Leonard Nelson https://leonelson.com Personal blog of Leonard Nelson talking about technology, education, customer relationship management, customer service and Africa. Sun, 03 Mar 2019 15:01:59 +0000 en-US hourly 1 https://leonelson.com/wp-content/uploads/2006/01/cropped-LeonardNelson-2.0-32x32.jpg Leonard Nelson https://leonelson.com 32 32 Under the Hood of Password Managers https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/ https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/#respond Sun, 03 Mar 2019 14:56:40 +0000 http://leonelson.com/?p=3086 Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings…

Continue reading

The post Under the Hood of Password Managers appeared first on Leonard Nelson.

]]>

Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 [1], 1Password 4 [1], Dashlane [2], KeePass [3], and LastPass [4]. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state.

Source: Password Managers: Under the Hood of Secrets Management

The post Under the Hood of Password Managers appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/feed/ 0
CIS Controls Self Assessment Tool https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/ https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/#respond Sun, 03 Feb 2019 22:44:08 +0000 http://leonelson.com/?p=3078 The Center for Internet Security has launched the CIS Controls Self-Assessment Tool, or CIS CSAT, to enable organizations to track and prioritize their implementation of the CIS Controls. The tool includes features such as the ability to: Delegate questions to other team members Set deadlines for each CIS Control and sub-control Collect documentation related to…

Continue reading

The post CIS Controls Self Assessment Tool appeared first on Leonard Nelson.

]]>

The Center for Internet Security has launched the CIS Controls Self-Assessment Tool, or CIS CSAT, to enable organizations to track and prioritize their implementation of the CIS Controls. The tool includes features such as the ability to:

  • Delegate questions to other team members
  • Set deadlines for each CIS Control and sub-control
  • Collect documentation related to your findings
  • Capture team discussion about each assessment question

To start with the Self Assessment Tool, visit https://csat.cisecurity.org/

The post CIS Controls Self Assessment Tool appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/feed/ 0
Health Industry Cybersecurity Practices https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/ https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/#respond Mon, 07 Jan 2019 02:58:07 +0000 http://leonelson.com/?p=3022 Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.…

Continue reading

The post Health Industry Cybersecurity Practices appeared first on Leonard Nelson.

]]>
Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.

The guide includes:

The post Health Industry Cybersecurity Practices appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/feed/ 0
China’s Global Satellite Internet Service https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/ https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/#respond Mon, 31 Dec 2018 19:00:36 +0000 http://leonelson.com/?p=3019 Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet to people who still don’t have reliable access. Nearly 3.8 billion people are unconnected to the internet, and women and rural poor are particularly affected.The satellite, called Hongyun-1, took off at China’s national launching site Jiuquan Satellite…

Continue reading

The post China’s Global Satellite Internet Service appeared first on Leonard Nelson.

]]>

Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet to people who still don’t have reliable access. Nearly 3.8 billion people are unconnected to the internet, and women and rural poor are particularly affected.
The satellite, called Hongyun-1, took off at China’s national launching site Jiuquan Satellite Launch Center on Saturday (Dec. 22). Hongyun-1, or “rainbow cloud,” is the first of 156 satellites of the same name developed by state-owned spacecraft maker China Aerospace Science and Industry Corporation (CASIC). A Long March 11 rocket, made by another state-owned firm, China Aerospace Science and Technology Corporation, carried the Hongyun-1.

China got on the bandwagon to provide global satellite internet

The post China’s Global Satellite Internet Service appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/feed/ 0
Wallor – Slim, Smart, RFID Wallet https://leonelson.com/2018/12/30/wallor/ https://leonelson.com/2018/12/30/wallor/#respond Mon, 31 Dec 2018 01:10:49 +0000 http://leonelson.com/?p=3012 Wallor is a slim wallet with smart capabilities. The wallet has worldwide GPS tracking, Bluetooth alert system and RFID protection. Key Features: Card Fit/Number of Cards: 10-12 Bill Fit/Number of Bills: 15+ Keys/Coins: Yes. Special pocket Size: 4.6 x 3.5 x 0.25 inch (110 x 85 x 7 mm) Material: Black Nappa Leather RFID Protection: Yes GPS Tracking: Cloud data tracking Data…

Continue reading

The post Wallor – Slim, Smart, RFID Wallet appeared first on Leonard Nelson.

]]>
Wallor is a slim wallet with smart capabilities. The wallet has worldwide GPS tracking, Bluetooth alert system and RFID protection.

Key Features:

  • Card Fit/Number of Cards: 10-12
  • Bill Fit/Number of Bills: 15+
  • Keys/Coins: Yes. Special pocket
  • Size: 4.6 x 3.5 x 0.25 inch (110 x 85 x 7 mm)
  • Material: Black Nappa Leather
  • RFID Protection: Yes
  • GPS Tracking: Cloud data tracking
  • Data Plan: Free

Related Links:

Wallor 2.0

The post Wallor – Slim, Smart, RFID Wallet appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/30/wallor/feed/ 0
Build And Run A SOC for Incident Response in Higher Education https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/ https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/#respond Sat, 08 Dec 2018 15:40:21 +0000 http://leonelson.com/?p=3007 How To Build And Run A SOC for Incident Response – A Collection Of Resources

The post Build And Run A SOC for Incident Response in Higher Education appeared first on Leonard Nelson.

