More Security Neeping

Tomorrow I’m going to be on a webinar about security, “injecting security into systems engineering.” As Ghandi allegedly said when asked about “western civilization”, “… it would be nice.” I’m going to have to say more than that, and (as you have probably noticed) “saying more” is not something I have a problem with. [eventbrite]

[Read more…]

Strategic Security Neepery

Now that I’m retired, I try hard not to be the guy who stands in the back of the room and shouts “You kids get offa my lawn!” but I have to admit that I often feel that computer security (as a field, in general) has gone horribly out of control and is thumping through the rough terrain and weeds while the driver, who lacks vision, keeps grasping for simple solutions to what is really a complex problem involving strategy, economics, and skepticism.

[Read more…]

Backdoors

This one is mind-bogglingly stupid. But the story serves as a good example of what I mean when I say that computer security can only get so good, because the whole ecosystem is so thoroughly undermined that any effort to secure it can be over-topped by the attackers, with minimal additional effort.

[Read more…]

More About the SolarWinds Breach

This may be a bit scatter-shot; there’s a lot to cover, and I’m going to try to fold in some answers to comments on my previous posting on the topic. [stderr] I also want to predict the future, so I can say “I told you so!” when it happens.

To be frank, cybersecurity pisses me off so much whenever I think about it, that it’s almost painful to write about. But the questions are interesting and worthy of respect.

[Read more…]

SolarWinds Breach

Some mornings, when your alarm clock fires off, you just roll over and slap the “snooze” button. If you do that long enough, you can get quite good at it; there have been mornings when I hit the “snooze” button 15 or more times in a row, pushing back my wake-up time by as much as 2 hours. I used to know someone who claimed that they could sleep-walk through their morning status meeting, effectively grabbing several extra hours of sleep.

[Read more…]

How Apropos

In my recent posting on Cyberpunk, Commentariat(tm) Agent LykeX decided to call my bluff [stderr] regarding the question of gamifying hacking/cyberwar in a semi-realistic manner. So, in order to better explain the topic, I have arranged for the federal government to horribly face-plant its entire security strategy by suffering a devastating transitive trust attack. Seriously, the timing is remarkable.

[Read more…]