides & Notes [PDF]


    Security on a Shoestring Budget Original Security on a Shoestring Budget (SOSB Slide Deck) with Notes at Github. Follow the SOSB developing series.…

  • Resiliency: Compartmentalize


    Compartmentalize into zones of similar data access Virtualization with VMware, Virtual Box, QEMU/KVM, XEN Containers such as Docker.io and Vagrant Operating System, Configuration, Data and Infrastrucutre exist separately…

  • Resiliency: Backups & Restoration


    Meet your new best friend. Backups. While meant comedicaly, backups have saved me more times than I can count. What I can count however was the one tragic event that…

  • Inventory: Data and Information


    Information Types Start with a simple but comprehensive Data Classification program and announcing it to staff If the data is on the organization website or in marketing material, it is…