By Year: 2018 - 24 items
My *love letter* to version 14.0 of the F5 product suite. These Top Ten articles are always popular with the engineers in the field, many of whom send directly to their customers. These are always a ton of work for me, as I have to get the giant list of requirements, understand them, rank them, and write copy (and jokes) about them. Even as I complain, I must admit that these were also my favorite articles for F5 :)
Here's an essay I wrote about what I think are the data privacy concerns around the Philippine National ID system (PhilSys). Having a national identification system is a good thing; this essay contains my advice to the implementors of PhilSys, so that they can most properly secure their citizen's data.
Networks Asia quoted me for a piece on Internet of Things and automated attacks
After receiving some media inquiries around the Philippines national ID system, I put together an essay, with the help of my indispensible personal assistant in the islands, on data privacy and the Philippine National ID system (PhilSys). Back End Systems quoted me from the essay in this article. See F5 Labs for the main essay.
Here's a video interview done by none other than F5's Calvin Rowland himself. He and I are both 17-year veterans of F5 Networks, and we're both good (or at least energetic) on video. He's interviewing me for our Agility Live series, and I'm discussing some of our security research at F5 labs.
Bucket list item achieved. I was interviewed on live TV in the Philippines on the ANC Early Edition news program about consumer internet safety and how Filipinos view it through the lens of convenience vs. security. There were likely millions of people watching and but it was just so much fun! Would do it again :)
Here's an interview I did for Info Risk Today about blockchain and the Internet of Things.
We released an original report showing a spike in SIP protocol attacks against Singapore during the Trump / Kim summit there. Singapore Today interviewed me about the article.
I've been talking about this problem for years (it seems), but there's been an update. Toward the end.
Here's a video interview of me talking about multi-cloud security. I don't honestly remember what I said it was so long ago but I'm sure it was dripping with profundity.
This is basically me channelling a series of emails with Marc LeBeau. He gave me permission to submit it as an article and I really like the way it came out. BTW can you guess the racy password that my editors didn't want me to write about?
Here's an audio interview I did at the Australian CyberSecurity Conference at Canberra in April of 2018. About 10 minutes. A little background noise, because we just did it in a quietish corner of the conference.
Here's the second edition of the TLS Telemetry report. This is my ongoing research into worldwide cryptographic trends, covering such topics as protocol preference, forward secrecy adoption, SSL security headers and more. Really like the tasteful cover on this one. Beautiful!
ISMG's Suparna Goswami interviewed me about my thoughts on IoT Security. 12 minutes of David Holmes braindumping IoT security at you.
IT Pro wrote an article based on our media briefing in HK. I don't actually know what it says, but I think it's something like "44% of Telnet scans (or attacks) coming from China". Google Translate doesn't work for cantonese?
Someone asked me what I thought about the recently passed Singapore Cybersecurity Statute. So I did some research and turned it into an article for SecurityWeek.
Malay Business Insight's coverage of F5 Labs' Hunt for IoT Volume 4 report.
The Malay Business Insight newspaper has a circulation of over 80,000 in the Philippines. After an Interview I did on our recent volume 4 of the Hunt for IoT thingbots, Sir Raymond Gregory Tribdino published these two articles, one on IoT and one on how I look like Tony Stark. The resemblance usually escapes me, but I hear it all the time. Like about 10 times a year.
My recommendations on how to spot cryptocurrency mining malware on your network and what to do when you spot it.
Omg these are so popular. I've been writing these "borderline outrageous" top ten series for three years now and it they are a HUGE amount of work. I have to understand all of the security features in order to sort and prioritize them, and then think of a joke for each one. But they're everyone's favorite content, so I'll keep writing them :)
What's the difference between DarkWeb and DarkNet? That's just one of the questions that my colleague, Ray Pompon, and I answered in this wide ranging interview. Really liked how this one came out.
Here's the podcast of an interview I gave for Data Breach Today and Info Risk Today to Suparna Goswami of ISMG. This is basically the podcast version of the stump speech I give about securing IoT.
I was doing a research piece on the prevalence of different elliptic curves, and turned it into a blog. For some reason I started comparing each curve to a different pop star. Eventually it seemed silly but my editors liked it that way so we published it. This is all from my TLS scanning project.
Slightly explicit content here. Was talking with my colleague Justin, and he was saying how the latest list of command-and-control hostnames for the Mirai botnet contained some hilarious examples like "cnc.smokemethallday.tk". We thought it would be a good for a laugh to do some analysis on the names where the servers are hosted from.