Now on Github Pages, New RSS Feed Location [phoneboy.org]
For various reasons I decided to move the hosting of this blog to Github Pages. I now have a nice, spiffy new site theme as well. Not that too many people care about that stuff.
The Start of my Information Security Career 20 Years Ago [phoneboy.org]
Update: For those who like to listen to audio instead of read, I recorded a version of this story in podcast form. Back then there was just the guys who ran the servers. Qualix Group. The bottom lin…
Palo Alto Networks Is Evading The Truth [phoneboy.org]
Here’s a summary from A Letter to Palo Alto Networks Employees and Customers: The issue is a little more nuanced than this of course, so I recommend reading the piece by Moti Sagey on LinkedIn.
The Security Impediment [phoneboy.org]
From Chip Cards Take So Long, Some Retailers Disabled Them For The Holidays: It could be that, among other things, retailers are reacting to shoppers’ sentiments. This can happen because:
Bridging The Information Security Gap [phoneboy.org]
You may have noticed a marked increase in the amount of posts I’ve done to this blog lately. Whether you read these ports or not, all these new posts aren’t necessarily an accident. What is it?
Not All Security Vulnerabilities Are Created Equal [phoneboy.org]
From Press Backspace 28 times to own unlucky Grub-by Linux boxes: This Grub bug is one of those things. Ok, so maybe also a serial console might work, too. Which is a far more serious threat.
Turkish Clicker: Another Reason Even Offical App Stores Aren't Guaranteed Free Of Malware [phoneboy.org]
From Turkish Clicker: Check Point Finds New Malware on Google Play The Check Point research team has discovered an extensive malware campaign on the Google Play™ sto…
Third Party Validation Of Security Solutions Now More Important Than Ever [phoneboy.org]
From Living On An Exponential Curve Of Breaches: Are vendors prepared to submit their products to 3rd party testing labs for assurance purposes?
Prevention vs. Detection: It's Not Either Or [phoneboy.org]
From No, Virginia, It Does NOT Mean That!: Sure, you may get the occasional false positive, but is a false negative actually better? It’s still not going to get everything. Disclaimer: Prevention vs.
The Security Industry: Lead By Example [phoneboy.org]
If the security industry itself can’t be bothered to fix security issues in a timely manner, how can we expect customers to apply the patches in a timely manner? Shouldn’t we be leading by example?