Covid-19 notes for CISOs

Are your “coronavirus infosec strategy” Google searches not really returning useful results for you? Worried that any day now you’ll be put on the spot to explain how the infosec team will assure the BCP decisioning that is happening across your organisation as it prepares to respond across multiple complex scenarios around extended remote access…

WDTV Live SMP Remote Password Reset Exploit (for starters…)

WDTV Live Streaming Media Player release 2.03.20 (and likely earlier) contains a weakness that allows an unauthenticated attacker to change the web management password to a value of their choice. Nothing earth-shattering here, just a failure to validate that a POST request contains the correct validated headers that an authenticated user should have before processing the…

Hacking people in business

Just returned home after a quick business trip to the Middle East. The temperature was solid, the trip went smoothly and the delegation achieved what it set out to accomplish.But I was reminded that the operational effectiveness of an enterprise information security program has a strong correlation to the seniority of those who support it in…