Security


There’s an article this morning on Forbes from the CEO of UpGuard called “Cybersecurity Is Dead”.  The message is one you’ve heard: that looking for specific vendor solutions to plug holes isn’t super useful, that the future has to be a more holistic integration of security into all areas of the organization, that old models of “building moats and walls” don’t solve today’s...

Read More

So first of all, let me start by saying that I get it that Stephen Fry playing the role of Jeeves from like a billion years ago has nothing to do with anything.  That said, it came up in my google image search for “you’re doing it wrong” while looking for an image to use in conjunction with commenting on people’s use of the NIST CSF.  Frankly, I couldn’t resist: it lured me in almost as much as the giant,...

Read More

So the Active Cyber Defense Certainty Act (the “ACDC” Act) is now apparently making the rounds.  The gist is that it would make it legal for someone to attack someone else provided two things are true: 1) that “someone else” is in the process of conducting a cyberattack against you and 2) the attack is done for the purposes of “attribution” (i.e. for gathering information to give to law...

Read More

In the continuing saga of why the lack of security in biomed will eventually start killing people, we have yesterday the results of a security analysis of a pacemaker where they found apparently 8600 flaws — of which some are potentially deadly.  It’s an interesting report.  I urge you to read it. Now, WhiteScope is of course in the business of doing firmware research and assessments — so it’s arguably good for...

Read More

So you may have noticed that Bitcoin is on fire recently.  As I write this, the price of Bitcoin is almost $2500.  Yikes. I continue to be surprised by the escalating price of Bitcoin.  I’m even more surprised by the price of Ethereum.  Bloomberg has an interesting article up this morning suggesting that the market capitalization of Ethereum might overtake Bitcoin by the end of the year.  Given last summer’s hack of the...

Read More

Have you ever noticed that security is an industry driven in large parts by fads? It’s true.  There are a few different types of fads out there.  First, there are technology fads.  If you’ve been in the industry for a while, you probably remember at least a few of them.  Remember the HIPS revolution? For a while there, everybody needed a HIPS solution and it was “be there or be square” on the HIPS.  I...

Read More