By Year: 2017 - 31 items
Debbie Walkowski interviewed me about my 'Post-Quantum' report. Consider this the cliff notes to that larger paper.
All, all those branded SSL vulnerabilities. True to my word, I've continued writing articles comparing them to each other so you can have some idea about how much to freak out. This article adds two more; the DUHK and ROCA vulnerabilities.
Never thought I'd see this day! THE Steve Gibson of the Security Now! podcast really liked the REAPER piece that Justin Shattuck and I wrote. He liked it so much he basically read it over the air on podcast episode 635 (toward the end). Still can't believe it, how cool is that?
Here's an interview that Oscar Visaya and I did for Raymond Gregory of Malaya Business Insight in Manila. Raymond got everything right.
Had a long, fun, wide-ranging interview with India Economic Times.
CSO Online picked up the Maria Korolov's interview did with me and republished it. That's pretty awesome!
SecurityWeek mentions an old column of mine about HTTP Strict Transport Security (HSTS).
I promised some really nice reporters in Singapore that I would get them my top three safety tips for IoT. So I put together this little blog and posted it on LinkedIn. I think we might expand it for an cyber site somewhere.
I've been a cryptocurrency skeptic for years. Much of that skepticism comes from hundreds of hours of talking with real CISOs and directors of security about how they can better protect real (not virtual) currency. Even with the resources of enormous budgets and huge security teams they can barely keep the hackers from stealing all the monies. When F5 Labs asked me to write up my opinions about Bitcoin, I threw this together. Not a bad little piece.
Here's the keynote I did for F5's security event in Singapore in June. I teach the audience how to threat model the internet of things (iot),
Maria Korolov interviewed and quoted me extensively for a Data Center Knowledge piece on WannaCry. I had no time to prepare for this interview, and was surprised when it got published. Sometimes I prepare a LOT and nothing comes of it. You never know, I guess. Just keep doing them.
My writeup of the 25th annual DEF CON, the world's premiere hacker conference in Las Vegas, Nevada. I've been going since DEF CON 7. What has changed? You'd be surprised at what has, and what hasn't.
Three researchers, two from Bastille Networks, gave a fantastic talk about reverse engineering the Comcast and Time Warner home networks. Really well done! I was surprised no one was writing about it, so here you go!
I'd like to take credit for this one, I really would. We had a fascinating email discussion at work and our primary SSL/TLS engineer wrote this great email about the nuances of the asymmetric algorithm, RSA, and how it might be affected by computing advances in the future. I told him it would make a nice little article, and we tried to put his name on it but he didn't want the attention, and he asked me to put my name on it. So we did. Sometimes that happens.
Can you believe The Blackhat Briefings (now just Blackhat USA) have been going on for 20 years now? I've submitted talks a few times, but have always been turned down. I'm still hopeful for the future though. Here are my impressions of Blackhat 20.
Part 3 of my "Threat Modeling IoT" series. This one looks at a real world example (smart parking meters) and shows you might run a real threat model against it.
In Singapore I did a media event espousing F5's original IoT research. Here's a write-up from Networks Asia (or Security Asia) not such which.
Cool - DarkReading published a condensed version of my Profile of a Hacker piece. There's a huge backstory behind this that I can't really talk about publicly, but buy me a beer sometime and I'll tell you.
After a conversation with a chip-maker, I did a bunch of research into Quantum Computing, and collected my notes into this pretty cool report.
Had a fantastic, wide-ranging interview with Malaya Business Insight reporter Raymond Gregory.
This article summarizes the security findings contained with the F5 state of application delivery report. Are attacks getting more sophisticated? Are employees more or less of a secure challenge than last year? Some of the findings surprise me.
Hey look, IT News Africa reprinted my ten-step guide to combating DDoS in real time. This is basically a shortened, texty version of the DDoS playbook.
The Intel Active Management Technology (AMT) vulnerability (now referred to by many as “Silent Bob”) is one of those truly brutal, ugly ones that make you queasy to even think about. Like Heartbleed or Venom. Here's how to scan for it on your network. And what ports to block.
Here is Part 0 (or part 1) of a series on threat modeling the Internet of Things. Here I introduce these two topics: Internet of Things and Threat modeling and suggest that maybe we need to spend more time putting them together. I like the intro and extro for this piece :)
The explosive second half of the profile of famed hacker Sabu.
Sabu was such a rock star in his time. His character and his exploits were legendary at the time and his downfall even more so. I really enjoyed writing this one. I actually had more information on this but couldn't publish it to due privacy concerns. But buy me a beer sometime and ask me about it.
Here's a 7 minute interview that CSO's Anthony Caruana did with me at the CSO Perspectives roadshow; this one was in Sydney. He asks about the new National Mandatory Breach Notification law, the Internet of Things, and where did I get that awesome shirt? Belgium.
My response, representing the vendor community, to US-CERT's warning about SSL interception products.
Ladies and Gentlemen! Gamers and Cryptoheads! Have you ever wondered which major gaming console has the best message encryption? Well, I’m going to reveal the clear winner in my own recent personal test.
Took me three years to compile the data for this report. It started out as a personal project that I wrote in a hotel room in Cologne Germany over a weekend. But hundreds of hours and millions of computer scans later... this report. It's all about global encryption trends over a three year period, with some analysis about why each trend is going the way it is. Warning: usual doses of Holmes humor contained within.
I wrote, starred in, or was mentioned in 48 pieces last year. A new record. Here's the best of them.