Security


So you may have noticed that Bitcoin is on fire recently.  As I write this, the price of Bitcoin is almost $2500.  Yikes. I continue to be surprised by the escalating price of Bitcoin.  I’m even more surprised by the price of Ethereum.  Bloomberg has an interesting article up this morning suggesting that the market capitalization of Ethereum might overtake Bitcoin by the end of the year.  Given last summer’s hack of the...

Read More

Have you ever noticed that security is an industry driven in large parts by fads? It’s true.  There are a few different types of fads out there.  First, there are technology fads.  If you’ve been in the industry for a while, you probably remember at least a few of them.  Remember the HIPS revolution? For a while there, everybody needed a HIPS solution and it was “be there or be square” on the HIPS.  I...

Read More

Here’s an article about how medical device manufacturers continue to not get it done securing what they produce.  It references a few data points, including one from a Ponemon survey outlining how people are concerned about it, but yet action taken is relatively low.  I’ve been writing about this for years: not only the near-continuous stream of research highlighting issues in implantable biomed (pacemakers, pumps,...

Read More

So Microsoft apparently is buying the Israeli security firm Hexadite.  Hexadite, interestingly enough, makes an automation tool to support incident response.  In fact, it’s specifically designed to support (or arguably replace) human analysts in performing incident management tasks. If you want to see how the product works, you can see a demo of it on the Hexadite site here. So this is an interesting step for Microsoft....

Read More

So it’s a week later and I’m still talking about the ridiculous saga that is EternalBlue/WannaCry/Spy vs. Spy. I told myself to discuss something (literally anything) else today, but I continue to be fascinated by the questions that this issue has opened up.  The issue of the day is the question about whether or not Microsoft did the wrong thing by “hoarding” patches for EternalBlue on legacy operating systems...

Read More

Mike Mimoso over at the Threat Post has a great article up about the next round of potential vulnerabilities from the Shadow Brokers. Now, of course I always love reading an article from Mike – he’s one of those folks that could write about bread mold and I’d find it interesting – but this particular one is absolutely, no-foolin’ worth a read.  I say that of course because it covers the truly strange and...

Read More