I woke up at 5:30am this morning with an idea. Many studies have shown that appreciation and gratitude are critical to happiness, and perhaps the first levels of this have to do with appreciating certain things, or people, or periods of time. One example might be high school, or college, or the time with a certain company. I…
Archives for March 2016
Analysis of Verizon’s 2016 Data Breach Digest
I’m staring to make it a habit to do a quick read and summary of data breach reports. Here’s the summary for Verizon’s 2016 Data Breach Digest. Observations Covers 2015 Over 500 cybersecurity incidents Over 40 countries Over 70 contributors VERIS is the Vocabulary for Event Recording and Incident Sharing The DBD looks at a subset, in this…
How to Use the Dot Before @ Reply on Twitter
Mar 11, 2019 — This no longer works like this. Many people are confused about the difference between starting a tweet with @someone vs. .@someone, i.e. adding a dot or a period before the username. Here’s the difference: If you just reply with @username the tweet will only go to people who follow both you AND that person…
T1SP: Episode 32
[ Subscribe to the Podcast: iTunes | Android ] News [ ] Verizon Enterprise Solutions had a major data breach of their customer data. This is the group that handles breaches for their customers. “Virtually every attack in this data set (98 percent) was opportunistic in nature, all aimed at easy marks…” [ ] Iranians charged with attacks…
Exchanging Services in the Future
Instead of catching the bus, Crowley decides to get some exercise on this beautiful day and get dinner on his walk home. Unbeknownst to Crowley, a woman named Sofia who lives on the street he’s walking down has just made a big salad for her family and realizes she’s made too much and will have leftovers. Source: A…
Why I Still Like my Apple Watch
A lot of people seem to be unsatisfied with their Apple Watches. I think I know why that is, and it simply doesn’t apply to me. I think many people needed to be convinced that they wanted one in the first place. They had to be sold an ephemeral magic thing that was going to happen. But it…
Securing Your Public Source Code Repositories
Public source code repositories, such as those available on Github and similar services, are extraordinarily powerful. They allow programmers to share their projects and get feedback from fellow coders. But there are downsides to being this transparent with one’s source code. Many who use services like Github aren’t aware of what they’re sharing, nor of how easy it is…
Good Parenting and Focus on Self Are Mutually Exclusive
Perhaps one of the problems in the western world is that there is an inherent conflict between being a good parent and focusing on yourself. People seem to be getting more selfish. More about what they want to accomplish. Where they want to go. What they want to eat. And when they want to do these things. That’s…
AI Assistants Are The New Applications
There’s an entire ecosystem, akin to the App Store in its scale, to be built. When you can quickly and easily interact with Dominos, United Airlines and Capital One on Messenger, and will you ever use their bloated native apps again? The current bot landscape feels a lot like the web in 1995, or mobile apps in 2008.…
Innovative Security Products (2016 Edition)
One of the highest value events at RSA every year is the Innovation Sandbox, where companies are given just a few minutes to pitch their company’s product. You might expect the companies to be saying the same things in different ways, but when you get to the Top 10 competitors the ideas are usually quite fresh. Let me…
Idea Expansion Format (IEF)
I think it’s far too difficult to extract the key ideas from most content. I’m mostly speaking of books, but the idea really abstracts to any medium where the goal is to transfer concepts to someone. What I want to be able to do is get an explanation about a particular piece of work that is tuned to…
T1SP: Episode 31
[ Subscribe to the Podcast: iTunes | Android ] News [ ] FBI saying it will force Apple to hand over source code and signing ability if they don’t comply | http://thehackernews.com/2016/03/fbi-apple-iphone.html [ ] Locky ransomware campaign, JS downloader [ ] X11 forwarding issue in OpenSSH, update now [ ] Seagate Phish Exposes All Employee W-2’s [ ] Apple…
Human Attention as Influence Attack Surface
We are living in a world in which a handful of high-tech companies, sometimes working hand-in-hand with governments, are not only monitoring much of our activity, but are also invisibly controlling more and more of what we think, feel, do and say. Source: How the internet flips elections and alters our thou… I’ve been thinking a lot about…
On Helping Friends With Their Careers
I’ve always been known as the guy that helps his friends. I’d never want that to change. I enjoy helping people, and I especially enjoy helping friends. But I feel like I’ve learned a lot over the last 10 years of doing it. Lessons learned in helping friends The primary thing you should be filtering for when you…
How to Manage Expectations in Internal Security Leadership Roles
I’ve seen numerous friends and acquaintances take and serve in upper-level security roles inside large companies. By this I mean director, VP, or CISO type roles in organizations with more than like 5,000 employees. These are roles where the actual infosec aspects are often dwarfed considerably by politics and budget, and where success or failure can hinge upon…
We Need a Socialist Correction, Not Socialism
There’s a reason I’m not afraid of Bernie Sanders’ socialism, and it’s quite simple. We are due for a correction. Not a remake. Not a restart. Not a do-over. Just a correction. But here’s the thing: I believe (I’m not an expert on this) we already know that pure socialism does not work. It’s not just rhetoric that…
RSA 2016 Analysis
Every year at RSA I try to spend time on the floor looking at the vendors. I do this not only because they might be able to help my customers, but also because I like finding the trends in InfoSec products overall. And every year I write a post that captures some of my thoughts around the event,…
The DROWN SSL Attack
DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack. Source: DROWN Attack There’s a new attack against SSL, specifically SSLv2. Similar to other named attacks, DROWN uses multiple SSLv2 connections to…