New at Dark Reading, my When Security Goes Off the Rails, Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “Baltimore City leaders blame NSA for ransomware attack,” and “N.S.A. Denies Its Cyberweapon Was Used in…
Read More When security goes off the rails
Post thumbnail
“Making the Case for a Cybersecurity Moon Shot” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.”
Read More A Cybersecurity Moon ShotScientists have long assumed that the DNA polymerases on the leading and lagging strands somehow coordinate with each other throughout the replication process, so that one does not get ahead of the other during the unravelling process and cause mutations. But this new footage reveals that there’s no coordination at play here at all –…
Read More DNA Replicates, Filmed at 11.It’s a good thing that the Supreme Court’s conservative wing is opposed to judges making law, because if they added a new term like “bona fide relationship” to immigration law, it would be hugely confusing. A bona fide crisis for opponents of “judicial activism.” If you have an AT&T email account, Verizon is going to…
Read More Links of InterestWhen I saw that Wired had created a list, “20 People Who Are Creating the Future,” I didn’t expect to see anyone in security on it. I was proven wrong in a wonderful way — #1 on their list is Parisa Tabriz, under the headline “Put Humans First, Code Second.” A great choice, a well-deserved…
Read More Well-deserved accoladesI was recently in a meeting at a client site where there was a lot of eye rolling going on. It’s about not understanding the ground rules, and one of those groundrules is that security rarely flows downhill. That is, if you’re in a stack like the one to the right, the application is vulnerable…
Read More Security Rarely Flows DownhillThe Edge is an interesting site with in depth interviews with smart folks. There’s a long interview with Ross Anderson published recently. It’s a big retrospective on the changes over thirty years, and there’s enough interesting bits that I’ll only quote one: The next thing that’s happened is that over the past ten years or…
Read More Ross Anderson on EdgeAccess to an account is access to an account. A lot of systems talk about “backup” authentication, but make that backup authentication available at all times. This has led to all sorts of problems, because the idea that the street you grew up on is a secret didn’t make sense even before Yahoo! “invalidated“it. Not…
Read More Account RecoveryWhen I started blogging a dozen years ago, the world was different. Over time, I ended up with at least two main blogs (Emergent Chaos and New School), and guest posting at Dark Reading, IANS, various Microsoft blogs, and other places. I decided it’s time to bring all that under a single masthead, and hey,…
Read More A New BlogSo I’m curious: on what basis is the President of the United States able to issue orders to attack the armed forces of Syria? It is not on the basis of the 2001 “Authorization for Use of Military Force,” cited in many instances, because there has been no claim that Syria was involved in the…
Read More Syria