Dr. Fred Cohen

The do nothing defense

Of course until you are successfully attacked, doing nothing about security is a great approach. It saves money and time and costs you nothing. So lots of folks do nothing, or almost nothing, and I include myself in this latter approach – almost nothing. As little as I can get away with I do as …

The do nothing defense Read More »

API Security vs AUI security

How is an application program interface different from an other application interface? At a basic level, they are the same – in the sense that anything that can be exploited from one can be exploited from another – or at least it should be that way from a security perspective. But unfo9rtunately, that’s not how …

API Security vs AUI security Read More »

Privilege Escalation and Trust

Privilege escalation has always been a problem in computers, and after all these years, we still don’t seem to have a handle on the issue. I think this is closely related to our lack of understanding and systematic deployment of trust models and the nature of trust. Non-zero trust One of the good things about …

Privilege Escalation and Trust Read More »

Why does a 20 year old have access to TS/SCI and what do we do about it?

This is not the first time a young person has had authorized access to substantial amounts oftop secret sensitive compartmented information (TS/SCI) and leaked it. How could thishappen? It’s easy to understand… What do 20-year old people do in the military? Among other things, they are in the field being shot at and shooting, driving …

Why does a 20 year old have access to TS/SCI and what do we do about it? Read More »