hols3n

Packaging a Node app for Docker – from Windows

Posted on February 28, 2018March 6, 2018 by hols3n

Container technologies are becoming a cornerstone of development and deployment in many software houses - including where I have my day job. Lately I've been creating a small web app with lots of vulnerabilities to use for security awareness training for developers (giving them target practice for typical web vulnerabilities). So I started thinking about … Continue reading Packaging a Node app for Docker – from Windows →

How to recognize a customized spear-phishing email

Posted on February 25, 2018 by hols3n

Phishing is still the most common initial attack vector. Mass mailed spam is now taking cues from targeted campaigns, improving conversion rates through personalization and the use of seemingly authoritative content. Scammers are getting better at targeting. Sharpen your defenses today - including your awareness training!Here are some indicators that can help identify phishing: Sender: … Continue reading How to recognize a customized spear-phishing email →

How the meltdown CPU bug adds 50 million tons of CO2 to the atmosphere

Posted on January 8, 2018 by hols3n

The first few days of 2018 have been busy for security professionals and IT admins. As Ars Technica put it: every modern processor has "unfixable" security flaws. There are fixes - sort of. But they come with a cost: computers will run up to 30% slower because of it, depending on the type of work … Continue reading How the meltdown CPU bug adds 50 million tons of CO2 to the atmosphere →

Making your signup page safe to use – by knowing how a secure development process looks

Posted on December 2, 2017 by hols3n

When you are signing up to a new web service - what are the risks? Obviously, there are some things you should think about before making the decision to sign up, such as their privacy policy and if the page seems to be good at securing your personal data. Lots of sites have not done … Continue reading Making your signup page safe to use – by knowing how a secure development process looks →

Privacy practice and the GDPR

Posted on November 24, 2017 by hols3n

This has really been the year of marketing and doomsday predictions for companies that need to follow the new European privacy regulations. Everyone from lawyers to consultants and numerous experts of every breed is talking about what a big problem it will be for companies to follow the new regulations, and the only remedy would … Continue reading Privacy practice and the GDPR →

Why you should be reading privacy statements before using a web site

Posted on August 5, 2017 by hols3n

If you are like most people, you don't read privacy statements. They are boring, often generic, and seem to be created to protect businesses from lawsuits rather than to inform customers about how they protect their privacy. Still, when you know what to look for to make up your mind about "is it OK to … Continue reading Why you should be reading privacy statements before using a web site →

Does cyber insurance make sense?

Posted on July 2, 2017July 2, 2017 by hols3n

Insurance relies on pooled risk; when a business is exposed to a risk it feels is not manageable with internal controls, the risk can be deferred to the capital markets through an insurance contract. For events that are unlikely to hit a very large number of insurance customers at once, this model makes sense. The … Continue reading Does cyber insurance make sense? →