Defense in Depth: It’s for Programmers, Too!
“But, we took care of that before, didn’t we?” asked a participant in a web application security course I taught recently. It was a good, logical question. We were discussing “SQL injection” a process where an attacker enters database commands into a website field – in, say a forum or comment section – that could […]
Vishing: Another Way to go Phishing
If you thought there was only one kind of phishing attack, you’d be wrong. There are a handful of types and “vishing” is becoming increasingly common. To understand vishing, a definition of phishing itself is in order. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and […]
A 5-step Learning Process to Encourage Learner Discovery
The other day, a friend and I were discussing a school where children were encouraged to discover new things on their own. He’d shown me an article describing the children learning to build or assemble some structure. It reminded me of an instructional process I’d learned almost forty-five years ago at Philmont Scout Ranch. I […]
When Two-factor Authentication Goes Wrong
I am a strong advocate of two-factor authentication, but when it goes wrong, you can lose access to critical systems. I have written about the benefits of two-factor authentication (2FA) here and I discuss it every time I teach Learning Tree’s System and Network Security Introduction. A recent account lockout hasn’t diminished my support for […]
No More Signatures! Am I Still Safe?
If you have used a credit card in North America in the last month, you may have noticed that you were not asked for a signature. That may have come as a surprise. It turns out to be a good thing! In a March 2018 Infographic, Visa says that that the dollar amount of counterfeit […]