Hackers | Fabricants | Magazines | Virus / Malware
Schneier
IT Security
- Putting FUD Back in Information Security 8 mai 2018
FUD is Fear, Uncertainty and Doubt. A tactic well played in the early days of Information Security. I never liked it because… well you know that Boy Who Cried Wolf story, right? It appears to me that FUD is making a strong comeback. This time instead of being used to help bolster InfoSec budgets or […] - Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix 16 avril 2018
A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […] - Information Security and the Zero-Sum Game 1 avril 2018
A zero-sum game is a mathematical representation of a situation in which each participant’s gain or loss is exactly balanced by the losses or gains of the other participant. In Information Security a zero-sum game usually references the trade-off between being secure and having privacy. However, there is another zero-sum game often played with Information […] - Google’s new Gaming Venture: A New Player? 16 mars 2018
Google in Gaming – Facts and Speculation In January 2018, game industry veteran Phil Harrison announced that he was joining Google as a Vice President and GM. With Harrison’s long history of involvement with video game companies – having previously worked with Sony and Microsoft’s Xbox division – this immediately prompted speculation and rumours about […] - Bubble Economies and the Sustainability of Mobile Gaming 9 février 2018
Old Bubbles and New Bubbles Gaming is a technology-based market, and tech markets are no strangers to economic bubbles and the effects of them bursting. The market recession of the early 2000s, most commonly known as the Dotcom Crash, is probably the biggest and most influential ‘burst bubble’ of the internet era. The Dotcom Bubble […] - GDPR Material and Territorial Scopes 8 février 2018
The new EU General Data Regulation will enter into force 25 May of this year. The GDPR contains rules concerning the protection of natural persons when their personal data are processed and rules on the free movement of personal data. The new regulation is not revolutionary but an evolution from the previous Data Protection Act 1998 […] - Uh Oh 365 10 janvier 2018
In an earlier post, I talked about how some vendors tend to push enterprises into a weaker security posture. In this post, I continue with information relating to Office 365. Microsoft’s cloud implementation of the Office suite is mind boggling in its complexity and sheer want of native connectivity. If you are using a proxy, […] - Deceit and duplicity in the pursuit of monetizing social media 7 janvier 2018
One thing I really dislike is deceit and duplicity in the pursuit of monetizing social media. LinkedIn is a prime example, especially after its acquisition by Microsoft. Ever since Nadella took the helm, Microsoft seems hell bent on monetizing anything that moves — and I think we’re just seeing the beginning with LinkedIn. LinkedIn members […] - The Gaming Industry Going Into 2018 4 janvier 2018
Is the Game Industry Today Mirroring the Landscape of the 1983 Crash? Given the industry’s early years, the continued strengthening of the economics of video games has enjoyed phenomenal longevity since its last recession. With the industry having survived two severe crashes in quick succession – in 1977 and then in 1983 – the fact […] - Credit Due Where Credit Deserved – Microsoft 21 décembre 2017
In the past, I have criticized Microsoft for the privacy invasive defaults of Win10. I failed to mention a feature that sheds a bit of light on what they collect. Beyond changing many of the settings using tools (which I highlighted here), you can actually review and delete some of the metadata being collected. If […]
TAO Security
- Skill Levels in Digital Security 27 mars 2020
Two posts in one day? These are certainly unusual times.I was thinking about words to describe different skill levels in digital security. Rather than invent something, I decided to review terms that have established meaning. Thanks to Google Books I found this article in a 1922 edition of the Archives of Psychology that mentioned four key terms:The novice is a (person) who has no trade abili … - When You Should Blog and When You Should Tweet 27 mars 2020
I saw my like-minded, friend-that-I’ve-never-met Andrew Thompson Tweet a poll, posted above.I was about to reply with the following Tweet: »If I’m struggling to figure out how to capture a thought in just 1 Tweet, that’s a sign that a blog post might be appropriate. I only use a thread, and no more than 2, and hardly ever 3 (good Lord), when I know I’ve got nothing more to say. « 1/10, » « 1/n, » etc. … - COVID-19 Phishing Tests: WRONG 12 mars 2020
Malware Jake Tweeted a poll last night which asked the following: »I have an interesting ethical quandary. Is it ethically okay to use COVID-19 themed phishing emails for assessments and user awareness training right now? Please read the thread before responding and RT for visibility. 1/ »Ultimately he decided: »My gut feeling is to not use COVID-19 themed emails in assessments/training, but to TELL … - Seven Security Strategies, Summarized 6 novembre 2019
This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can’t fit all the ideas into one or two Tweets. (You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts!)In the interest of capturing the thought, and not in the interest of thinking too deeply or comprehensively (at least right now), I offer … - Five Thoughts on the Internet Freedom League 13 septembre 2019
In the September/October issue of Foreign Affairs magazine, Richard Clarke and Rob Knake published an article titled « The Internet Freedom League: How to Push Back Against the Authoritarian Assault on the Web, » based on their recent book The Fifth Domain. The article proposes the following:The United States and its allies and partners should stop worrying about the risk of authoritarians splitting … - Happy Birthday TaoSecurity.com 1 juillet 2019
Nineteen years ago this week I registered the domain taosecurity.com:Creation Date: 2000-07-04T02:20:16ZThis was 2 1/2 years before I started blogging, so I don’t have much information from that era. I did create the first taosecurity.com Web site shortly thereafter.I first started hosting it on space provided by my then-ISP, Road Runner of San Antonio, TX. According to archive.org, it looked like … - Reference: TaoSecurity Press 1 juillet 2019
I started appearing in media reports in 2000. I used to provide this information on my Web site, but since I don’t keep that page up-to-date anymore, I decided to publish it here. As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity matters, including those on background.2016Mr. Bejtlich was cited in the Forture story Meet the US’s First Ever Cyber Chief, published 8 Septem … - Reference: TaoSecurity Research 1 juillet 2019
I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don’t keep that page up-to-date anymore, I decided to publish it here.2015 and later: Please visit Academia.edu for Mr. Bejtlich’s most recent research.2014 and earlier: Seven Tips for Small Business Security, in the Huffington Post, 18 June 2014Strategy, Not Sp … - Reference: TaoSecurity News 1 juillet 2019
I started speaking publicly about digital security in 2000. I used to provide this information on my Web site, but since I don’t keep that page up-to-date anymore, I decided to publish it here.2017 Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. He interviewed four of the original six GE-CIRT incident handlers. The audio is posted on YouTube. Thank … - Know Your Limitations 29 mai 2019
At the end of the 1973 Clint Eastwood movie Magnum Force, after Dirty Harry watches his corrupt police captain explode in a car, he says « a man’s got to know his limitations. »I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal information-rich organizations.Several years ago I wrote If You Can’t Protect It, D …