Information Security Blog

Click here to check out the top news in information security and leave your comments.

  • New FDA Guidance on Medical Device Cyber Security
    The FDA has released new guidance on information security practices for medical devices. Many hospital’s information security staff are left to battle medical device vendors on their poor (or often non-existent) practices in maintaining software security patches and updates, and can refuse to support the device if these patches are applied by the hospital IT […]
  • Your Gmail has been hacked. 10 things you must do NOW!
    Gmail accounts being compromised by hackers and spammers happens all too often. If it hasn’t happened to you directly, you have undoubtedly received bogus emails from your contacts that were taken over by hackers, peddling work-from-home offers or often just a lonely unassuming (but malicious) link. If you or a friend are ever in this […]
  • Top 15 Information Security Interview Questions
    An information security program is only as good as the people that comprise it. This is why it is critical that you identify the best job candidates and weed out the rest during the information security interview process. Over my career, I have battle tested these interview questions, adding them and dropping them to get […]
  • Dropbox not Suitable for HIPAA or PCI Data
    It’s good to get reminders of what we hopefully all know as security professionals, that Dropbox is not a solution for PHI, PII, PCI payment card data, or confidential financial data. Read on for the full story… Analysis: Dropbox Carries Risks For SMBs By Edward F. Moltzen, CRN November 04, 2011 3:50 PM ET http://www.crn.com/news/cloud/231902380/analysis-dropbox-carries-risks-for-smbs.htm?pgno=1 […]
  • Facebook Allows your Friends to Reset your Password
    Facebook receives an ungodly amount of calls and emails from users who have been locked out of their accounts. In response, Facebook now allows you to designate “trusted friends” that can help you reset your password through codes sent to their account. This ushers in a new breed of possible social engineering tactics, no longer […]
  • US Government Satellites Hacked
    On the heels of the news that US Predator drones control stations were infected with malicious code, comes news that hackers managed to successfully penetrate US government defenses and gain operational control of two satellites, the Nandsat 7 and Terra AM-1. No major conclusions can be drawn from the limited information, but the upcoming report […]
  • Taking your Browser to the Cloud, the Next Evolution in Cloud Computing
    As scary as it seems, this is the future of mobile browsing. Add to the fact that where there is user tracking data to be collected, network providers have never been bashful about using this data to line their pockets. Hopefully, there will be enough media coverage to work out the information security and privacy […]
  • Dual-Mode Android Separates Your Personal Data from Your Work Data
    I cringe every time I connect my new Android devices to a corporate network, and have to accept the horrifying Terms of Service. Enterprise activation, required by most corporations exchange servers for using the built-in email application, allows an employer to wipe my device remotely, among many other scary things. This dual mode Android ability […]

These are articles written for the benefit of the InfoSec community. Feel free to use these and publish them on your website or blog as long as you include a link to this website. This material carries a Creative Commons (CC) Attribution Share Alike CC BY-SA license.


Information Security Interviews and Commentary

I am available for limited public interviews on topics relating to information security. To discuss an interview, you can reach me via the contact page.


Presentation and Interview Archive

Due to venue requests, these are only made available to attendees and other authorized users.


Information Security Resources

These tools are all malware free, and updated regularly. However, I make no guarantees of this software of any kind. Please see the terms of use contained within the individual tools for further usage and copyright information.



Information Security News


Warning: DOMDocument::load() [domdocument.load]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/content/82/13955982/html/dfwinfosec.com/rssx/rsslib.php on line 77

Warning: DOMDocument::load(http://pipes.yahoo.com/pipes/pipe.run?_id=c769259010c51e944d321036f088fae0&_render=rss) [domdocument.load]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/content/82/13955982/html/dfwinfosec.com/rssx/rsslib.php on line 77

Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "http://pipes.yahoo.com/pipes/pipe.run?_id=c769259010c51e944d321036f088fae0&_render=rss" in /home/content/82/13955982/html/dfwinfosec.com/rssx/rsslib.php on line 77