Advanced persistent cybersecurity
Friday, September 15, 2017
People can't read (Equifax edition)
One of these days I'm going to write a guide for journalists reporting on the cyber. One of the items I'd stress is that they often ...
Monday, September 04, 2017
State of MAC address randomization
tldr: I went to DragonCon, a conference of 85,000 people, so sniff WiFi packets and test how many phones now uses MAC address randomizatio...
Tuesday, August 22, 2017
ROI is not a cybersecurity concept
In the cybersecurity community, much time is spent trying to speak the language of business, in order to communicate to business leaders our...
Saturday, August 19, 2017
On ISO standardization of blockchains
So ISO, the primary international standards organization, is seeking to standardize blockchain technologies. On the surface, this seems a re...
Friday, August 18, 2017
Announcement: IPS code
So after 20 years, IBM is killing off my BlackICE code created in April 1998. So it's time that I rewrite it. BlackICE was the first &...
Tuesday, August 15, 2017
Why that "file-copy" forensics of DNC hack is wrong
People keep asking me about this story about how forensics "experts" have found proof the DNC hack was an inside job, because fil...
Sunday, August 06, 2017
Query name minimization
One new thing you need to add your DNS security policies is "query name minimizations" ( RFC 7816 ). I thought I'd mention it ...
View web version