government

On Monday, the Department of Justice announced that it had cleaned malware (“webshells”) off of hundreds of infected mail systems running Microsoft Exchange. Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. A few minutes ago, I posted a screencapture of Microsoft’s autoupdater going…

Read More The Updates Must Go Through

In a simpler age, Matt Stoller famously lost his job for critiquing Google. He has a really interesting article summarizing and analyzing the massive anti-trust report at Congress Gets Ready to Smash Big Tech Monopolies. If you’re like me, unsure if or how this might matter, take the time to read what he said. (Via…

Read More On Monopolies

Post thumbnail

Understanding the way intrusions really happen is a long-standing interest of mine. This is quite a different set of questions compared to “how long does it take to detect,” or “how many records are stolen?” How the intrusion happens is about questions like: Is it phishing emails that steal creds? Email attachments with exploits? SQL…

Read More How Are Computers Compromised (2020 Edition)

Recently, I’ve seen four cybersecurity approaches for medical devices, and we can learn by juxtaposing them. The Principles and Practices for Medical Device Cybersecurity is a process-centered and comprehensive document from the International Medical Device Regulators Forum. It covers pre- and post- market considerations, as well as information sharing and coordinated vuln disclosure. It’s important…

Read More Medical Device Security Standards

There’s a new draft available from NIST, “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” They are accepting comments through August 5th.

Read More NIST on SDLs

Post thumbnail

(Reading the declaration of independence is a useful reminder of why we chose to dissolve the political bands that connected us to another. It’s not about jingoism, or the results of a plebiscite, but about a “long train of abuses and usurpations, pursuing invariably the same Object,” and the proper response to such acts.) In…

Read More The Unanimous Declaration of the Thirteen United States of America