Building cybersecurity savvy lawmakers

So this morning, I came across this article. It describes a call to action, given by Sen. Sheldon Whitehouse (D-R.I) at the FCW (Federal Computing Week) “Big Issues Conference”, about the NIST Cybersecurity Framework (CSF).  In general, it makes me feel...

Google abandoning key pinning

Keeping with our Halloween theme, today we have Pinhead.  Because it’s horror stuff but also because the article is about key pinning (because “pin”, get it?)  I kill me. Anyway, today we have an interesting turn of events. Google is planning to pull...

Undermining security efforts (by example)

So FYI that the picture doesn’t have anything to do with this post.  It’s just getting close to Halloween, so figured I’d roll with that.  There are quite a few things in the news today -and a few stories I wanted to comment on.  I was planning on...

Skills Gap Redux

Today is a slow news day.  Yes, I know about BadRabbit…  I make this statement anyway because it seems to me like BadRabbit is boring.  I’m sure it’s not boring to you if you’re impacted by it, but for the unimpacted news reader, it’s...

The Facebook thing

This story has been going on for a few days but has now reached “must comment on it” critical mass.  The Facebook thing. You know what I’m talking about if you follow the security news. If you don’t? Well, first of all, good for you.  But that...

Hack-back is NOT active defense

So the other day I tweeted a thing from Slate that systematically breaks down so-called “hack back”; they call it the “worst idea in cybersecurity” and say they are “thunderstruck by how terrible [an idea] it is.”  Go check it out...