Defero Network Solutions, Inc.

12/08/2025

Here's a timely article for the holiday season. Almost anyone who uses online shopping services encounters the "passkey" prompt during login. As a security professional, I've often wondered what is the benefit of the new Fast Identity Online (FIDO) standard and what are the hidden dangers.

Given FIDO's use of X.509 certificates, I've concluded that a passkey is a substantial improvement over password + token methods of authentication ... as long as the private certificate is stored within a trusted environment (preferably on the device). The theoretical dangers lie within portability of the X.509 private certificate within a muti-device environment --- wherein a stolen/compromised device may reveal a key, lack of synchronization across diverse platforms (Windows, Android, iOS, etc.) which may enable the user to revert to a less secure authentication method and the exposure that might arise when storing passkeys within a password manager. In practice, the dangers lie in overly complex key management solutions and ill-designed fallback/recovery techniques intended to assist less savvy users.

For this author, my experience with O/S login predicated upon X.509 certs dates back to the days of Unix implementations. To the extent that certificates were protected, the authentication process was a vast improvement over login-ID + password. Like passkey, certificate management was the Achilles heel that required close attention.

: Wanna know a secret?

11/02/2025

Email with unusual attachments, emanating from APAC consumer netblocks, began to ramp in mid-October. The tactic seems to be leveraging an old (but effective) technique of vectoring messages through secondary MX paths.

Traditional access controls are ineffective in mitigating the threat whereas content inspection, which intensely scrutinizes message headers, is essential to establishing first-level defense. Tiered content inspection systems leveraging EU threat detection shims, presently, seems to be an effective defense.

The best defense (as usual) is to exercise care in opening email attachments.

Microsoft has no fix available, and the attacks are already underway. What Windows users need to know about CVE-2025-9491.

10/16/2025

The most prophetic lines within this article are: "This is similar to the SolarWinds attack as the actors will use the exfiltrated source code and configs to exploit customers in future campaigns," Baxter says. "This is likely just the beginning of what we will see in terms of a long-term persistent attack at F5, or more likely against F5 devices across customer environments."

F5 appliances are almost as ubiquitous as SolarWinds software.

F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.

10/07/2025

This article is a "oldie but goodie". It speaks to the uniqueness of GPU vulnerabilities ... rarely discussed by AI infrastructure manufacturers.

Of particular concern are items 6 and 7 as the underlying use cases are substantially driving the exuberant market valuations of AI infrastructure companies and, in many cases, the interdependencies arising from increasingly common cross-vendor deals.

Consider the case of source data poisoning during AI learning. Poisoning presents the possibility of downstream implications when concepts become corrupted by tainted inference. Have you ever experienced an AI-driven insight with obvious misinterpretation?

The possibility of exploiting component vulnerabilities for cryptojacking purposes is likely of greater concern. The financial implications (including crypto ledger contamination) are extensive as are the impacts of reputational damage for the OEM and services provider.

Side-channel attacks, GPU memory leakage, driver exploits, and more.

08/26/2025

In just the past two weeks (Aug/2025) I’ve observed sales-related sites drop their AI-augmented interface in favor of human operators. The complexity of human interaction coupled with tangential inquiries (during sales interactions) is prompting contact centers to revisit their adoption of AI tools.

Opinion: Are tech giants getting nervous? They should be

07/28/2025

The 2025/2026 school year will soon be upon us and enrollment activity is well underway.

When submitting enrollment and related documents to a school, please be aware that certain communications must be protected. Among the two most important are student privacy and health information. Schools and entities involved with enrollment processes are legally obligated to ensure protection of PCI, HIPAA and legal data.

Generally speaking, schools and healthcare entities provide portals for submitting sensitive documents. Schools often refer to these portals as Student Information Systems. Documents containing physical exam information, copies of social security cards (as well as other forms of PII), court orders and similar legal data should be submitted via the portal provided by the organization.

Email is NOT an appropriate (in some cases permissible) means of providing enrollment and related forms. Using email in an effort to deliver protected data can result in your message becoming either quarantined or rejected. Why? The reasons often involve statutory compliance and records retention requirements.

Please carefully consider the method you use when communicating student data.

07/11/2025

Email OCD

It happens far too frequently … you send an email message, receive no immediate response and then you send the same message once again.

Sometimes you’ll include verbiage such as “not sure if it went through” or “making sure you got” in a futile attempt to force delivery.

Obsessive communications disorder (OCD) sets in and the SPAM classification race begins. Content inspection engines discover repetitive threads and begin to elevate SPAM scores with each instance of content similarity.

Email OCD creates a feedback loop that, all too often, becomes an impediment to successful delivery. Worse yet, repetitive content originating from a free email address can quickly become categorized as malicious. The sender’s address then becomes a quarantine candidate.

So, what is the solution? A first step would be to minimize the potential for your message becoming classified as SPAM. Keep the subject line and message body simple. Rules of thumb include a subject line of three words or less and a message body of no more than three brief sentences. Three and three should be your objective for crafting the initial email message. Avoid special encoding, use of digital images and subject lines containing either all capitalized words or emotional trigger words such as urgent, overdue, needed, etc. Run-on sentences with repetitive conjunctions are sure signs of thoughtless composition; often leading to message quarantine.

Second, limit attachments to a relatively safe file type. PDF and JPG types are generally safe and are easily digested by even the most sensitive message inspection systems.

Third, understand the compliance environment of your intended recipient. Healthcare, finance and education are among the most sensitive. Plain text messages which avoid use of colloquies, obscenities and slang terms are best. Avoid sending personally identifiable information and account numbers as such content will result in a quick quarantine of your message.

