No Silver Bullets
Proof once again that there are no silver bullet solutions in security, despite the marketing hype.
Craft for Notes
In my never-ending search for “Software that doesn’t Suck”, my latest find in my personal productivity quest is Craft – the note-taking power app by Luki Labs Limited.
CISA Log4j Security Humor
Who says security professionals don’t have a sense of humor… 🙂
’Tis the Season (To Not Get Hacked!) — 2021 Edition
Time again for my annual list of information security tips and tricks for keeping your identity and information safe over the holidays and all year round.
It Ain’t Over Till It’s Over
And it’s never over…. If the log4j crisis has proven anything, it is in justifying why the Center for Internet Security (CIS®) Top 18 controls are so vital. Rather than mandating controls to counter every possible attack vector (NIST 800-53 et al), the CIS Top 18 controls are periodically refreshed and reprioritized based on…
Additional steps to remediate log4j
Log4j remediation is much more than just patching. Here are additional steps you may not have considered in your Log4j response: Do you know if you have Log4j, or any of the other libraries in which Log4j is embedded, in the apps you have developed internally? (You do have a way to track and…