Cliché: Security through obscurity (yet again)
Infosec is a largely non-technical field. People learn a topic only as far as they need to regurgitate the right answer on a certification test. Over time, they start to believe misconceptions about that topic that they never learned....
How CEOs think
Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following tweet expresses our frustration with CEOs, that they don't listen to their own people, but instead...
In defense of open debate
Recently, Harper's published a Letter on Justice and Open Debate. It's a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In this post, I'm going to rebut his rebuttal,...
Apple ARM Mac rumors
The latest rumor is that Apple is going to announce Macintoshes based on ARM processors at their developer conference. I thought I'd write up some perspectives on this.It's different this timeThis would be Apple's fourth transition. Their original Macintoshes...
What is Boolean?
My mother asks the following question, so I'm writing up a blogpost in response.I am watching a George Boole bio on Prime but still don’t get it.I started watching the first few minutes of the "Genius of George Boole"...
Securing work-at-home apps
In today's post, I answer the following question:Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?The tl;dr...
CISSP is at most equivalent to a 2-year associates degree
There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided...
About them Zoom vulns…
Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. Because of the COVID-19, these vulns have hit the mainstream...
Huawei backdoors explanation, explained
Today Huawei published a video explaining the concept of "backdoors" in telco equipment. Many are criticizing the video for being tone deaf. I don't understand this concept of "tone deafness". Instead, I want to explore the facts.Does the word...
A requirements spec for voting
In software development, we start with a "requirements specification" defining what the software is supposed to do. Voting machine security is often in the news, with suspicion the Russians are trying to subvert our elections. Would blockchain or mobile...
There’s no evidence the Saudis hacked Jeff Bezos’s iPhone
There's no evidence the Saudis hacked Jeff Bezos's iPhone.This is the conclusion of the all the independent experts who have reviewed the public report behind the U.N.'s accusations. That report failed to find evidence proving the theory, but instead...
How to decrypt WhatsApp end-to-end media files
At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted,...
When tweets are taken out of context
I'm currently experiencing the toxic hell that is a misunderstood tweet going viral. It's a property of the social media. The more they can deliberately misunderstand you, the more they can justify the toxicity of their response.The context is...
This is finally the year of the ARM server
"RISC" was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they free up transistors for more registers and better pipelining. It meant executing more instructions, but more than making...
What to do first when your company suffers a ransomware attack
For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals.
There’s no magic...
New RiskLens Solution Helps Organizations Optimize Cybersecurity Spending
Cyber risk management solutions provider RiskLens on Thursday announced a new capability designed to help organizations improve investment and budget decisions.
read more
When Coffee Machines Demand Ransom, You Know IoT Is Screwed
A researcher reverse engineered an internet-connected coffee maker to see what kinds of hacks he could do with it. The answer: quite a lot.
Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks
A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Detecting Deep Fakes with a Heartbeat
Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face:
In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