]]>
How To Build And Run A SOC for Incident Response – A Collection Of Resources

The post Build And Run A SOC for Incident Response in Higher Education appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/feed/ 0
Strategy vs. Tactics https://leonelson.com/2018/08/19/strategy-vs-tactics/ https://leonelson.com/2018/08/19/strategy-vs-tactics/#respond Sun, 19 Aug 2018 13:50:41 +0000 http://leonelson.com/?p=2992 Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. – Sun Tzu Additional Reading: Strategy vs. Tactics: What’s the Difference and Why Does it Matter?

The post Strategy vs. Tactics appeared first on Leonard Nelson.

]]>
Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. – Sun Tzu Additional Reading: Strategy vs. Tactics: What’s the Difference and Why Does it Matter?

The post Strategy vs. Tactics appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/08/19/strategy-vs-tactics/feed/ 0
Camden-Glassboro Light Rail Line https://leonelson.com/2018/05/25/camden-glassboro-light-rail-line/ https://leonelson.com/2018/05/25/camden-glassboro-light-rail-line/#respond Fri, 25 May 2018 12:15:04 +0000 http://leonelson.com/?p=2981 The Glassboro-Camden Line (GCL) is a proposed 18 mile passenger rail line between Glassboro and Camden in southern New Jersey being studied by the DRPA and PATCO. According to the GCL site, “As of October 2017, the GCL team is pleased to announce that we are working to complete the Environmental Impact Statement (EIS) for…

Continue reading

The post Camden-Glassboro Light Rail Line appeared first on Leonard Nelson.

]]>
The Glassboro-Camden Line (GCL) is a proposed 18 mile passenger rail line between Glassboro and Camden in southern New Jersey being studied by the DRPA and PATCO.

According to the GCL site, “As of October 2017, the GCL team is pleased to announce that we are working to complete the Environmental Impact Statement (EIS) for the Project. We anticipate a draft EIS to be available for public review in the spring of 2018, with final approvals expected in the fall of 2018. The EIS will analyze the potential effects of the Preferred Alternative selected during the Alternatives Analysis phase on the human and built environments. The main goals of the analysis are to identify potential positive and negative impacts to both the natural and built environments, to all potential users, impact of construction on the community, and any additional effects to the area over time that would be created by the construction and operation of the light rail system. Once the GCL team has had the chance to interpret the findings, we anticipate hosting public information sessions in the winter and summer of 2018 to solicit input from the public before the finalizing the EIS.”

FY 2018 TIP Project Details: DB# T302: Camden-Glassboro Light Rail Line

The post Camden-Glassboro Light Rail Line appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/05/25/camden-glassboro-light-rail-line/feed/ 0
Delaware Valley Regional Planning Commission https://leonelson.com/2018/05/25/delaware-valley-regional-planning-commission/ https://leonelson.com/2018/05/25/delaware-valley-regional-planning-commission/#respond Fri, 25 May 2018 12:12:43 +0000 http://leonelson.com/?p=2979 Serving the Greater Philadelphia region for more than 50 years, DVRPC convenes the widest array of partners across a nine-county, two state region to increase mobility choices, protect and preserve natural resources, and create healthy communities that foster greater opportunities for all. City, county and state representatives work together to address key issues, including transportation,…

Continue reading

The post Delaware Valley Regional Planning Commission appeared first on Leonard Nelson.

]]>
Serving the Greater Philadelphia region for more than 50 years, DVRPC convenes the widest array of partners across a nine-county, two state region to increase mobility choices, protect and preserve natural resources, and create healthy communities that foster greater opportunities for all. City, county and state representatives work together to address key issues, including transportation, land use, environmental protection, economic development, and equity.

DVRPC was formed by an Interstate Compact through legislation passed by the Pennsylvania Legislature in 1965, as reenacted and amended in 1967, and by the New Jersey Legislature in a series of conforming acts passed between 1966 and 1974.

A good link to understand current progress and funding for various construction projects supporting the Transportation Improvement Program (TIP) in the Delaware Valley: DVRPC TIP Viewer

 

The post Delaware Valley Regional Planning Commission appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/05/25/delaware-valley-regional-planning-commission/feed/ 0
Users and Security https://leonelson.com/2018/01/27/users-and-security/ Sat, 27 Jan 2018 18:40:00 +0000 http://leonelson.com/?p=2939 Research from Dartmouth College Computer Science regarding users and security: In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded…

Continue reading

The post Users and Security appeared first on Leonard Nelson.

]]>
Research from Dartmouth College Computer Science regarding users and security:

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems.

Source: Mismorphism: a Semiotic Model of Computer Security Circumvention by Sean W. Smith, Ross Koppel, Jim Blythe, Vijay Kothari

The post Users and Security appeared first on Leonard Nelson.

]]>