Free Certs Come With a Cost

Let’s Encrypt certainly presents an interesting challenge.  I have personally sang the praises of this project from its inception because I do believe the world needs a cost effective solution for site encryption/certificates.  That said, abuses of this system were to be expected.  I believe it is time for the IT security community to rally around this project and provide support toward an oversight solution that can limit these abuses and maintain this valuable resource for the world at large.

https://threatpost.com/free-certs-come-with-a-cost/126861/

Verizon Data of at Least Six Million Users Leaked Online

According to Verizon, no data was accessed by an external source, but at the end of the day, the data was exposed publicly and discovered by a security researcher.  I do not believe a definitive statement can be made as to who may or may not have discovered and harvested data.

I recommend every Verizon customer at least call Verizon support and change your pin.  You should also remain diligent in checking for unusual account activity.

https://www.tripwire.com/state-of-security/latest-security-news/14-million-verizon-customer-records-reportedly-left-exposed/

https://www.darkreading.com/cloud/verizon-suffers-cloud-data-leak-exposing-data-on-millions-of-customers/d/d-id/1329344

https://www.infosecurity-magazine.com/news/verizon-data-six-million-users/

 

Book Review: The Phoenix Project

I read this book a couple of years ago, and at the time, I was employed by a rather large regional retail organization dealing with very similar issues.  I found myself replacing the names of the characters in the book with those of my own co-workers as I read and suffering a profound sense of deja vu.  I cannot recommend this book strongly enough to anyone working in or with a business of any significant size, in IT or not.  Gene Kim and team have put together a story both entertaining and truly educational.  You will come away with an eyeopening respect for DevOps, business goals, and the role of IT in business.

I had the pleasure of meeting Gene at a conference not long after the book came out and my respect for him and his mission to educate the world on the challenges of effective devops has only grown since.

https://www.tripwire.com/state-of-security/off-topic/book-review-phoenix-project/