Where is the physical trust boundary?

There’s a story of a toothbrush security advisory making the rounds. This advisory is pretty funny but it matters. The actual issue with the toothbrush isn’t a huge deal, an attacker isn’t going to do anything exciting with the problems. The interesting issue here is we’re at the start of many problems like this we’re goingContinue reading “Where is the physical trust boundary?”

If your outcome is perfect or nothing, nothing always wins

This tweethttps://twitter.com/RichFelker/status/666325066838339584 Led to this threadhttp://marc.info/?t=144778171800001&r=1&w=2 The short version is there are some developers from Red Hat working on gcc attempting to prevent ROP style attacks. More than one person has accused this work of being pointless and a waste of time. It’s not, the waste of time is arguing about why trying new thingsContinue reading “If your outcome is perfect or nothing, nothing always wins”

Your containers were built in some guy’s barn!

Today containers are a bit like how cars used to work a long long long time ago. You couldn’t really buy a car, you had to build it yourself or find someone who could build one for you in their barn. The parts were terrible and things would break all the time. It probably ranContinue reading “Your containers were built in some guy’s barn!”

Is the Linux ransomware the first of many?

If you pay any attention to the news, no doubt the story of the Linux ransomware that’s making the rounds. There has been much said about the technical merits of this, but there are two things I keep wondering. Is this a singular incident, or the first of many? You could argue this either way. It mightContinue reading “Is the Linux ransomware the first of many?”

How do we talk to normal people?

How do we talk to the regular people? What’s going to motivate them? What matters to them? You can easily make the case that business is driven by financial rewards, but what can we say or do to get normal people to understand us, to care? Money? Privacy? Donuts? I’m not saying we’re going to turnContinue reading “How do we talk to normal people?”

How do we talk to business?

How many times have you tried to get buyin for a security idea at work, or with a client, only to have them say “no”. Even though you knew it was really important, they still made the wrong decision. We’ve all seen this more times than we can count. We usually walk away grumbling aboutContinue reading “How do we talk to business?”

What’s filling the vacuum?

Anytime there’s some sort of vacuum, something will appear to fill the gap. In this context we’re going to look at what’s filling the vacuum in security. There are a lot of smart people, but we’re failing horribly at getting our message out. The answer to this isn’t simple. You have to look at what’sContinue reading “What’s filling the vacuum?”

We’re losing the battle for security

The security people are currently losing the battle to win the hearts and minds of the people. The war is far from over but it’s not currently looking good for our team. As with all problems, if there is a vacuum, something or someone end up filling it. This is happening right now in security.Continue reading “We’re losing the battle for security”