Some of you may have noticed that I frequently go for long periods of time without blogging. That means I’m employed. When I’m not employed then I have time to blog here.
So now I’m blogging for my employer, SecureIQLab. If you don’t want to wait until I am unemployed again to read my blogs, here are three I’ve written recently.
From Supply Chain to Kill Chain: Biometric Security is a look at some of the ways biometric systems can be attacked. Supply chain attacks are the launchpad for many breaches. For biometric devices this can be problematic. But there’s more…
A couple of years ago I was tasked with writing an article about biometric privacy. 200 hours of research later I had tested every breathalyzer on the market. Well, not really since I just thought of that research. Maybe we can have a beer and breathalyzer club and do Zoom meetings with B&B (Beer and breathalyzers).
Ok, actually the most interesting thing I found was that in Illinois people can sue their own employer into bankruptcy for violations of the Illinois Biometric Information Privacy Act. It’s not just for employers, Facebook settled for $650 million for BIPA violations. Anyway, privacy legislation is getting stricter and the number of states that have such laws or will have them is increasing.
Pretty much anyone considering using biometrics for commercial purposes needs to stay on top of things to avoid costly mistakes. The Illinois BIPA is not at all hard to comply with, and other such laws in other states are easy to comply with, but you have to know what they are and what is required for compliance. It’s good for consumers to know what protections they have as well. Come on over and take a look at some Biometric Legal Implications. This isn’t a law school class and I’m not a lawyer, so there are no parties of any part, no binding arbitration agreements, and it doesn’t cost $500/hour to read it either.
Next up!
Yes indeed, The Supply Chain Looks Like a Bunny Rabbit With a Drum. Well, what can I say? The Rabbit of Caerbannog has nothing on the Energizer Bunny, Sony, the Russians, or stupid ideas like a Wi-Fi water kettle and networked fish aquarium thermometers in casinos! Seriously, one stupid unsecured refrigerator can spoil your company’s security. Any questions?
Finally
GoDaddy gave a world-class lesson on how to f*ck user security awareness training, encourage insider attacks, and put your customer at increased risk. I explain in Inciting Supply Chain Attacks GoDaddy Style.
I hope you’ll pop over and take a look!
Cheers,
Senior Security Analyst and Rabbit Whisperer
SecureIQLab
No comments:
Post a Comment