People are starting to get the message that text/SMS is a weak form of multi-factor authentication (MFA). Fewer people know that there's a big gap between | Continue reading
I have a new analogy I'm using to describe Crypto, NFTs, and Web3. Imagine the whole world runs on candles and gas lamps, and one day we hear that | Continue reading
People are hyped about the metaverse, and it's honestly understandable. First, we're going through some shit as a species right now. Social tension, the | Continue reading
A clear explanation for why asset management is so critical to a company's security posture, and why it should always be step zero. | Continue reading
In a previous post I talked about how security questionnaires are security theater. They were in 2018---and they still are---but pointing this out always | Continue reading
This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on | Continue reading
This will be a stream of consciousness post. Feel free to skip if you're not up for some experimentation. In the US. There are many differences in how | Continue reading
Starting last fall you've probably heard people talking about a "k-shaped recovery". Investopedia says it's when two parts of the economy recover at | Continue reading
There's a paradox in information security where the community wants two things at once: 1. High quality research and talks, and 2. Unbiased research and | Continue reading
My buddy Jason tweeted this recently and it got me thinking. https://twitter.com/Jhaddix/status/1390569905519357954?s=20 Like him (we just talked about it | Continue reading
I've always been told that testosterone was the hormone for aggression, violence, and…basically…maleness. Food pyramid anyone? But after decades of being | Continue reading
A URI is an Identifier—like a specific document, book, or website—and a URL is an identifier that also tells you how to access it, such as… | Continue reading
The main virtue of an architect is the ability to reduce complexity. Thus, a good architect would never be proud of a complex diagram. Instead, he would | Continue reading
Something needs to be said about people's obsession with their tools, e.g., Linux vs. Windows, Vim vs. Nano, Sublime vs. Atom, etc. Your tools don't | Continue reading
Over the last few years I've seen two very different complaints against tech companies. Google is the most recent example. 1. Workers Being Treated | Continue reading
While at university I realized the best way for me to learn something was to research how it works, write a tutorial that covers the main concepts, and | Continue reading
I've been writing for probably a decade about how bad Google's GUI is for Google Analytics, Google Apps, and countless of their other properties---not to | Continue reading
I went a long time without understanding the basics of Agile, so here's a quick primer for myself that I hope is useful for others as well. ## What is | Continue reading
Regardless of who wins the presidency in 2020 there will be an incandescent conversation around polling. In short, how did they get it so wrong? The graph | Continue reading
I started writing online in 1999, and I get asked a lot about how I became decent at it. The short answer is lots and lots of bad writing, but the better | Continue reading
VPNs are more popular than ever, but I think many are confused about why they're running them. There's a concept in security called Threat Modeling, where | Continue reading
It's important for content creators---especially those in the newsletter and podcast spaces---to know what level of content they're bringing to their | Continue reading
The US is currently being ravaged by ransomware. Google News Results for US Ransomware Our schools are being disabled, our small businesses are being | Continue reading
Threat modeling is a superpower. When done correctly it gives you the ability to adjust your defensive behaviors based on what you’re facing in real-world | Continue reading
The clearest definitons (and differences) between a developer, a programmer, an engineer, and a hacker, with a visualization to illustrate… | Continue reading
I just came across another post on Hacker News talking about why you shouldn't move your SSH port off of 22 because it's Security by Obscurity. There are | Continue reading
I think we've lost the plot on disinformation. It’s not the attacks that are the problem. It’s the fact that too many Americans are willing to believe | Continue reading
I'm on a personal mission to get the creators in our InfoSec community to do two things: 1. Centralize all their creation around their own domain 2. Set | Continue reading
I think many things are happening at the same time to bring us to this level of unrest. 1. There is an extensive history of mistreatment of Black people | Continue reading
This is the content that visitors have most enjoyed on the site, and includes all categories of content from information security, to technology, to | Continue reading
A comprehensive guide to building a career in cybersecurity—from building your lab, education, certs, speaking, networking, presence, brand… | Continue reading
A lot of people who were on the internet in the early 2000's remember something called RSS. It stands for Really Simple Syndication, and it allowed | Continue reading
Many people are confused by the massive number of information security certifications available today. Some people already have one or more and are | Continue reading
A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things | Continue reading
If you want to have a productive discussion on a difficult topic, start by discarding the extremes. Very few want pure communism, pure market capitalism, | Continue reading
I've been playing with Linux since 1999 and using it steadily in one capacity or another since 2001. I've tinkered with just about every major | Continue reading
The clearest explanation you'll find for the difference between horsepower and torque, and which gives you more real-world acceleration. | Continue reading
It seems that there are two thinking camps when it comes to the flu shot: either 1) you believe that the flu shot absolutely causes the flu—and you should never take it… | Continue reading
I was just thinking about the biggest breaches we've had in history, from companies like Adobe, LinkedIn, Equifax, Marriott, Target, etc., and wondering | Continue reading
I've always been into vitamins. If I heard that it could make me stronger or faster, I was all about it. I'm still all about some supplements. But as I | Continue reading
Like many people I've been hearing the hype about Superhuman for a long time now. I signed up to get on the list forever ago, but forgot about it until a | Continue reading
I like to update my Vim configuration every 2-5 years just to make sure I am working with the latest and greatest version of Vim and that I'm doing things | Continue reading
Like my religious friends, I too would like to live forever. The thought of there being an end to my learning--a point at which my lifelong tool | Continue reading
The Information Security community has been debating software reliability for decades. Some say software is too advanced to place guarantees on it. And | Continue reading
The terms intelligence, information, and data are thrown around pretty loosely in most tech circles, and this inevitably leads to people confusing and/or | Continue reading
I many years ago I wrote a piece about why I didn't think Craig was Satoshi, and a bunch of reporters hit me up immediately for interviews. I didn't give | Continue reading
Introduction Adding Authentication HTTPS Listeners Tunneling SSH Tunneling RDP Serving Directories Summary TL;DR Introduction to Ngrok This works because | Continue reading
Someone released a video recently that seemed to show Nancy Pelosi slurring and mangling her speech. The video spread virally in right-leaning circles, | Continue reading