Salving Vendor Fatigue with AI
Charles Herring
31 May 2023
A quick tutorial on using AI powered chat bots like Bing Chat to bring some sanity to researching products in a congested cybersecurity market (and beyond.)
Sign up for F15hb0wn.com blog updates
Move to Bing Chat from Google Search
Charles Herring
30 May 2023
BingChat is to Google what Google was to Yahoo! in 1999. I explain why I made the jump to Microsoft Edge and Bing Chat and how it's changed the way I interact with the Web.
Cozumel Night Dive - Octopus
Charles Herring
26 May 2023
A great shot of an octopus on a night dive on my last trup to Cozumel.
Mindfulness "Mood Scene"
Charles Herring
25 May 2023
Mental Health "Break"
Charles Herring
25 May 2023
Artificial Narrow Intelligence (ANI) in Cybersecurity
Charles Herring
24 May 2023
WitFoo CTO, Charles Herring, looks at the pros and cons of Narrow and Generative AI in CyberSecurity Analytics.
BSidesSPFD - SECOPS Driving Prosecution via a Global CyberGrid
Charles Herring
8 May 2023
In a 2021 DarkReading article titled Handcuffs over AI, I describe the importance focusing on the outcome of increasing deterence in cybercrime. The presentation can be downloaded here.
Profit and Loss (PNL) of Cyber Security
Charles Herring
29 August 2022
The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their heads almost exploded. “Shouldn’t we be trying to stop and mitigate risk?” “We need to spend more money on cyber, not less.” “I can’t believe you, of all people, think we need to be doing less!”
Audacious Proposal
“Do you want to give up and let the bad guys win?” I want businesses to understand that cybercrime is a part of business in the exact same (not metaphorical) way as shoplifting, employees stealing office supplies, customers slipping on the floor, vandalism, executives abusing power against employees, hurricanes, power failures, earthquakes, flooding and taxes.
The goal in all risk management is to reduce the costs associated with the mishaps not to make them impossible.
Log4J/LogShell IOC search
Charles Herring
14 December 2021
Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production instances of WitFoo Precinct and Precinct Cloud. The definitions were automatically applied at 1404 Eastern Standard time on December 14, 2021. Detections are both forward looking and retrospective across the entire Precinct big-data archive.
Actor functionality has been pushed early (ahead of 6.2 GA release) to allow data to be searched. A quick overview of the functionality can be viewed below.
Emergency Update for CVE-2021-44228 (log4j / Log4Shell)
Charles Herring
11 December 2021
CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) was released on December 10, 2021 outlining a vulnerability in Apache Foundation project Log4j (https://logging.apache.org/log4j/2.x/index.html). This vulnerability can be used by a remote attacker to execute code without authentication. This vulnerability is also known as Log4Shell.
WitFoo Precinct 6.x utilizes log4j in the WitFoo Streamer & Apache Kafka Docker containers that manage the message processing pipeline. Other custom WitFoo containers (including Cassandra 4.01) do not utilize log4j.
As of 0940 Eastern Standard time on Saturday, December 11, 2021, WitFoo has completed the following mitigation steps:
