Title Image


  • Introduction: Biometrics – the epitome of “high security” in today’s movies and TV shows. Whether it is protecting a vault containing millions in diamonds or safeguarding top-secret CIA documents, biometrics are tasked by Hollywood to protect the most sensitive of assets. However, biometrics is no longer relegated to futuristic movie plot lines. Biometric access control systems have become widely adopted and inexpensive to implement in the real world. Everyone with a modern cellphone has had at least some personal interaction with biometrics. Fingerprint sensors first came to cell phones in 2011. Since

  • Up 55% from 2016, 61% of small and midsized businesses experienced attacks in 2017. Small businesses are routinely tasked with making important decisions on a daily basis. Often with limited resources, key decision makers within organizations are responsible for balancing risk, profitability, cost, and competitiveness. Understandably, priority is often given to the core revenue stream of the organization. Supplemental considerations such as overhead and the IT environment tend to be lower on the day-to-day priority list. Unfortunately, there are real risks towards small businesses when it comes to cyber-attacks. A 2017

  • In late June 2018, the Wi-Fi Alliance announced the most significant update to the Wi-Fi Protected Access standard in 14 years: WPA3. The Wi-Fi Protected Access 3 protocol brings significant security updates to the ubiquitous but aging, WPA2 protocol which was first introduced back in 2004. WPA3 will operate in two distinct modes consistent with WPA2 before it: WPA3-Personal and WPA3-Enterprise. Most significant points of Wi-Fi Protected Access 3: Increased protection against brute-force attacks: WPA3 introduces a new handshake method that according to the Wi-Fi Alliance, "delivers robust protections even when users choose

  • Most company password policies employ a few security measures that, for a long time, have been largely regarded as unchallenged, logical best practices. These measures are typically: password rotations every 90 days, complexity requirements (upper, lower, number, and special characters), etc. For Domain Administrators and End-Users alike, these restrictions have long been the bane of our password management experience. But let's admit it, you probably have terrible passwords; we all do. According to a 2017 survey by Keeper Security, most people have a single password that they use across all systems.

  • Delap is pleased to announce the launch of our new website showcasing Delap’s growing cybersecurity service offerings! Delap has been serving the industry as trusted experts in information security since 1992, from active participation in developing domestic and international payment security standards (ANSI and ISO) to supporting customers in achieving their security and compliance objectives. Every week seems to bring with it news of another security breach, from Chipotle and the DNC to the latest Equifax breach impacting at least 143 million people! A quick search of ‘company hacked’ or ‘data breaches’ reveals

  • Yesterday, researchers at Armis announced that they had found a series of vulnerabilities in Bluetooth that can allow an attacker to take over a device in seconds, with no interaction from the user end. They have dubbed this new attack "BlueBorne." Bluetooth is a short range wireless protocol most commonly used to send things like audio and pictures between devices, such as between your phone and your car, and between your computer and wireless speakers or headphones. It is also used to connect mobile devices together, for example, syncing smart watches

  • Intel confirmed that a critical vulnerability exists in computers running an affected version of the Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology. This is a hardware-level vulnerability and undermines security or controls implemented at the operating system or application levels. In brief, it allows an attacker to gain administrative privileges to system memory (even worse, access is not logged [no audit trails] from this attack vector). If you haven't already, please review systems in your environment to validate whether any are vulnerable. If they are,

  • With the inevitable rise in chatter regarding the recent rollback of FCC privacy rules related to internet service providers (ISPs) handling of consumer data, it's crucial to understand the role privacy plays in our own lives. To read the original FCC ruling and the Congressional joint resolution signed by the President on April 3rd, 2017, see the reference detail for 'S.J.Res.34' at this end of this article. The initial question to answer is, "How do internet browser sessions actually work?". At a high level, it all starts with DNS (Domain Name System).

  • It's that time of year again; fraudsters are out in droves looking for ways to obtain data about you and your employees in order to cash in on filing fraudulent tax returns! So what are a few steps you can take as an employer to reduce the risk of unknowingly providing fraudsters with the very information they desperately want (e.g., W-2 forms)? For starters, implement a policy to require a validation step for any request for employee data or completed W-2 forms. The formal control term is 'out of bound'

  • Have you heard the Steve Martin quote "Be so good they can't ignore you"? The outcome of following this advice is typically positive for society. But unfortunately, our cyber adversaries have also tackled this quest and through rapid advancements, ultimately pose a greater and more constant threat to business and consumers alike, a threat which we can't ignore. Let's take a quick look into the reality of cyber threats to gain an understanding of how frequent and common they can be. The following is a cyber threat map developed by Kaspersky and

  • This is a high-level, crash course on two common types of VPNs (Virtual Private Network) and implementations in use at companies worldwide. In today's dynamic work environment, employees value the ability to work remotely. End-users are often more concerned with the performance and reliability of a VPN and often worry less about how secure it is. VPN is commonly used as a term to describe a way to access company network and data resources when outside the office. While this is fairly accurate, this common understanding leaves end-users with the risk

  • So, how should organizations be mitigating these significant risks to their environments? For one, the notion that having RFID physical access control systems guarantee that they are secure needs to be abolished. It is far too often forgotten that there are no "silver bullets" in security and RFID security is a perfect example. Organizations need to stop relying solely on their RFID badge systems to provide security assurance for physical access control. Other mechanisms need to be implemented in conjunction with their RFID systems (i.e., defense in depth). Probably the most

  • The ProxMark III is the de facto device for attacking RFID-based physical access control systems. Originally created by Jonathan Westhues for his master's thesis, both the software and the hardware has been continually developed by an active online community ( This very flexible and powerful device is the size of a deck of cards and is able to read, simulate and clone both high frequency and low frequency RFID devices. Anyone with $399 and a moderate amount of technical ability will have a viable platform to gain access to your

  • If you've dropped in to grab coffee from a downtown Starbucks on a weekday morning, you've probably noticed that seemingly everyone has a small, white plastic badge attached to their clothing somewhere. These are otherwise known as Radio Frequency Identification (RFID) badges, and are widely deployed by organizations around the world to control physical access to buildings, data centers, and other sensitive areas. Unbeknownst to many however, is that RFID is a rather simple technology that facilitates tracking, logging and identification via radio waves. RFID badge systems allow organizations to reduce

  • Throughout my experience in the information security industry, I have come into contact with individuals who seem to like the idea of having quality security controls in place, but simply do not want to deal with the reality of the information environment we live in. In a way, these folks are like Linus from Peanuts, content as long as they have their security blanket, but not ready to face the reality of whether or not said blanket provides anything significant in the way of actual security. The following are a few