Stats from an SSH Honeypot

I decided to run an ssh honeypot in my Cloud Server on the Internet. While this has been done many times by others, I wanted to see what would happen and share my results.

Read More

Unattended, unlocked, unprotected terminals - User security training with USB Rubber Ducky

As part of our user security awareness training, we perform tests of our personnel in the work environment. One training exercise involved testing for unattended computers by inserting a USB device that would display a ransomware screen.

Read More

Making app password changes easier

A common technical challenge for developers, operations, and IT security is the management of service account credentials used by applications. Service accounts are needed to authorize different components for communication and sharing data. This is true whether the application runs in the cloud or on-premise. The problem is that these credentials have the following issues:

  • They are setup one time.
  • They never expire.
  • They are hard-coded into configuration files.

I want to share some design thoughts on how to make changing credentials easier.

Read More