Latest activity

precious · Jan 3, 2025

Emmanuel Phakula Mandala said:
@Trevor Chandler

Keepnet Free Phishing Email Analysis: This tool scans and analyzes suspicious emails to detect phishing attempts and provides detailed insights into potential threats

Definitely one to check out for anyone serious about email security!

precious · Jan 3, 2025

Try VirusTotal for attachments and links, or MailScanner for a more comprehensive scan!

precious · Jan 3, 2025

Rick Butler said:
Of course they did.

Not even going to comment further - just going to say - trust another organization with your security and...well:

View attachment 2136

A wake-up call indeed.

precious · Jan 3, 2025

Trevor Chandler said:
Too relaxed - like on Bourbon street in New Orleans :-(
It's unfortunate, but you almost just can never let your guard down!!!

That comment "It's not a matter of if, but when" applies to all levels of the public sector!
The U.S. Treasury? My goodness!!!!

Even trusted providers aren’t immune......... A timely reminder to keep our defenses sharp and never stop reassessing risks, especially when third parties are involved!

precious · Jan 3, 2025

Rick Butler said:
Oh, I think security awareness is far more than phishing and passwords. And I'm not so sure they are even in the top five anymore.

Identity Protection is probably the most massive requirement now. Ransomware...malware protection, multi-factor authentication to replace those feeble passwords, are regularly part of security briefings and trainings now.

The landscape has definitely evolved!

precious · Jan 3, 2025

Rick Butler said:
Well, no, the end user doesn't typically do these things. But RBL and SBL's can also interfere with e-mail transmission - preventing all those annoying spammers from setting up their own SMTP boxes and blitzing the world with spam.

True! RBLs and SBLs are the gatekeepers keeping the spam flood at bay.

precious · Jan 3, 2025

Trevor Chandler said:
I'm still failing to see how, where, the end user is able to control the email going into the Inbox vs
the Junk/Spam folders. That's what I'd like to achieve!!!

It’s all about fine-tuning filters and whitelisting........You can usually mark certain senders as 'not spam' to teach your email client what's legit. Some services even let you set custom rules for better control!

precious · Jan 3, 2025

Rick Butler said:
Spam Block Lists such as the ones maintained by organizations like Spamhaus can have quite an effect on whether messages get classified as junk/spam/phish, etc.

The MX Toolbox is a good place to check to see if a particular server is on a blocklist for spam/UCE. Properly constructed DMARC and SPF records on the domain level can greatly cut down on the amount of email blocking as a result of an internet blocklist.

Email Blacklist Check - IP Blacklist Check - See if your server is blacklisted

mxtoolbox.com

Good to know!...DMARC and SPF really are the unsung heroes of email management

precious · Jan 3, 2025

Trevor Chandler said:
I'm gonna have to give this one a lot of thought. I'll have to get back to you later!

Waiting.....

precious · Jan 3, 2025

Trevor Chandler said:
You didn't ask me, but I say it depends!

Great.....Need some factors.....

precious · Jan 3, 2025

Trevor Chandler said:
Vulnerability - Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Note: The term weakness is synonymous for deficiency. Weakness may result in security and/or privacy risks.

Threat - Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

Well explained!

precious · Jan 3, 2025

Rick Butler said:
Your compliance requirements trump all of this. Not every organization has the same requirements, but, for example, an organization operating in California or Virginia will have a greater adherence to privacy than, say, in Florida, as states adopt their own versions of the EU's GDPR guidance.

General statements about security and privacy themselves are overly nebulous until we define what the asset is, its vulnerability, and threats - in other words, a risk assessment. Every individual, every organization must conduct a proper risk assessment along with compliance requirements before the questions of 'how much privacy' and 'how much security' are required.

I don't think it's a matter of which one gets precedence in a general sense, because it will vary in every single use case.

Great points......Risk assessment and compliance are the real game-changers here.

precious · Jan 3, 2025

Anthony Wanjohi said:
The choice depends on the context and specific needs. In some cases, security might take precedence to protect sensitive information from immediate threats. In others, privacy might be prioritized to ensure personal data is not misused or overexposed.

Security can exist without privacy, but privacy cannot exist without security.

