Crimson Vista Company Move

July 1 2019 - Crimson Vista, Inc., is pleased to announce that it has relocated from Baltimore, Maryland to Austin, Texas. Austin is already an energetic hub of technology and is still rapidly growing. It also enjoys a central location within the United States with equal flight times to New...

Crimson Vista's Seth Nielson to Speak at the Workshop on Defensive Deception and Trust in Autonomy

July 27 2018 - Crimson Vista, a Baltimore-based computer security consulting firm, announced today that the company’s founder and chief scientist, Seth James Nielson, will be speaking at the Workshop on Defensive Deception and Trust in Autonomy being held on August 13-14 in San Diego, CA. Dr. Nielson will be...

Crimson Vista's Caroline Dikibo to Speak at 2018 React Rally

July 25, 2018 - Crimson Vista, a security consulting company, announced today that Caroline Dikibo, associate scientist(in training), will be speaking at the 2018 React Rally. Caroline will present “React(ing) in a Crisis” at the conference, which takes place on August 16-17, 2018 at the Sheraton Salt Lake City Hotel...

Crimson Vista's Seth Nielson to Speak at 2018 Data Architecture Summit

July 20, 2018 - Crimson Vista, a high-tech consulting company, announced today that the company’s founder and chief scientist, Seth James Nielson, will be speaking at the 2018 Data Architecture Summer (DAS). Dr. Nielson will present “A Gentle Introduction to Blockchain” at the conference, which takes place on October 8-11,...

Bad Password? What's the Worst that Could Happen?

In two previous posts, I have been discussing the possibility that although true computer security may not be possible in the most general and widest cases, it could be significantly better with relatively simple solutions. In particular, I propose that we could see massive reduction in computer vulnerabilities by correcting “The...

Securing the Future: More Simple Fixes

In a previous post, I discussed the possibility that, even though there are some seemingly insurmountable problems with computer security in contemporary systems, perhaps the overall state of computer security could be vastly improved by fixing certain simple problems. Maybe there’s no way to efficiently create software that has no...

Securing the Future: Does it start with passwords?

I worry about the future of Computer Security. One of the reasons I worry so much is that the deck always seems to be stacked. The bad guys have a much easier job: they have to find one bug and we have to find them all. They have to figure out...

Security Lessons from an Apartment Building

I really enjoy teaching the Network Security course at Johns Hopkins University. It’s a privilege to work with the students and to spend time thinking about the fundamental principles behind my profession. The best reward of all, though, is when former students send me an email about applying lessons from...

The Increasing Complexity of Computer Security Itself

It is well understood that there is generally an inverse relationship between system complexity and system security. That is, as system complexity increases, system security generally decreases. Complexity manifests itself in a variety of ways, and each introduces its own set of challenges and risks. Consider these three examples. First,...

The Social Security Administration and Security Theater

On August 1st, 2016, Brian Krebs posted an article on his blog about The Social Security Administration (SSA) and their new “two factor” authentication system. It’s definitely worth reading, but I’m going to summarize a few points: The SSA is requiring cell-phone based two-factor authentication on all existing accounts on...

Certificate Pinning: The Unseen Risks

Frédéric Bastiat is famous for his assertion about the difference between good and bad economists. One translation reads: Between a good and a bad economist this constitutes the whole difference - the one takes account of the visible effect; the other takes account both of the effects which are seen,...

BWAIN Damage: Complexity and Functionality Again

Apparently security researchers at Sophos have started using the term BWAIN, or “Bug With An Impressive Name,” to describe bugs that show up in the media with clever handles. For some reason, they believe that the security bugs named “Heartbleed”, “POODLE”, and “LOGAM” represent a new publicity trend. Maybe they do,...

The Social Media Soup

Have you ever wondered how many social media accounts the average person has? As of early 2015, the answer was 5.5. It may be slightly more now, but 5.5 is probably close. Think about the inefficiency of this for a minute. The average person believes they need more than five...

Password Security for Average Users

Did you know that the average user has 19 passwords? The number is probably higher. The cited source is two years old, and the number of online services continues to grow. Moreover, most users have at least one or two devices with default passwords including their routers, entertainment devices, and so...

Security, Utility, and The Future of Computing

What will computing look like in 100 years? Of all the questions that perplex me, the one that concerns me the most is how much of our future computing resources must be wasted on matters of security. And yes, I mean wasted. Consider how much energy goes into not producing or...

Pay No Attenion to the Security Behind the Curtain

Security Theater is almost universally connoted as a negative term. As used by Bruce Schneier, a premier security expert, Security Theater are measures taken that make people feel more secure without actually improving security. He describes, for example, many post 9/11 security measures enforced by the TSA and others in...

The Halting Problem and Formal Verification

Trying to create a secure computer system is a terrible headache. For both theoretical and practical reasons, the odds are rarely in favor of the good guys. As an example of an unhappy theoretical dilemma, it has been known since the 80’s, based on the well-known Halting Problem, that it is...

Computer Security and Zombies III

The real problem is not whether machines think but whether men do. The quotation above, from B. F. Skinner, is one of my favorites1. Within this pithy line lies a universe of questions, debates, and perhaps even unexplored philosophies. For my part, I believe that it also gets to the core...

Computer Security and Zombies, Part II

In my previous blog post, I mused about the concept of a Philosophical Zombie (P-Zombie) in the world of Computer Security. A P-Zombie looks and acts human, but is behaving without intention or sentience. The behavior may be complex, but it lacks free-will. In the security space, where errors are...

Computer Security and Zombies

Sometimes I wish I would have studied Philosophy in college. Philosophers get to study, discuss, and debate cool things like free will, intention, and Zombies. Wait… What? The so-called Philosophical Zombie (P-Zombie) is a hypothetical construct used in certain thought experiments. The basic concept is that the P-Zombie can look and behave...

Could Compromised Become the New Normal

Predicting the future of technology is notoriously difficult. But that doesn’t stop us. No matter how many times our soothsayers are wrong, I predict that we will be reading a good number of “Top 10 [fill in the blank] to expect in 2017.” Predicting prediction is a pretty safe bet....

Over-specialization and Security

Author’s Note: This post goes into more technical “guts” than I usually prefer. For those readers less familiar with computer programming, please skim the first half. Hopefully the punchline at the end will still make sense   I love programming languages. I’ve been studying them for over a decade, and...

Introducing Crimson Vista

It is with no small sense of pleasure that I introduce Crimson Vista Inc., a consulting firm with specialties in computer security, computer networking, and programming languages. Although Crimson has been operational for over a month, we’ve been too busy with clients and projects to get the website up and running....