category Security posts

Securing administrative access with MFA

10 minutes to read
Monday, 4th of March 2019

Now that multi factor authentication is gaining ground I thought I would write a simple guide on how to secure administrative access with MFA on Linux systems. The solution is simple and based on Google Authenticator. The good thing with Google Authenticator is that it's a typical TOTP/HOTP solution and as such does not require any internet connectivity on either the server or the client. The configuration examples provided are more or less appropriate for openSUSE Leap 15 and Ubuntu 18.04 LTS

(ISC)2 Learn - a new opportunity

4 minutes to read
Wednesday, 20th of February 2019
- awareness
- security
- privacy
- education

In September 2018 (ISC)2 announced a Free GDPR course for members. What started as a single free course was very recently rebranded as the Professional Development Institute. The plans are for up to 30 (!!) new courses in 2019.

Private and secure browsing

7 minutes to read
Monday, 11th of February 2019
- security
- linux
- virtualization
- privacy
- open source

GDPR is supposed to let us take back control of our private data. In reality though many websites either don't allow that to happen through their selection of cookies, or constantly present to us the same requests until we accept the most invasive option. At the same time there is a known security risk related to every day broswing: browser - served malware, sometimes caused or enabled by the insane amount of 3rd party uncontrolled scripts that are served to us on the websites we visit. We need to find ways to browse securely and protecting our privacy as much as possible.

To cyber-insure or not?

4 minutes to read
Tuesday, 4th of December 2018

Professional liability insurance has been around for long. It is not a surprise that Cyber Insurance is becoming a trend lately, considering the constantly raising number of security breaches. The post in one sentence: Cyber insurance is a good thing but be careful what you wish for.

When multi-factor will not save you

11 minutes to read
Sunday, 19th of August 2018

There is a lot of discussion lately about multi-factor authentication and how this will upgrade everyone's security. Indeed, it is an improvement and it was about time we start becoming more conscious about the security issues related to authentication. As usually though, these discussions generated a lot of confusing and "why it didn't work" moments when we see cases such as Reddit's hack in August of 2018.

GISD 2018 - Spring Edition

2 minutes to read
Wednesday, 6th of June 2018

On Thursday, the 31st of May I was invited to participate in a panel discussing artificial intelligence and machine learning. The event, Geneva Information Security Day 2018, was organized by High Tech Bridge. If you don't already know High Tech Bridge, it's a Geneva - based security company which constantly gets awards and recognition for their AI technology. Just this week, High-Tech Bridge's ImmuniWeb was named the Winner in "Best usage of Machine Learning / AI" category at SC Awards Europe 2018.

What do you think this is?

Recent Posts