Profile cover photo
Profile photo
Mark Cutting
2 followers
2 followers
About
Posts

Post has attachment
I know what you’re thinking. You’ve read the title of this article, and think I have a heart of stone. Not so – just hear me out first.

I have been a veteran of the infosec industry for over 27 years, and during that time, I’ve been exposed to a wide range of technology and situations alike. Over this period, I amassed a wealth of experience around information security, physical security, and systems. 18 years of that experience has been gained within the financial sector – the remaining spread across manufacturing, retail, and several other areas. I’ve always classed myself as a jack of all trades, and a master of none. The real reason for this is that I wanted to gain as much exposure to the world of technology without effectively siloing myself – pigeon holing my career and restricting my overall scope.

I learned how to both hack and protect 8086 / Z80 systems back in 1984, and was using “POKE” well before Facebook coined the phrase and made it trendy (one of the actual commands I still remember to this day that rendered the CTRL, SHIFT, ESC break sequence useless was “POKE &bdee, &c9”).

I spent my youth dissecting systems and software alike, understanding how they worked, and more importantly, how easily they could be bypassed or modified. Was I a hacker in my youth ? If you understand the true meaning of the word, then yes – I most definitely was.
Add a comment...

Post has attachment
You’d think that for all the huge technological advances we have made in this world, the almost daily plethora of corporate security breaches, high profile data loss, and individuals being scammed every day would have dropped down to nothing more than a trickle – even to the point where they became virtually non-existent. We are making huge progress with landings on Mars, autonomous space vehicles, artificial intelligence, big data, machine learning, and essentially reaching new heights on a daily basis thanks to some of the most creative minds in this technological sphere. But somehow, we have lost our way, stumbled and fallen – mostly on our own sword. But why ?
Add a comment...

Post has attachment
It’s simple enough if you consider the way that fruit can weigh down the branch to the point where it is low enough to be picked easily. A poorly secured network contains many vulnerabilities that can be leveraged and exploited very easily without the need for much effort on the part of an attacker. It’s almost like a horse grazing in a field next to an orchard where the apples hang over the fence. It’s easily picked, often overlooked, and gone in seconds. When this term is used in information security, a common parallel is the path of least resistance. For example, a pickpocket can acquire your wallet without you even being aware, and this requires a high degree of skill in order to evade detection yet still achieve the primary objective. On the other hand, someone strolling down the street with an expensive camera hanging over their shoulder is a classic example of the low hanging fruit synopsis in the sense that this theft is based on an opportunity that wouldn’t require much effort – yet with a high yield.
Add a comment...

Post has attachment
Did you know that there's a new online community called Phenomlab that actively encourages you to discuss #technology, #infosec, #securityawareness, WITHOUT the hard selling ? LinkedIn is great, but I personally think we need to "go back to basics" where we share information in a more efficient way, and group seasoned pro's and novices together in the same pool. 

I learned how to both #hack and #secure 8086 / Z80 systems back in 1984. I was using “POKE” well before #Facebook made the phrase trendy. Let's start making sense of #informationsecurity, raise awareness, and make a massive dent in the criminals armour. 

Can't find a topic that interests you ? Make your own ! This is your platform, and it is free :)

Register now at https://www.phenomlab.com
Add a comment...

Post has attachment
Now you can share files securely with me with via the Nexcloud portal on Phenomlab !
Add a comment...

Post has attachment
The misconception of the true meaning of “hacker” has damaged the Infosec community somewhat in terms of what should be a “no chalk” line between what is criminal, and what isn’t. However, it’s not all bad news. True meaning aside, the level of awareness around the nefarious activities of cyber criminals has certainly increased, but until we are able to establish a clear demarcation between ethics in terms of what is right and wrong, those hackers who provide services, education, and awareness will always be painted in a negative light, and by inference, be “tarred with the same brush”. Those who pride themselves on being hackers should continue to do so in my view – and they have my full support.
Add a comment...

Post has attachment

What would happen if a cyber criminal attempted to scam a security professional ? Well, a few weeks ago, this happened to me.

Like everyone, I certainly receive my fair share of junk email, scams, and pretty much everything else that the internet these days tends to throw at you. For the most part, each one of these “attacks” is ignored. However, one caught my eye after only the first paragraph. Not only was the format used absurd, but the supposedly “formal tone” was nothing short of a complete joke.

Unfortunately, there really is no “TL;DR” synopsis for this particular event. Scrolling to the bottom of the article is of course up to you, but you’ll not only miss out on key information – you’ll also miss out on my sarcasm 😁

Admittedly, this “scam” sounds far fetched. But, believe it or not, this particular campaign has a high success rate. If this were not the case, would a potential criminal go to such lengths to impersonate and engage ? No. They rely on that one human trait known as trust. Trust which in this case is readily exploited.

I promise that this article will be worth your while reading. Ready ? Buckle up. It’s going to be an interesting ride. During the journey, I’ll highlight the warning signs and provide an explanation into each. Let’s start.

https://www.phenomlab.com/wasting-a-scammers-time-is-hugely-entertaining/
Add a comment...

Post has attachment
The recent high profile breaches impacting organisations large and small are a testament to the fact that no matter how you secure credentials, they will always be subject to exploit. Can a password alone ever be enough ? in my view, it’s never enough. The enforced minimum should be at least with a secondary factor. Regardless of how “secure” you consider your password to be, it really isn’t in most cases – it just “complies” with the requirement being enforced.
Add a comment...

Post has attachment
If there's one thing that really frustrates me about my job, it's documentation. It's certainly not the case that I won't commit any time to it, but after all my years in this industry, the process hasn't become any easier - I've written thousands of pages of carefully constructed documentation over my time - in fact, I'd go as far as to say that figure is probably closer to a million by now without any exaggeration. My point here is that it's a begrudging task. One with little reward for the author, but a potential goldmine to the audience that consumes it.

Compared to a simple paradigm, how important is this seemingly endless list of instructions ? Here's an example. You go to a local furniture store, and choose a bookshelf, or perhaps a cabinet of some sort. These days, furniture tends to be flat packed for storage and logistical reasons, and is supposed to be simple to assemble. Depending on how competent a person you are in terms of traditional DIY really determines if you bother to even read (let alone follow) the assembly instructions provided. For all males reading this, we don't need instructions, right ? Of course not. We'll simply toss these aside, and get down to business. Quite what we'll end up with afterwards can leave a lot to be desired - particularly when you have leftover parts and a pile of fixtures that don't seem to fit anywhere.
Add a comment...

Post has attachment
One thing I’ve seen a lot of lately is the “expert” myth being touted on LinkedIn and Twitter. Originating from psychologist K. Anders Ericsson who studied the way people become experts in their fields, and then discussed by Malcolm Gladwell in the book, “Outliers“, “to become an expert it takes 10,000 hours (or approximately 10 years) of deliberate practice”.

This paradigm (if you can indeed call it that) has been adopted by several so called “experts” – mostly those within the Information Security and GDPR fields. This article isn’t about GDPR (for once), but mostly those who consider themselves “experts” by virtue of the acronym. Nobody should proclaim themselves a GDPR “expert”. You cannot be an expert in something that isn’t actually legally binding until May 25 2018, nor can you have sufficient time invested to be an expert since inception in my view. Nobody knows how many iterations and changes there will be once this new regulation goes live (and I’m guessing there will be a few where the policy just isn’t enforceable for a variety of reasons that have been overlooked in the original mandate).
Add a comment...
Wait while more posts are being loaded