I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is... | Continue reading
Today, The Intercept released documents on election tampering from an NSA leaker. Later, the arrest warrant request for an NSA contractor ... | Continue reading
Five years ago, online magazine Slate broke a story about how DNS packets showed secret communications between Alfa Bank in Russia and the ... | Continue reading
Many people make the same claim as this tweet. It's obviously wrong. Yes,, the right-wing has a problem with science, but this isn't it. If ... | Continue reading
I'm trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I'm going to discuss some of ... | Continue reading
Code is an essential skill of the infosec professional, but there are so many languages to choose from. What language should you learn? As a... | Continue reading
Today, somebody had a problem: they kept seeing a popup on their screen, and obvious scam trying to sell them McAfee anti-virus. Where was t... | Continue reading
Recently, Twitter was hacked. CEOs who read about this in the news ask how they can protect themselves from similar threats. The following... | Continue reading
"NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Spec... | Continue reading
New York Times reporter Nicole Perlroth has written a book on zero-days and nation-state hacking entitled “ This Is How They Tell Me The W... | Continue reading
New York Times reporter Nicole Perlroth has written a book on zero-days and nation-state hacking entitled “ This Is How They Tell Me The W... | Continue reading
Microsoft estimates it would take 1,000 to carry out the famous SolarWinds hacker attacks . This means in reality that it was probably fewer... | Continue reading
There are two fights in Congress now against the DMCA, the "Digital Millennium Copyright Act". One is over Section 512 covering "takedowns" ... | Continue reading
The NYPost Hunter Biden story has triggered a lot of sleuths obsessing on technical details trying to prove it's a hoax. So far, these cla... | Continue reading
When emails leak, we can know whether they are authenticate or forged. It's the first question we should ask of today's leak of emails of ... | Continue reading
Infosec is a largely non-technical field. People learn a topic only as far as they need to regurgitate the right answer on a certification t... | Continue reading
Inspired by falsehoods programmers believe about time and usernames , I thought I'd start collecting falsehoods programmers have about netw... | Continue reading
One of the problems with bash is that it's simply obsolete code. We have modern objective standards about code quality, and bash doesn't mee... | Continue reading
Today Huawei published a video explaining the concept of "backdoors" in telco equipment. Many are criticizing the video for being tone deaf.... | Continue reading
At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS t... | Continue reading
"RISC" was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they f... | Continue reading
This last week, the Attorney General William Barr called for crypto backdoors . His speech is a fair summary of law-enforcement's side of t... | Continue reading
Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the... | Continue reading
Microsoft announced a vulnerability in it's "Remote Desktop" product that can lead to robust, wormable exploits. I scanned the Internet to a... | Continue reading
A recent NYTimes article blaming the NSA for a ransomware attack on Baltimore is typical bad journalism. It's an op-ed masquerading as a ne... | Continue reading
In today's news, after 9 years holed up in the Ecuadorian embassy, Julian Assange has finally been arrested. The US DoJ accuses Assange for ... | Continue reading
In the news, the National Enquirer has extorted Amazon CEO Jeff Bezos by threatening to publish the sext-messages/dick-pics he sent to his m... | Continue reading
My dad is on some sort of committee for his local home owners association. He asked about saving all the passwords in a file stored on Micro... | Continue reading
The recent Bloomberg article about Chinese hacking motherboards is a great opportunity to talk about problems with journalism. Journalis... | Continue reading
HTTP/3 is going to be standardized. As an old protocol guy, I thought I'd write up some comments. Google (pbuh) has both the most popular ... | Continue reading
I'd prefer a Republican governor, but as a cybersecurity expert, I have to point out how bad Brian Kemp (candidate for Georgia governor) is ... | Continue reading
Systemd has a remotely exploitable bug in it's DHCPv6 client. That means anybody on the local network can send you a packet and take control... | Continue reading
Somebody ( @thegrugq ) pointed me to this article on " Lessons on Irregular Cyber Warfare ", citing the masters like Sun Tzu, von Clausewitz... | Continue reading
So Slate is doubling-down on their discredited story of a secret Trump server. Tip for journalists: if you are going to argue against an e... | Continue reading
Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. T... | Continue reading
The latest XKCD comic on voting machine software is wrong, profoundly so. It's the sort of thing that appeals to our prejudices, but mistake... | Continue reading
Lots of government people are focused on IoT security, such as this bill or this recent effort . They are usually wrong. It's a typical cy... | Continue reading
First Lady Melania Trump announced a guide to help children go online safely. It has problems. Melania's guide is full of outdated, impra... | Continue reading
I'm in danger of contradicting myself, after previously pointing out that x86 machine code is a high-level language , but this article claim... | Continue reading
I'm in danger of contradicting myself, after previously pointing out that x86 machine code is a high-level language , but this article claim... | Continue reading