Jai Vijayan’s recent Dark Reading article on the Internet of Things (IoT) highlighted five things we should to prepare for its use in the enterprise. Below are my thoughts on his recommendations.
Indianapolis, CircleCityCon ’15 – June 12-14 – Jayson Brown, an IT Security Specialist for one of Michigan’s largest health care organizations, hones your hacking skills via Capture the Flag exercises. Participants to this 8 hour course will test their skills by attacking a complete virtual business called Corp Co. Interested attendees should sign up at: https://circlecitycon.com/tickets Continue reading
Three years ago I performed a penetration test of a transportation company in the Midwest. Save for a few low-severity vulnerabilities, Company X had a well-managed public-facing network infrastructure. Satisfied with the status of their network security, I turned my attention to the human network.
Searching for Company X on sites like Twitter, Facebook, and LinkedIn, I discovered employee names and corporate activities that were not shared on its website. As the search continued, Company X’s culture, processes, and lexicon emerged from the social dialogue.
Within three hours I was able to collect identifying information on key employees including birth dates, employment and educational history, and hobbies. These data points were cross-referenced with other resources on the Internet to profile Company X’s community involvement activities.