Skip to content

{ Author Archives }

BYOD: Bring Your Old Dilemmas

Yay for lists! Here’s a list of four security issues around BYOD besides malware that you should worry about. Let me summarize: 1. Lost and Stolen Phones 2. Insecure Communications 3. Leaving the Walled Garden (uh, this is malware) 4. Vulnerable Development Frameworks Ignoring the fact for the moment that issue number 3 (jailbroken phones […]

Could PRISM Improve Enterprise Security Response?

While we’re all up in arms about the unwarranted data collection that the NSA has been performing, and the potential issues around privacy and legality of the PRISM program, one intrepid reportert stopped to ask the question of how much this is costing the US Taxpayers. “The program was expected to cost $278 million in […]

The Cloud is Local

  Facebook has a cloud problem. Or maybe the cloud has a Facebook problem. The issue is that the ubiquity of a cloud-based service conflicts with the locality of law. This picture is of the Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar, and he’s astonished about the most recent changes in the Facebook […]

Tagged , , ,

The Malware Problem

  I like the term ‘malware.’ If you step out of the marketing for a minute, it’s a very simple, clear term to describe software that does something bad in your execution environment. A virus is a kind of malware, and so are rootkits, malicious shell code, and just about anything else you don’t like […]

Information Security Logos


The Interconnected Web and Shifting Target Surfaces

Take a look at what’s in your browser right now. I’ll go ahead and assume you’ve got multiple tabs open. They each display a different site, which is probably pulling in code and content from at least 3 or 4 distinct  sources, maybe more, not to mention the 3rd party libraries and tools that are […]

Is PRISM Ultimately Good for Privacy?

It seems like common sense to think of privacy and transparency as opposing forces. One seeks to expose, while the other seeks to hide. The reality, however, is a little more complex. There are two revelations in the history of cryptography that shed light on the value of transparency to privacy. Public-Key Cryptography is the real […]

Time Frames and Risk Perception

I found myself reading the results of a survey today that had questions about risk perception, or more specifically, about how likely you perceive the realization of a particular threat to be in a particular time frame. The question made me wonder how much the specified time frame affects your perception of  the risk. Take […]

A Collection of Headlines for Alexander’s Black Hat Talk

I thought the myriad variety of headlines streaming through my news feeds was kind of interesting as a collection. It would be interesting to rate each as positive/negative towards the program and map them to new source, and maybe number of days after the event that it was published. NSA director addresses Black Hat, says […]

The Blurry Line of Marketing Funded Research

Microsoft’s Security Engineering Center recently published a document called Software Vulnerability Exploit Trends. In reading it, I was confronted with a familiar feeling, a mix of interest and frustration that I’ll just call frustinterest. I was totally frustrinterested in this document. It had charts like this one. I really want to love this chart. It’s […]