Post thumbnail

Understanding the way intrusions really happen is a long-standing interest of mine. This is quite a different set of questions compared to “how long does it take to detect,” or “how many records are stolen?” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Email attachments with exploits? SQL…

Read More How Are Computers Compromised (2020 Edition)

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure. It’s important…

Read More Medical Device Security Standards

There’s a new draft available from NIST, “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” They are accepting comments through August 5th.

Read More NIST on SDLs

Post thumbnail

(Reading the declaration of independence is a useful reminder of why we chose to dissolve the political bands that connected us to another. It’s not about jingoism, or the results of a plebiscite, but about a “long train of abuses and usurpations, pursuing invariably the same Object,” and the proper response to such acts.) In…

Read More The Unanimous Declaration of the Thirteen United States of America

Post thumbnail

That’s the subject of a thought-provoking Washington Post article, “In about 20 years, half the population will live in eight states,” and 70% of Americans will live in 15 states. “Meaning 30 percent will choose 70 senators. And the 30% will be older, whiter, more rural, more male than the 70 percent.” Of course, as…

Read More Half the US population will live in 8 states

Post thumbnail

Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption. The letter calls on government officials to become proponents of digital security and work collaboratively to help law enforcement adapt to the digital era. In…

Read More Keeping the Internet Secure