Of course until you are successfully attacked, doing nothing about security is a great approach. It saves money and time and costs you nothing. So lots of folks do nothing, or almost nothing, and I include myself in this latter approach – almost nothing. As little as I can get away with I do as …
Many years ago, Gartner declared “Firewalls are Dead”, but some 20 years later (give or take) they are still reporting on “next-generation” firewalls. Why is that? Right to the answer Firewalls provide an economy of scale by substantially reducing the input sequences and noise that can contact interfaces. Let’s break that down: The claims against …
How is an application program interface different from an other application interface? At a basic level, they are the same – in the sense that anything that can be exploited from one can be exploited from another – or at least it should be that way from a security perspective. But unfo9rtunately, that’s not how …
People who don’t have to do it seem to not understand the nature of the cyber threat. This very short summary is intended for everyone who is responsible for it to hand to everyone else to help start a conversation and gain mutual understanding. The 6 questions people are commonly taught to ask are: who, …
Perhaps because more higher impact incidents are making the media these days. Perhaps there is an actual increase in threat actors, their activities, or the effectiveness of their activities. Perhaps the defenses have been spread too thin, perhaps … oh heck, perhaps all sorts of things. I know that in my career, I have been …
Why does it seem like more attacks are taking place? Read More »
Privilege escalation has always been a problem in computers, and after all these years, we still don’t seem to have a handle on the issue. I think this is closely related to our lack of understanding and systematic deployment of trust models and the nature of trust. Non-zero trust One of the good things about …
A new tactic appears to have arisen in the use of generative AI in social media. This tactic is comprised of rapidly generating seemingly knowledgeable responses to other people. One of the many challenges of this approach is that the generative AI is so lightweight in terms of understanding (It has none), that it mistakes …
This is not the first time a young person has had authorized access to substantial amounts oftop secret sensitive compartmented information (TS/SCI) and leaked it. How could thishappen? It’s easy to understand… What do 20-year old people do in the military? Among other things, they are in the field being shot at and shooting, driving …
Why does a 20 year old have access to TS/SCI and what do we do about it? Read More »
