Professional

By Year: 2018 - 24 items


Oct. 9, 2018 tags:  SSL-TLS cryptography hackers

The Top Ten Hardcore F5 Security Features in BIG-IP 14.0

My *love letter* to version 14.0 of the F5 product suite. These Top Ten articles are always popular with the engineers in the field, many of whom send directly to their customers. These are always a ton of work for me, as I have to get the giant list of requirements, understand them, rank them, and write copy (and jokes) about them. Even as I complain, I must admit that these were also my favorite articles for F5 :)


Sept. 27, 2018 tags:  infosec policy

Data Privacy and the 2018 Philippine Identification System Act

Here's an essay I wrote about what I think are the data privacy concerns around the Philippine National ID system (PhilSys). Having a national identification system is a good thing; this essay contains my advice to the implementors of PhilSys, so that they can most properly secure their citizen's data.


Sept. 12, 2018 tags:  ddos in-the-news iot

App protection amid evolving app landscape, automated attacks

Networks Asia quoted me for a piece on Internet of Things and automated attacks


Aug. 21, 2018 tags:  in-the-news infosec policy

National ID Systems and Data Privacy

After receiving some media inquiries around the Philippines national ID system, I put together an essay, with the help of my indispensible personal assistant in the islands, on data privacy and the Philippine National ID system (PhilSys). Back End Systems quoted me from the essay in this article. See F5 Labs for the main essay.


Aug. 15, 2018 tags:  infosec iot

F5Agility18: Application security and evolving threats

Here's a video interview done by none other than F5's Calvin Rowland himself. He and I are both 17-year veterans of F5 Networks, and we're both good (or at least energetic) on video. He's interviewing me for our Agility Live series, and I'm discussing some of our security research at F5 labs.


Aug. 1, 2018 tags:  in-the-news hackers

David Holmes: On the trade-off between security and convenience in technology

Bucket list item achieved. I was interviewed on live TV in the Philippines on the ANC Early Edition news program about consumer internet safety and how Filipinos view it through the lens of convenience vs. security. There were likely millions of people watching and but it was just so much fun! Would do it again :)


June 24, 2018 tags:  in-the-news infosec iot

Securing IoT Devices: The Challenges

Here's an interview I did for Info Risk Today about blockchain and the Internet of Things.


June 18, 2018 tags:  in-the-news hackers iot

Singapore top cyber attack target during Trump Kim Summit

We released an original report showing a spike in SIP protocol attacks against Singapore during the Trump / Kim summit there. Singapore Today interviewed me about the article.


May 22, 2018 tags:  SSL-TLS cryptography security-week

Fitting Forward Security into Today's Security Architecture

I've been talking about this problem for years (it seems), but there's been an update. Toward the end.


May 17, 2018 tags:  infosec

Managing Security in a Multi-Cloud Era

Here's a video interview of me talking about multi-cloud security. I don't honestly remember what I said it was so long ago but I'm sure it was dripping with profundity.


May 2, 2018 tags:  infosec hackers security-week

Spring 2018 Password Attacks

This is basically me channelling a series of emails with Marc LeBeau. He gave me permission to submit it as an article and I really like the way it came out. BTW can you guess the racy password that my editors didn't want me to write about?


April 21, 2018 tags:  infosec iot

Australian CyberSecurity Magazine - IoT, DDoS and Threat Modeling

Here's an audio interview I did at the Australian CyberSecurity Conference at Canberra in April of 2018. About 10 minutes. A little background noise, because we just did it in a quietish corner of the conference.


April 15, 2018 tags:  SSL-TLS cryptography

The 2017 TLS Telemetry Report

Here's the second edition of the TLS Telemetry report. This is my ongoing research into worldwide cryptographic trends, covering such topics as protocol preference, forward secrecy adoption, SSL security headers and more. Really like the tasteful cover on this one. Beautiful!


March 25, 2018 tags:  in-the-news infosec iot

IoT: Moving to Security by Design

ISMG's Suparna Goswami interviewed me about my thoughts on IoT Security. 12 minutes of David Holmes braindumping IoT security at you.


March 23, 2018 tags:  in-the-news infosec iot

44% of Telnet Scans come from China

IT Pro wrote an article based on our media briefing in HK. I don't actually know what it says, but I think it's something like "44% of Telnet scans (or attacks) coming from China". Google Translate doesn't work for cantonese?


March 22, 2018 tags:  infosec security-week policy

5 Fun Facts about the Singapore Cybersecurity Statute

Someone asked me what I thought about the recently passed Singapore Cybersecurity Statute. So I did some research and turned it into an article for SecurityWeek.


March 7, 2018 tags:  in-the-news infosec iot

Hidden in Plain Sight: How IoT will make us more vulnerable

Malay Business Insight's coverage of F5 Labs' Hunt for IoT Volume 4 report.


March 7, 2018 tags:  in-the-news iot

David Holmes: Yes, Tony Stark, He Could Be

The Malay Business Insight newspaper has a circulation of over 80,000 in the Philippines. After an Interview I did on our recent volume 4 of the Hunt for IoT thingbots, Sir Raymond Gregory Tribdino published these two articles, one on IoT and one on how I look like Tony Stark. The resemblance usually escapes me, but I hear it all the time. Like about 10 times a year.


March 1, 2018 tags:  cryptography infosec security-week

Where to Look for Mining Malware and How to Respond

My recommendations on how to spot cryptocurrency mining malware on your network and what to do when you spot it.


Feb. 23, 2018 tags:  SSL-TLS ddos

The Top Ten Hardcore F5 Security Features in BIG-IP 13

Omg these are so popular. I've been writing these "borderline outrageous" top ten series for three years now and it they are a HUGE amount of work. I have to understand all of the security features in order to sort and prioritize them, and then think of a joke for each one. But they're everyone's favorite content, so I'll keep writing them :)


Feb. 5, 2018 tags:  in-the-news hackers

Is the Philippines ready for the Internet's Dark Side?

What's the difference between DarkWeb and DarkNet? That's just one of the questions that my colleague, Ray Pompon, and I answered in this wide ranging interview. Really liked how this one came out.


Jan. 30, 2018 tags:  infosec iot

IoT: Moving to Security by Design

Here's the podcast of an interview I gave for Data Breach Today and Info Risk Today to Suparna Goswami of ISMG. This is basically the podcast version of the stump speech I give about securing IoT.


Jan. 24, 2018 tags:  SSL-TLS cryptography

Everyone loves Curves! But Which Elliptic Curve is the Most Popular?

I was doing a research piece on the prevalence of different elliptic curves, and turned it into a blog. For some reason I started comparing each curve to a different pop star. Eventually it seemed silly but my editors liked it that way so we published it. This is all from my TLS scanning project.


Jan. 4, 2018 tags:  infosec hackers

MIRAI IS ATTACKING AGAIN, SO WE’RE OUTING ITS HILARIOUS, EXPLICIT C&C HOSTNAMES

Slightly explicit content here. Was talking with my colleague Justin, and he was saying how the latest list of command-and-control hostnames for the Mirai botnet contained some hilarious examples like "cnc.smokemethallday.tk". We thought it would be a good for a laugh to do some analysis on the names where the servers are hosted from.