March 15, 2022
Good morning, everyone!
The latest critical vulnerabilities:
Patch All the Things!
Looking Behind the Curtain
Two stories in my newsfeed this past week really hit home to me the importance of looking behind the curtain – don’t accept marketing claims at face value, and don’t just assume something is secure because it’s popular or used in a lot of places.
Home Security Systems
Consumer Reports recently published a report on their testing of do-it-yourself home security systems – how secure are they?
In a series of new tests, Consumer Reports found that five popular DIY home security systems are relatively easy to jam. [...] Two of those systems … are also susceptible to replay disarm signal attacks
The report is worth reading, as it explains these attacks and several others that you should be aware of. It’s always important to do your research before making a purchase, but you should definitely research the security of a security product!
The report also has some really useful advice:
So, how can you protect your system? First, don’t advertise what system you own with its branded yard signs and window decals. Once a burglar knows what system is being used, they can easily figure out which signals they need to jam.
“Security signs and decals can be a useful deterrent to burglars, but you should always use generic, un-branded signs and decals,” says Bernie Deitrick, who oversees CR’s home security system testing. “That way you get the same benefits without tipping burglars off to the brand of system you own.”
WordPress Security Whitepaper
WordPress is probably the most popular website development package on the Internet today, primarily because it’s very easy to use and there are a kajillion plugins available for it.
Unfortunately, one of the great dichotomies of software is “Ease of Use” vs. “Security” – and this whitepaper gives a lot of examples of WordPress plugins with known vulnerabilities that aren’t being patched.
So if you want to use WordPress for your website, choose your plugins carefully. Are they under current development or have they been abandoned? Does that developer have a good reputation? Frankly, it’s a good idea to have your WordPress installation configured and maintained by a professional, someone who really knows WordPress, who can and will carefully vet plugins before installing them for you, and who cares about security. Just because you *can* do something yourself doesn’t mean you *should* do it yourself.
I hope I’ve given you some food for thought this week. Until next time!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