I Thought I Was a Security Rockstar. I Was Just Stupid

This was originally published in my other blog, The OCD Diaries. I'm cross posting here because the content is relevant to Liquidmatrix readers. In pretty much every industry of late, people of great talent, drive and achievement are being labeled rock stars. I certainly see it as I work in the information security industry. Those who get the label tend to deserve it. But there’s a dangerous side-effect: The ...

Continue reading

Turning Away From The InfoSec Drama Machine

Some of you asked why I don’t write as much as I used to. Partial answer: My real job and a lot of family business leave me with less time and motivation to do so. But there’s something else, and it’s had a bigger impact: The squabbling on social media has gotten so childish that it’s not worth commenting on anymore. This is especially true in ...

Continue reading

O’Reilly Security Conference Takes Shape

Some industry friends are busy organizing the O'Reilly Security Conference, which will cover everything from how to defend against malware, spear-phishers and DDoS attacks to managing those challenges without sending teams over the edge or breaking the budget. The New York event starts with training sessions Oct. 30-31 and continues with tutorials and the full-on conference Oct. 31-Nov. 2. The event moves on to Amsterdam with training Nov. 8-9 and the ...

Continue reading

Eighth Annual ISSA-LA Summit Next Month

Attention, security professionals in Southern California: If you want to hear some high-value talks, the next ISSA-LA (Information Systems Security Association) Summit is May 20 at the Universal City Hilton. LA chapter President Richard Greenberg, also chapter president of OWASP LA, has done a great job organizing the event in recent years. Attendees can choose from a variety of talks on such topics as security governance, application security, security awareness and ...

Continue reading

With Security Research, Always Spread The Credit

As I write this on a peaceful Palm Sunday afternoon, my Facebook feed is ablaze with outrage over a keynote Lookout Co-Founder and CTO Kevin Mahaffey gave at the CeBIT Global Conferences. The talk was about research he and CloudFlare Principal Security Researcher Marc Rogers conducted into security vulnerabilities in the Tesla Model S. Why the outrage? If you watch the video, Mahaffey seems to take most of the credit ...

Continue reading

On Hacking Dildos (Audio)

The press Trend Micro is getting for its research on the hacking of sex toys reminds me of a podcast recording I did a couple years ago with Gillis Jones and others. The articles currently making the rounds neglect to mention that this topic came up during the DEF CON 2014 Fail Panel. If Don Weber and Larry Pesce -- the hackers who brought this gem to the masses -- have ...

Continue reading

Look at How Smart Bill Brenner and Dave Lewis Are!

Well, maybe not. But David Spark decided to stick a camera in our faces anyway. The question: Is a network appliance-only defense a costly failure? The answer: “The less segmentation you have, the more you’re giving the path of least resistance to the malicious hacker,” said Bill Brenner (@billbrenner70), Senior Tech Writer, Akamai Technologies. Don’t fool yourself into believing an array of network appliances are going to solve ...

Continue reading

The Best Video from RSA 2016 So Far

Though RSAC2016 is a time when security vendors launch a hundred mediocre initiatives, there are always brilliant exceptions -- a piece of content or promotion so freakin' awesome that it makes up for all the garbage. This year a video from Duo Security is the winner, in my humble opinion. In the video, famed researcher Dan Kaminsky talks about a security audit at Microsoft that showed Clippy doing more harm ...

Continue reading

“CSI: Cyber” at #RSAC2016

RSAC2016 The information security community recently lost its collective mind because actors from the much-maligned CSI: Cyber TV series are on the keynote schedule for RSA Conference 2016. Liquidmatrix's own Dave Lewis, writing as @gattaca, captured the sentiment on Twitter a few weeks back: Wait…wait… just…wait. Actors from CSI:Cyber are giving keynotes at RSA? O_o A lot of analysis has been devoted to RSA’s decision. I ...

Continue reading

4 Tips for Jaded #RSAC Attendees

For years, I've been writing annual survival guides for new attendees at Black Hat, DEF CON and RSA. I'll do the same this year, but for this post I want to build on a new survival guide I created for the more jaded conference-goer. The occasion was last summer's Black Hat/DEF CON. Now, it's for those who will be attending their zillionth RSA Conference at the end of February. ...

Continue reading