Strategic Security Neepery

Now that I’m retired, I try hard not to be the guy who stands in the back of the room and shouts “You kids get offa my lawn!” but I have to admit that I often feel that computer security (as a field, in general) has gone horribly out of control and is thumping through the rough terrain and weeds while the driver, who lacks vision, keeps grasping for simple solutions to what is really a complex problem involving strategy, economics, and skepticism.

[Read more…]


This one is mind-bogglingly stupid. But the story serves as a good example of what I mean when I say that computer security can only get so good, because the whole ecosystem is so thoroughly undermined that any effort to secure it can be over-topped by the attackers, with minimal additional effort.

[Read more…]

More About the SolarWinds Breach

This may be a bit scatter-shot; there’s a lot to cover, and I’m going to try to fold in some answers to comments on my previous posting on the topic. [stderr] I also want to predict the future, so I can say “I told you so!” when it happens.

To be frank, cybersecurity pisses me off so much whenever I think about it, that it’s almost painful to write about. But the questions are interesting and worthy of respect.

[Read more…]

SolarWinds Breach

Some mornings, when your alarm clock fires off, you just roll over and slap the “snooze” button. If you do that long enough, you can get quite good at it; there have been mornings when I hit the “snooze” button 15 or more times in a row, pushing back my wake-up time by as much as 2 hours. I used to know someone who claimed that they could sleep-walk through their morning status meeting, effectively grabbing several extra hours of sleep.

[Read more…]

How Apropos

In my recent posting on Cyberpunk, Commentariat(tm) Agent LykeX decided to call my bluff [stderr] regarding the question of gamifying hacking/cyberwar in a semi-realistic manner. So, in order to better explain the topic, I have arranged for the federal government to horribly face-plant its entire security strategy by suffering a devastating transitive trust attack. Seriously, the timing is remarkable.

[Read more…]

Musings About Rigging Elections

The last month has been eye-opening, indeed. Already a non-fan of representative democracy, I’ve learned that I was insufficiently cynical – when you have a system that has been designed to be corrupt, it’s rife with holes to allow corruption; such a system cannot withstand adverse gamespersonship. It is built-in.

Are you tired of this stuff? I’m sick of it, personally. It’s depressing. I feel like I’ve been wandering around blissfully ignoring how horrible nearly half of my fellow citizens and neighbors happen to be. To be fair, since I live in deep “Trump country” it’s more than half. What’s wrong with these people? [I actually have a fairly good idea but we don’t have time or inclination to do a class analysis of American history]

[Read more…]