Fourth, if you must use a free email account to send your message, avoid sending from a mobile device. Such devices often include message headers and tag lines associated with abuse.

Finally, should the OCD impulse become overwhelming, craft a very simple successor message. Compose a message body with single sentence in which you reference a prior email. Do not retransmit/forward your original message. Any content inspection rule that interfered with original delivery will almost certainly do so again.

06/26/2025

I’d like to share with you information about two emerging threats.

First, a SonicWall VPN client trojan (codenamed SilentRoute) is facilitating exfiltration of configuration data as well as creating a persistent threat environment. This emergence is of particular note as SonicWall security appliances are commonly found in private and charter school environments. Awareness is encouraged as school district personnel often attend conferences which may also attract private/charter school employees. Hence, potential lateral exposure to the threat. Please see the hyperlink below.

https://thehackernews.com/2025/06/sonicwall-netextender-trojan-and.html

Second, malicious activity emanating from the SendGrid email service provider is ramping once again. Phishing tactics are becoming more prevalent and tend to invite attention to cloud-based email and voicemail accounts. In general, virus scanning engines are not effective in detecting the threat. Subject lines include verbiage such as “New audio memo” with the message body including a malicious hyperlink. This emerging vector may encourage treatment of SendGrid as a higher-order threat within email content inspection rules.

SonicWall and ConnectWise security breaches enable Trojan and remote access malware targeting VPN users and AI tool seekers.

05/01/2025

Perhaps this would explain the surge in aviation accidents.

: Feds say $970K scheme defrauded 13+ companies

04/08/2025

Here we have a visualization of an attempt to hijack a purported cryptocurrency account. Tell tale markers are:

- Misspelled cryptocurrency platform name
- Telephone number which doesn't match Coinbase help line
- From: telephone number is registered as a VZ wireless device
- Use of an improperly formatted contraction in message body
- Message delivered as SMS in order to convey urgency.

02/12/2025

The quantity of recently announced security patches has piqued my curiosity about the impact upon government operations. Most of the major security appliance manufacturers have announced patches for both severe and critical vulnerabilities within the past six months.

Provoking my curiosity is the dialog around United Sates Government systems suddenly being accessed by third parties. Specifically, might such sudden access amplify the vulnerabilities of information systems and the data housed therein. And, what are the impacts?

A quick query of my archives leads me to a study entitled “Effects of ‘Digital’ Country’s Information Security on Political Stability” published in late 2021. The study compared the threat landscape of Eastern and Western countries and how systems are leveraged for political purposes. The authors visited the topic of cyber threat origin and observed:

“major threats to information security come from the inside”

as well as:

“Attackers may interfere with critical infrastructure with the involvement of individuals who have inside knowledge of the company or industry (i.e., trusted employees) or people with access to protected information systems.”

With these information security tenets in mind, the concern arises that access to government information systems, gained in such a way as way as to bypass established controls/protections, would seem to increase insider threat. Further, this insider knowledge may then be leveraged to exploit critical infrastructure and likely intrusion into areas not contemplated.

Getting back to my original curiosity, is granting of access to information systems for political purposes also creating gaps in infrastructure protections? Does politicization of information systems change the focus of security operations from protection to accommodation? Experience has taught me that abrupt change to access policy coupled with demand for accommodation usually leads to both an adverse information security event and equally abrupt staff turnover. Neither condition is conducive to the stability of government services.

01/13/2025

USE OF ZERO TRUST NETWORK ARCHITECTURE [ZTNA]

Decades of experience in designing and implementing Zero Trust Network Architectures have persuaded me that gaining early visibility of malignant behavior is a primary benefit. ZTNA, when coupled with logging, serves to distinguish those activities perpetrated for the purpose of avoiding and evading.

Compliance organizations, in particular, benefit from adopting network architectures that enforce trust relationships. Over the years, as I’ve presented the concept of ZTNA, students and practitioners alike have expressed curiosity as to how defense is heightened as well as the mechanisms by which enforcement is achieved. The former interest is often exhibited by those who have a compliance duty whereas the latter is very often of interest to those who seek to bypass controls.

An example might help clarify this observation. An organization which adopts zero trust architecture is, effectively, implementing multilevel access controls. Content filtering is such a control; the most common use case is email filtering. Filtering causes the discard of suspect/disallowed content and helps ensure delivery of content that complies with policy. ZTNA-based inspection systems evaluate numerous elements including message body, network address, domain information, header structure, etc. Each layer of inspection invokes a discard/keep decision and may be implemented at various points within infrastructure. Policy-compliant email communications will enjoy predictable message delivery whereas noncompliant communications will be unpredictable and frustrating.

Let’s extend our example by visualizing a policy intended to prevent personally identifiable health information from entering a compliance environment. The policy creates barriers to risky communications and potential compliance violations. Policy would intercept the transmission, often via private email account, of PII. This type of intercept is typically used to achieve HIPAA objectives. An email sender who experiences a PII intercept may feel frustration and attempt to seek an alternate method to evade controls --- attempts which are logged under ZTNA. Logging systems may be used to generate alerts and reports revealing the evasive attempts. The compliance violation, and possible ethics lapse, becomes visible.

Sadly, the more common example is that of using an email account to illicitly conduct business activities. A frequently encountered instance is that of an employee attempting to subvert financial controls via use of a personal email account. This has often been observed in fraud and malfeasance cases. ZTNA-based content inspection can be used to quickly identify such occurrences and raise visibility of risky behavior.

As an information security methodology, ZTNA is beneficial in protecting business image by helping enforce ethical behavior.