Professional

By Year: 2017 - 27 items


Oct. 11, 2017 tags:  ddos in-the-news

IoT Attacks: India no. 2 source country

Had a long, fun, wide-ranging interview with India Economic Times.


Oct. 9, 2017 tags:  in-the-news infosec

Shadow Cloud Apps Pose Unseen Risks

CSO Online picked up the Maria Korolov's interview did with me and republished it. That's pretty awesome!


Sept. 29, 2017 tags:  SSL-TLS in-the-news security-week

Google Expands HSTS Preload List

SecurityWeek mentions an old column of mine about HTTP Strict Transport Security (HSTS).


Sept. 25, 2017 tags:  infosec

The Top Three Tips for IoT Consumer Security Hygiene

I promised some really nice reporters in Singapore that I would get them my top three safety tips for IoT. So I put together this little blog and posted it on LinkedIn. I think we might expand it for an cyber site somewhere.


Sept. 13, 2017 tags:  cryptography hackers

Five Reasons the CISO is a Cryptocurrency Skeptic

I've been a cryptocurrency skeptic for years. Much of that skepticism comes from hundreds of hours of talking with real CISOs and directors of security about how they can better protect real (not virtual) currency. Even with the resources of enormous budgets and huge security teams they can barely keep the hackers from stealing all the monies. When F5 Labs asked me to write up my opinions about Bitcoin, I threw this together. Not a bad little piece.


Sept. 11, 2017 tags:  infosec

Anticipate! F5 Security Keynote Singapore

Here's the keynote I did for F5's security event in Singapore in June. I teach the audience how to threat model the internet of things (iot),


Sept. 10, 2017 tags:  in-the-news infosec hackers

Malware Grows, Goes After Data Centers

Maria Korolov interviewed and quoted me extensively for a Data Center Knowledge piece on WannaCry. I had no time to prepare for this interview, and was surprised when it got published. Sometimes I prepare a LOT and nothing comes of it. You never know, I guess. Just keep doing them.


Aug. 8, 2017 tags:  hackers

Was DC25 My Last DEF CON?

My writeup of the 25th annual DEF CON, the world's premiere hacker conference in Las Vegas, Nevada. I've been going since DEF CON 7. What has changed? You'd be surprised at what has, and what hasn't.


Aug. 4, 2017 tags:  hackers security-week

The Coolest Talk at Defcon 25 That No One is Writing About

Three researchers, two from Bastille Networks, gave a fantastic talk about reverse engineering the Comcast and Time Warner home networks. Really well done! I was surprised no one was writing about it, so here you go!


Aug. 1, 2017 tags:  cryptography

RSA in a "Pre-Post-Quantum" Computing World

I'd like to take credit for this one, I really would. We had a fascinating email discussion at work and our primary SSL/TLS engineer wrote this great email about the nuances of the asymmetric algorithm, RSA, and how it might be affected by computing advances in the future. I told him it would make a nice little article, and we tried to put his name on it but he didn't want the attention, and he asked me to put my name on it. So we did. Sometimes that happens.


Aug. 1, 2017 tags:  hackers

Black Hat at 20 – A Quick Recap

Can you believe The Blackhat Briefings (now just Blackhat USA) have been going on for 20 years now? I've submitted talks a few times, but have always been turned down. I'm still hopeful for the future though. Here are my impressions of Blackhat 20.


Aug. 1, 2017 tags:  security-week

Threat Modeling the Internet of Things: A Real World Example

Part 3 of my "Threat Modeling IoT" series. This one looks at a real world example (smart parking meters) and shows you might run a real threat model against it.


July 20, 2017 tags:  in-the-news infosec hackers

Cybersecurity talent, spending, regulations to mitigate IoT risks

In Singapore I did a media event espousing F5's original IoT research. Here's a write-up from Networks Asia (or Security Asia) not such which.


July 19, 2017 tags:  hackers

Profile of Hacker - The Real Sabu [condensed]

Cool - DarkReading published a condensed version of my Profile of a Hacker piece. There's a huge backstory behind this that I can't really talk about publicly, but buy me a beer sometime and I'll tell you.


July 13, 2017 tags:  SSL-TLS cryptography

How Quantum Computing will Change Browser Encryption

After a conversation with a chip-maker, I did a bunch of research into Quantum Computing, and collected my notes into this pretty cool report.


July 5, 2017 tags:  ddos in-the-news infosec

Hunting for IoT devices to be used for massive botnet

Had a fantastic, wide-ranging interview with Malaya Business Insight reporter Raymond Gregory.


June 29, 2017 tags:  infosec

Top Security Findings from the F5 State of Application Delivery Report

This article summarizes the security findings contained with the F5 state of application delivery report. Are attacks getting more sophisticated? Are employees more or less of a secure challenge than last year? Some of the findings surprise me.


June 12, 2017 tags:  ddos in-the-news

Ten steps for combating DDoS in real time

Hey look, IT News Africa reprinted my ten-step guide to combating DDoS in real time. This is basically a shortened, texty version of the DDoS playbook.


May 17, 2017 tags:  infosec

The Intel AMT Vulnerability - Silent Bob

The Intel Active Management Technology (AMT) vulnerability (now referred to by many as “Silent Bob”) is one of those truly brutal, ugly ones that make you queasy to even think about. Like Heartbleed or Venom. Here's how to scan for it on your network. And what ports to block.


May 4, 2017 tags:  security-week

Threat Modeling the Internet of Things

Here is Part 0 (or part 1) of a series on threat modeling the Internet of Things. Here I introduce these two topics: Internet of Things and Threat modeling and suggest that maybe we need to spend more time putting them together. I like the intro and extro for this piece :)


May 2, 2017 tags:  hackers

Hacker Profile: The Real Sabu Part 2 of 2

The explosive second half of the profile of famed hacker Sabu.


April 18, 2017 tags:  hackers

Hacker Profile: The Real Sabu Part 1 of 2

Sabu was such a rock star in his time. His character and his exploits were legendary at the time and his downfall even more so. I really enjoyed writing this one. I actually had more information on this but couldn't publish it to due privacy concerns. But buy me a beer sometime and ask me about it.


April 13, 2017 tags:  in-the-news infosec

CSO Perspectives Interview with David Holmes

Here's a 7 minute interview that CSO's Anthony Caruana did with me at the CSO Perspectives roadshow; this one was in Sydney. He asks about the new National Mandatory Breach Notification law, the Internet of Things, and where did I get that awesome shirt? Belgium.


March 29, 2017 tags:  SSL-TLS cryptography security-week

US-CERT's Warning on SSL Interception vs. Security is a False Dichotomy

My response, representing the vendor community, to US-CERT's warning about SSL interception products.


March 1, 2017 tags:  SSL-TLS cryptography security-week

Encryption Smackdown: PlayStation 4 vs. XBox One!

Ladies and Gentlemen! Gamers and Cryptoheads! Have you ever wondered which major gaming console has the best message encryption? Well, I’m going to reveal the clear winner in my own recent personal test.


Jan. 27, 2017 tags:  SSL-TLS cryptography

The 2016 TLS Telemetry Report

Took me three years to compile the data for this report. It started out as a personal project that I wrote in a hotel room in Cologne Germany over a weekend. But hundreds of hours and millions of computer scans later... this report. It's all about global encryption trends over a three year period, with some analysis about why each trend is going the way it is. Warning: usual doses of Holmes humor contained within.


Jan. 4, 2017 tags:  SSL-TLS cryptography ddos

David Holmes Greatest Hits 2016 Edition

I wrote, starred in, or was mentioned in 48 pieces last year. A new record. Here's the best of them.