But I have work to do!

There’s a news story going around that talks about how horrible computer security tends to be in hospitals. This probably doesn’t surprise anyone who works in the security industry, security is often something that gets in the way, it’s not something that helps get work done. There are two really important lessons we should takeContinue reading “But I have work to do!”

Decentralized Security

If you’re a fan of the cryptocurrency projects, you’ve heard of something called Ethereum. It’s similar to bitcoin, but is a seperate coin. It’s been in the news lately due to an attack on the currency. Nobody is sure how this story will end at this point, there are a few possible options, none are good.Continue reading “Decentralized Security”

Ready to form Voltron! why security is like a giant robot make of lions

Due to various conversations about security this week, Voltron came up in the context of security. This is sort of a strange topic, but it makes sense when we ponder modern day security. If you talk to anyone, there is generally one thing they push as a solution for a problem. This is no differentContinue reading “Ready to form Voltron! why security is like a giant robot make of lions”

Is there a future view that isn’t a security dystopia?

I recently finished reading the book Ghost Fleet, it’s not a bad read if you’re into what cyberwar could look like. It’s not great though, I won’t suggest it as the book of the summer. The biggest thing I keep thinking about is I’ve yet to really see any sort of book that takes place inContinue reading “Is there a future view that isn’t a security dystopia?”

Regulation can fix security, except you can’t regulate security

Every time I start a discussion about how we can solve some of our security problems it seems like the topics of professional organizations and regulation are where things end up. I think regulations and professional organizations can fix a lot of problems in an industry, I’m not sure they work for security. First let’sContinue reading “Regulation can fix security, except you can’t regulate security”

Security will fix itself, eventually

If you’re in the security industry these days things often don’t look very good. Everywhere you look it sometimes feels like everything is on fire. The joke is there are two types of companies, those that know they’ve been hacked and those that don’t. The world of devices looks even worse. They’re all running oldContinue reading “Security will fix itself, eventually”

Security isn’t a feature, it’s a part of everything

Almost every industry goes through a time when new novel features are sold as some sort of add on or extra product. Remember needing a TCP stack? What about having to buy a sound card for your computer, or a CD drive? (Does anyone even know what a CD is anymore?) Did you know thatContinue reading “Security isn’t a feature, it’s a part of everything”

Trusting, Trusting Trust

A long time ago Ken Thompson wrote something called Reflections on Trusting Trust. If you’ve never read this, go read it right now. It’s short and it’s something everyone needs to understand. The paper basically explains how Ken backdoored the compiler on a UNIX system in such a way it was extremely hard to get ridContinue reading “Trusting, Trusting Trust”