KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Enable Dark Mode in Microsoft’s Chromium based Edge Browser

If you are like 90% of people in IT or hackers in general, you probably prefer the dark mode on applications simply because it is easier on the eyes. Good news… you can enable dark mode in Microsoft’s new Chromium based Edge browser by completing the following steps: If you have a shortcut to Edge…

Continue Reading

InfoSec is Not Your Enemy… Legal is

It doesn’t take an IT person to know that access to information and security are fighting in the opposite direction. User experience, usability, and friendly intuitive design are products of easy integration and access to data. Information Security has the goal of making things as secure and reliable as possible. They want to make it…

Continue Reading

The Government “Shutdown” and You

Several stories from top news organizations are running stories making it look like systems are not working because of the federal budget not being approved and the “shutdown.” This is not true. The computers that run all of the public services being impacted are run on a variety of VPS systems (mainly Amazon GovCloud). These…

Continue Reading

What I hope to see in 2019 for Information Security

2019 is upon us. We survived that mess of a year we called 2018. I think of it like a test. We managed to pass and are still here. There were a lot of security breaches in 2018 because of some very simple mistakes made by rather large organizations. From backup databases left in the…

Continue Reading

The ‘RID’ vulnerability is not a vulnerability…

Recently a “researcher” has gone on a marketing blitz trying to convince the world he found a vulnerability that doesn’t exist.  This vulnerability has been dubbed ‘RID Exploitation.’  According to this researcher, the RID is the relative identifier at the end of a SID (security identifier) that generally denotes the level of access an account…

Continue Reading

Daily Reminder: Listen More, Talk Less

This is a reminder to listen more and talk less.  Don’t be one of the masses that talks without knowledge, experience, or data.  Everyone appears to be a subject matter expert on everything these days.  Unless you have empirical data and/or first-hand knowledge of a specific subject… let someone else respond. We are in an…

Continue Reading

How to lose an InfoSec job before you’re hired

Recently I have seen many posts from out-of-work security researchers who are looking for gainful employment.  It is never a bad idea to exhaust every resource you can when looking for a job, but you should be mindful about the request you are making, the demands you have, and the impact to your acquisition of…

Continue Reading

Stephen Hawking, the future, and women

Stephen Hawking passed away today at the age of 76.  Many thought it would come much earlier in his life.  Many thought it would never happen because he was a super genius from another dimension (sarcasm).  Regardless, the world lost one of the most brilliant and beautiful minds ever known to the planet Earth. Stephen…

Continue Reading

Gutting Net Neutrality is an attempt to control information

What is Net Neutrality? Net Neutrality is a simple concept.  At it’s very basic meaning, it is an order that all internet traffic must be treated equal without regard to source, destination, or monetary compensation.  This means that the traffic from The Washington Post and The Intercept must be treated the same as traffic from…

Continue Reading

SQL 2016 + Dynamic Data Masking = Exposure

Starting with SQL 2016, Microsoft has included a new “security” feature called Dynamic Data Masking, or DDM for short.  This new feature is supposed to allow you to secure data by masking it to people who should not have access.  For example, if you are a DBA and you have a database with PCI (Credit…

Continue Reading

1 2 3 6