Is dialup still an option?

TL;DR – No. Here’s why. I was talking with my Open Source Security Podcast co-host Kurt Seifried about what it would be like to access the modern Internet using dialup. So I decided to give this a try. My first thought was to find a modem, but after looking into this, it isn’t really an optionContinue reading “Is dialup still an option?”

You can’t weigh risk if you don’t know what you don’t know

There is an old saying we’ve all heard at some point. It’s often attributed to Donald Rumsfeld. There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns —Continue reading “You can’t weigh risk if you don’t know what you don’t know”

How do we explain email to an "expert"?

This has been a pretty wild week, more wild than usual I think we can all agree. The topic I found the most interesting wasn’t about one of the countless 0day flaws, it was a story from Slate titled: In Praise of the Private Email Server The TL;DR says running your own email server is aContinue reading “How do we explain email to an "expert"?”

The cost of mentoring, or why we need heroes

Earlier this week I had a chat with David A. Wheeler about mentoring. The conversation was fascinating and covered many things, but the topic of mentoring really got me thinking. David pointed out that nobody will mentor if they’re not getting paid. My first thought was that it can’t be true! But upon reflection, I’m pretty sureContinue reading “The cost of mentoring, or why we need heroes”

Can’t Trust This!

Last week saw a really interesting bug in TCP come to light. CVE-2016-5696 describes an issue in the way Linux deals with challenge ACKs defined in RFC 5961. The issue itself is really clever and interesting. It’s not exactly new but given the research was presented at USENIX, it suddenly got more attention from the press. The researchersContinue reading “Can’t Trust This!”