Fast security is the best security

DevOps security is a bit like developing without a safety net. This is meant to be a reference to a trapeze act at the circus for those of you who have never had the joy of witnessing the heart stopping excitement of the circus trapeze. The idea is that when you watch a trapeze actContinue reading “Fast security is the best security”

Who cares if someone hacks my driveway camera?

I keep hearing something from people about IoT that reminds me of the old saying, if you’ve done nothing wrong, you have nothing to fear. This attitude is incredibly dangerous in the context of IoT devices (it’s dangerous in all circumstances honestly). The way I keep hearing this in the context of IoT is somethingContinue reading “Who cares if someone hacks my driveway camera?”

Free security is the only security that really works

There are certain things people want and will pay for. There are things they want and won’t. If we look at security it’s pretty clear now that security is one of those things people want, but most won’t pay for. The insane success of Let’s Encrypt is where this thought came from. Certificates aren’t new,Continue reading “Free security is the only security that really works”

Stop being the monkey’s paw

Tonight while I was handing out candy on Halloween as the children came to the door trick-or-treating getting whatever candy I’ve not yet eaten. I started thinking about scary stories the security universe. Some of the things we do in Security could be compared to the old fable of the cursed monkey’s paw, which isContinue reading “Stop being the monkey’s paw”

Security is in the same leaky boat as the sysadmins

Sysadmins used to rule the world. Anyone who’s been around for more than a few years remembers the days when whatever the system administrator wanted, the system administrator got. They were the center of the business. Without them nothing would work. They were generally super smart and could quite often work magic with what theyContinue reading “Security is in the same leaky boat as the sysadmins”

IoT Can Never Be Fixed

This title is a bit click baity, but it’s true, not for the reason you think. Keep reading to see why. If you’ve ever been involved in keeping a software product updated, I mean from the development side of things, you know it’s not a simple task. It’s nearly impossible really. The biggest problem isContinue reading “IoT Can Never Be Fixed”

Can I interest you in talking about Security?

I had a discussion last week with some fellow security folks about how we can discuss security with normal people. If you pay attention to what’s going on, you know the security people and the non security people don’t really communicate well. We eventually made our way to comparing what we do to the doorContinue reading “Can I interest you in talking about Security?”

Impossible is impossible!

Sometimes when you plan for a security event, it would be expected that the thing you’re doing will be making some outcome (something bad probably) impossible. The goal of the security group is to keep the bad guys out, or keep the data in, or keep the servers patched, or find all the security bugsContinue reading “Impossible is impossible!”

Who left all this fire everywhere?

If you’re paying attention, you saw the news about Yahoo’s breach. Five hundred million accounts. That’s a whole lot of data if you think about it.  But here’s the thing. If you’re a security person, are you surprised by this? If you are, you’ve not been paying attention. It’s pretty well accepted that there areContinue reading “Who left all this fire everywhere?”

Is dialup still an option?

TL;DR – No. Here’s why. I was talking with my Open Source Security Podcast co-host Kurt Seifried about what it would be like to access the modern Internet using dialup. So I decided to give this a try. My first thought was to find a modem, but after looking into this, it isn’t really an optionContinue reading “Is dialup still an option?”