Category Archives: Security

Three Cybersecurity Lessons to Learn from the Fractured Fairy Tale – Snow White

I chanced upon this Youtube video: Fractured Fairy Tale – Snow White. As the title implies, it’s not your typical Snow White story.

While I wouldn’t say the video is exactly child friendly, I would recommend to use it for Cybersecurity Awareness Programme.

In fact, I drew three import Cybersecurity lessons from the it. 

  1. Cybersecurity attacks are seldom done in isolation. Attackers employ a combination of attacks to succeed. This is akin to the 7 dwarves using a combination of Social Engineering and Trojan horse attacks on the wicked queen.
  2. Social engineering attacks come in all shapes & sizes. They play to human’s weakness. The dwarves made use of the wicked queen’s vainess to con her into parting away with her riches.
  3. Trojan horse is an old but effective form of attack. The coin operated mirror was something that the wicked queen trusted for dishing out advice. Often, we were tricked into installing a software or opening an attachment from a ‘trusted’ source.

Let me know if there were more lessons you could learn from the video.

Advertisements

Email security with 2FA (not Hotmail/Outlook)

I’d decided and acted. Hotmail just ain’t making the cut these days in terms of security. It’s lack of a reliable 2nd factor authentication (2FA) is the last straw.

Google is better. There’s a Google Authenticator app for iPhone that I can install and setup with multiple gmail accounts.

This makes it tougher for anyone to hack my email account. And indirectly, this gives my social media accounts an additional layer of protection.


OWASP Top 10 Web Application Security Risk

The OWASP Top 10 Web Application Security Risks for 2010 are:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards

In the course of your work, how often have you entered them? Is your web application designed with security in mind from the beginning? Or security is an after thought, after failing penetration tests from external security consultants? For more details on the top 10 web application risk, read here.