A correction video, with a shout out to Stephen Harris for catching two of my mistakes, and a broader thought on the importance of quickly identifying and correcting mistakes. DomainKeys Identified Mail (DKIM) provides the email authentication by certificates. And AES uses shared secret keys, not…
Leaking sensitive information in documentation happens to just about everyone. For today's video, let's use Microsoft's MSDN and the GPO AES private key leak (MS14-025). One slip in documentation and -- bam! -- an attack occurs. Be careful. No pressure.
Microsoft releases a patch that stops AdGholas's primary vulnerability. It only took two years. It only affected 5 million people. A day, 5 million a day. And this tells us a lot about the need for defense in depth.
Velocity isn't about how hard you hold down the throttle, but how fast you run the laps. It's about results, quality results. In DevOps, this takes three things. In racing, it takes someone other than Wolf driving (true story).
Some say typical attacks are 20% low level hacktivists and such, 70% mid-level crimes, and 10% advanced nation state. Is that number right for our organization? And what do trends in crime mean for how we defend?