True! It's the classic chicken-and-egg dilemma! One’s only as good as the other!

Rick Butler · Jan 3, 2025

Trevor Chandler said:
destitute (adjective) - without the basic necessities of life.

You're right, I'm not that destitute. However, I have to be very sagacious in my expenditures!!!
One of the many pieces of wisdom that has been shared with me is, "It's not how much you make,
but it's how much you get to keep." That's my pilot when I'm contemplating spending on
non-essentials.

I'm not too proud to accept donations of any sort

Well, actually, it's not how much you make, nor how much you keep; it's how much you can give away. (but that's a different matter of sage wisdom)

*flips over fedora* - we'll pass this around and see if we can get some CIN'ers to fill it.

Otherwise, playing the guitar on the street, singing songs about IT security might be your best bet.

/r

precious · Jan 3, 2025

Trevor Chandler said:
There's something camaraderie that just works!!!!

And let me thank you again for your usual kind and considerate words!!!!

Thank you as well.......Now I just need the recipe!

precious · Jan 3, 2025

Trevor Chandler said:
The idea you make reference to is not the use of a hammer is it

Not at all! Just creative classroom management-no hammers involved!

Trevor Chandler · Jan 3, 2025

Rick Butler said:
Well, no, the end user doesn't typically do these things. But RBL and SBL's can also interfere with e-mail transmission - preventing all those annoying spammers from setting up their own SMTP boxes and blitzing the world with spam.

I'm still failing to see how, where, the end user is able to control the email going into the Inbox vs
the Junk/Spam folders. That's what I'd like to achieve!!!

Trevor Chandler · Jan 3, 2025

Rick Butler said:
In that case, then I would recommend going over to our good friends at Biohazard Coffee (https://biohazardcoffee.com/). 928mg of caffeine for a 12oz cup.

Even I had to cut it into regular coffee - that stuff is what powers gaming marathons.

Not being a connoisseur of this beverage, that 928mg reference to caffeine content has
zero meaning to me. So, without the ability to contribute any meaningful commentary,
I'll just move myself from the playing field, into the stands, with the fans!!!

Trevor Chandler · Jan 3, 2025

Rick Butler said:
C'mon, bud. With all the conferences you attend, you can't sell me on the notion that you're that destitute...

destitute (adjective) - without the basic necessities of life.

You're right, I'm not that destitute. However, I have to be very sagacious in my expenditures!!!
One of the many pieces of wisdom that has been shared with me is, "It's not how much you make,
but it's how much you get to keep." That's my pilot when I'm contemplating spending on
non-essentials.

I'm not too proud to accept donations of any sort

Trevor Chandler · Jan 3, 2025

Rick Butler said:
We'll just draw a picture.

View attachment 2137

Being the visual learner that I am, this certainly brings the point home more so than the verbiage that I provided!!!

Thank you Mr. Butler!!!

Rick Butler · Jan 3, 2025

Trevor Chandler said:
I do appreciate your generosity good sir! The step before that though is to get past the little matter of funding for the subscription!

C'mon, bud. With all the conferences you attend, you can't sell me on the notion that you're that destitute...

Rick Butler · Jan 3, 2025

jasoneckert said:
Insufficient caffeination should also be added to that list.

Trevor Chandler said:
That's one that should be at the top of the list!!!!

In that case, then I would recommend going over to our good friends at Biohazard Coffee (https://biohazardcoffee.com/). 928mg of caffeine for a 12oz cup.

Even I had to cut it into regular coffee - that stuff is what powers gaming marathons.

Rick Butler · Jan 3, 2025

Trevor Chandler said:
Properly constructed DMARC and SPF records on the domain level are definitely part of the equation, but unfortunately, the end user has no access.

Well, no, the end user doesn't typically do these things. But RBL and SBL's can also interfere with e-mail transmission - preventing all those annoying spammers from setting up their own SMTP boxes and blitzing the world with spam.

Rick Butler · Jan 3, 2025

We'll just draw a picture.

Trevor Chandler · Jan 3, 2025

jasoneckert said:
Insufficient caffeination should also be added to that list.

That's one that should be at the top of the list!!!!

Latest activity

Latest activity

Filter