Can’t Trust This!

Last week saw a really interesting bug in TCP come to light. CVE-2016-5696 describes an issue in the way Linux deals with challenge ACKs defined in RFC 5961. The issue itself is really clever and interesting. It’s not exactly new but given the research was presented at USENIX, it suddenly got more attention from the press. The researchersContinue reading “Can’t Trust This!”

We’re figuring out the security problem (finally)

If you attended Black Hat last week, the single biggest message I kept hearing over and over again is that what we do today in the security industry isn’t working. They say the first step is admitting you have a problem (and we have a big one). Of course it’s easy to proclaim this, ifContinue reading “We’re figuring out the security problem (finally)”

Using a HooToo Nano as a magic VPN box

I’ve been getting myself ready for Blackhat. If you’re going you know this conference isn’t like most. You don’t bring your normal gear with you. You turn the tinfoil hat knob up to an 11, then keep turning it until it breaks off. I did do one thing that’s pretty clever this year though, IContinue reading “Using a HooToo Nano as a magic VPN box”

But I have work to do!

There’s a news story going around that talks about how horrible computer security tends to be in hospitals. This probably doesn’t surprise anyone who works in the security industry, security is often something that gets in the way, it’s not something that helps get work done. There are two really important lessons we should takeContinue reading “But I have work to do!”

Decentralized Security

If you’re a fan of the cryptocurrency projects, you’ve heard of something called Ethereum. It’s similar to bitcoin, but is a seperate coin. It’s been in the news lately due to an attack on the currency. Nobody is sure how this story will end at this point, there are a few possible options, none are good.Continue reading “Decentralized Security”

Ready to form Voltron! why security is like a giant robot make of lions

Due to various conversations about security this week, Voltron came up in the context of security. This is sort of a strange topic, but it makes sense when we ponder modern day security. If you talk to anyone, there is generally one thing they push as a solution for a problem. This is no differentContinue reading “Ready to form Voltron! why security is like a giant robot make of lions”

Is there a future view that isn’t a security dystopia?

I recently finished reading the book Ghost Fleet, it’s not a bad read if you’re into what cyberwar could look like. It’s not great though, I won’t suggest it as the book of the summer. The biggest thing I keep thinking about is I’ve yet to really see any sort of book that takes place inContinue reading “Is there a future view that isn’t a security dystopia?”