I Have Your PII

I Have Your PII


I have all of your PII (Personally Identifiable Information) from your voter registration. One caveat, I only did so for one of the US Congressional Districts in Texas, but I could have just as easily obtained all voter records. This article is about what it took to obtain records and the implications.

(more…)

Exposing Tanium: A Hacker’s Paradise

Exposing Tanium: A Hacker’s Paradise


Tanium has gained much popularity the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, is unsecure and should not be trusted.

(more…)

Restricting to Local Admin != Mitigation

Restricting to Local Admin != Mitigation


I frequently come across and use endpoint exploits and attack vectors that “require admin”.  Almost as frequently, I hear people in the industry stating, “We’re safe from that; it requires local admin|system”.  In many cases, that is not a mitigation.  If you’re putting trust in the assumption that restricting to local admin will protect you, how secure do you think you really are from an attacker?

(more…)