David Longenecker

141 Flips | 2 Magazines | 1 Following | 2 Followers | @dnlongen | Security architect and threat researcher. I break and fix things, so I can stop others from breaking or detect them when they do. MBA, CISSP, GCFA, GPEN.

On teaching kids to make good security and privacy choices themselves

Over the years I've written several posts on raising security-conscious kids.<p>Four Commandments From a Cyberparent<br>• Security Savvy Kids<br>• Snapchat: What …

Using malware's own behavior against it

A quick read for a Monday night. <br>Last week while investigating some noisy events in my security monitoring system, I noticed two competing Windows …

It's W2 scam season

Time for a short Friday afternoon social engineering‍ discussion. If you work in HR / finance / benefits, you'll want to stick with me. <br>It's January, …

A handy trick for proxying HSTS sites in Chrome

<i>TL;DR: Chrome has a nifty undocumented trick that makes proxying so much more useful when testing sites using HSTS or pinned certs: where the</i> …

Private data in public places

Professional social engineer and open source intelligence expert Stephanie "@_sn0ww" Carruthers makes a living out of (mis)using what people and …

Data Protection

Be sure to deregister Amazon devices purchased as gifts

Now that post-Thanksgiving shopping is in full swing, here's a brief tip for those purchasing Amazon gadgets as Christmas gifts: if you are giving an …

Amazon Fire TV

Exploiting Office native functionality: Word DDE edition

<i>Updated 20 October: Added a note regarding enabling full command line logging for process creation events; added a note clarifying that "Creator</i> …

Enable two-factor on your Yahoo account... if you can

Yahoo! accounts have very different security options depending on their origin.<p>Unless you've been living under a rock, you know by now that Yahoo! …

Seven steps to minimize your risk of financial identity fraud

<i>This is one of a few</i> Security for Real People <i>blog posts routinely updated once or twice a year, to offer up-to-date advice to consumers and small</i> …

Incremental wins: iOS11 strengthens the idea of Trust

Two years ago, a friend piqued my curiosity with a question about a iPhone / iPad app teenagers were using to hide content from nosy peers (and …

Singer, guitarist, songwriter, and a 20+ year passion for reaching youth in the darkest corners of life. As much as I love the music of @skilletmusic, it's that lifelong ministry that has earned my respect most of all. #texaslife #texas #skillet #youthministry #rock #rockconcert #rockthedesert #rockthedesert17 #rockthedesert2017 #music #musically #guitar #singer #alive #livemusic #concertphotography #concert #summer #summernights #outdoors #christianmusic #air1 #westtexas

To Patchnya, or Not to Patchnya

Heads-up: there's another ransomware worm making the rounds. Initially thought to be a variant of the Petya ransomware family, it was later …

A letter from the IRS

This weekend I had the dubious pleasure of reading a letter that begins with these two paragraphs. <br>In March, the Internal Revenue Service removed a …

Six steps to block credit card fraud

<i>Just over a year ago, I put together a simple guide to dodging financial fraud; it quickly became one of the most popular posts on this site. Given</i> …

Hackers threaten mass iCloud carnage: don't panic, but do enable 2FA

There have been rumblings in recent weeks (with varying degrees of credibility and/or paranoia) of several hundred million Apple accounts stolen by …

Facebook Messenger phishing scam

<i>Updated 20-March: My initial analysis was limited due to traveling without my laptop, and with unreliable data service. I've updated the post with a</i> …

That CIA exploit list in full: The good, the bad, and the very ugly

We went through 8,000 documents so you don't have toWe're still going through the 8,761 CIA documents published on Tuesday by WikiLeaks for political …

Quick and dirty malicious PDF analysis

Friends and family regularly send me things they find suspicious or weird. Sometimes it turns out to be malicious, and other times perfectly fine, …

How to be your daughter's hero, DFIR edition

Every now and then, my day job pays dividends at home. Shortly before Christmas was one such occasion.<p>My daughter (a foreign exchange student my …

UX Design: An Overlooked Aspect of Endpoint Security

People in information security know to heed the advice of Bruce Schneier. What we often forget to do, however, is heed the advice of Don Norman, who …

Silver linings: 2016 in pictures

2016 has been a bugger of a year for many. Rather than stew over the loss of family members, friends, and icons of our adolescence, my cousin asked a …