Security
Information Asymmetry and the 1950s Nuclear Bounty
Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.
Security
The technical heart: vulnerability research, disclosure, threat analysis, the craft of finding and fixing
Security
Are you making a Walkman? Or an iPod?
When the walkman was introduced, it created a category. It's brand also became the term of description for that category.
Security
The Nth Country Experiment and Coincident Vulnerability Discovery
Nth Country Experiment - Nuclear MuseumCould any country with the right knowledge and technology build a nuclear bomb? From May 1964 to April 1967, the Lawrence Radiation Laboratory (the predecessor to the Lawrence Livermore National Laboratories and the Lawrence Berkeley National Laboratory) set out to answer this question. The Laboratory
Security
Forbes: Accelerating secure software development
7. Expect and plan for mistakes. Expect mistakes, and plan to capture and mitigate them quickly. After all, to err is human. Establishing a vulnerability disclosure and/or bug bounty program to engage hackers to continuously assess newly cut code is an effective and scalable way to achieve this. Casey
Security
DEF CON Black Hat 2020: Top 10 Tips
While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated folks who unite for Black Hat and DEF CON every year. In 2020, both conferences are running virtually, highlighting the remarkable zeal with which security professionals and hackers continue to
Security
WTF is happening on tcp:0? 2020 edition — Update 1
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Security
WTF is going on with TCP:0?
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk... Note: Never interact with a computer system beyond your level of authorization (i.e. without getting permission first). Connecting for a TCP handshake is fine... It's how the
Security
A few good cybersecurity companies
I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.
Security
Priority One: Insights into Submission and Payment Trends
2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons learned from the year nobody saw coming… As years go, 2020 was full of those! While I wish I could go back in time and tell
Security
To err is human — Kerckhoffs' Principle in Software Transparency
Shannon and Kerckhoff were pioneers of disclosure thinking — They understood the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in its relevance to the 'peacetime' software that we use today.
Security
Hacking styles
Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.
Security
A message to folks providing "free testing" at the moment
TLDR: If you’re performing any active, unsanctioned testing on healthcare systems: Please stop it. Don’t make their job any harder than it is right now.