The Way Forward for Chris Roberts, One World Labs

The plight of One World Labs Founder Chris Roberts has been picked to death on social media this past week. There's all the trouble he's in with the FBI for his airplane-hacking claims. There's the hit to his company, which had to let a lot of good security talent go last week. Some shake their heads in disbelief because he apparently spoke to the FBI about his activities without a ...

Continue reading

In the end, @Sidragon1’s Tweet was the problem

At RSA Conference 2015 here in San Francisco, there's a lot of discussion about weaknesses to the electrical and wifi systems aboard airplanes. The discussion often turns to the case of hacker Chris Roberts (@Sidragon1 on Twitter). There's been a lot of strong reaction to news of Roberts being pulled from a plane for jokingly tweeting that he might mess around with the plane's electronic systems. There's a lot of overreaction ...

Continue reading

RSA Parties 2015

Nothing like waiting until the very last minute to post an RSA Parties 2015 list. Day jobs + kids = you get the idea. That being said, I'm happy to note that Akamai Technologies (my day job) will be hosting a party this year in conjunction with AT&T. Be sure to come out and meet @csoandy, @billbrenner70, @mckeay and myself @gattaca. Now, this is a simple curated RSA Parties 2015 list but, if ...

Continue reading

Reflections

I find myself sitting in a hotel room in some random city this evening with a glass of wine, several open powerpoint decks and Family Guy on the television. A moment of reflection if ever there was one. It occurs to me that Liquidmatrix just had it’s 17th birthday in February. That is a helluva long time for a website of any description. It has been a lot of ...

Continue reading

A Failed Hacker Unmasking Exercise

"A ridiculous article which purports to show us the face of a hacker..." -- Chris Wysopal, CTO of Veracode, in a tweet The ability of media outlets to create sophisticated images and graphics is light years beyond what it was when I was a young journalist in the 1990s. The technology has spawned a lot of cool projects, like this visual of a botnet from my former employer, CSOonline.com. ...

Continue reading

Bad Anti-Hacking Laws: We Can Educate the Public

There's much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week. The alarm is justified. What he proposes, as my friend Rob Graham (@ErrataRob) wrote in this important post, "are blunt political solutions which reflect no technical understanding of the problem." Obama's proposed anti-hacking laws are designed to arm companies with legal protections for sharing information ...

Continue reading

Microsoft Wrong to Cancel Patch Alerts

For the last few years I've been praising Microsoft for taking great strides to improve security. This morning, I'm tempted to take it all back. For the last decade, Microsoft has issued advance notifications the Thursday before each security patch release. It's been a valuable service, helping IT security practitioners to be better prepared. Yesterday, the software giant announced it was ending the service, claiming that not enough people are ...

Continue reading

UPnP Devices Used in DDoS Attacks

Attackers are using Universal Plug and Play (UPnP) devices to launch massive DDoS assaults, Akamai's Prolexic Security Engineering & Research Team (PLXsert) warned this morning in an advisory. PLXsert estimates that 4.1 million UPnP devices are potentially vulnerable to exploits used for reflection DDoS attacks. That's about 38 percent of the 11 million devices in use around the world. PLXsert plans to share the list of potentially exploitable devices to members of the ...

Continue reading

Data Breach Victims or Enablers?

Back in May,  my good friend Eric Cowperthwaite caused a stir with a blog post about security breach victims getting demonized for failing to prevent break-ins. Other industry friends passionately disagreed. My thinking on the matter continues to evolve. But as is usually the case, my thinking takes me to the middle. Companies that suffer a breach -- Home Depot and Target have been among this year's biggest poster children ...

Continue reading

After 9-11, Fear Made Us Stupid

Included in all the tweets and Facebook postings about the 13th anniversary of 9-11 yesterday was this from friend and co-worker Martin McKeay: Never forget 9/11 and terrorism. But don't forget how many rights have been taken from us in the name of fighting terrorism. He's got that right. There's been plenty of outrage in recent years over the U.S. government running wild, violating our privacy in the name of ...

Continue reading