Back to all posts
Posts tagged with "security"
30 May 2020
June 10, 2020 - The last few weeks have seen caution and uncertainty as areas around the globe move to lift coronavirus-related lockdown restrictions. Restrictions have varied between regions, and reopening measures are carefully crafted to include safety measure meant to reduce the risk of infection. For example, many grocery...
15 May 2020
May 15, 2020 - CISA, the FBI, and the broader US Government released guidance along with their findings from a study into exploits seen in the wild. At Crimson Vista, we were interested to see that the most exploited technology is still vulnerable from an 8 year old CVE. Although...
20 March 2020
February 28, 2020 - We hope this post finds everyone safe and healthy. As is the case for many of you, our plans for the next few months have shifted. Although we are bummed to not be teaching workshops at upcoming conferences as planned, we are ready to focus extra...
12 February 2020
February 12, 2020 - This week, the Space Foundation hosted their annual State of Space event. I haven’t attended previously, but was able to register for a seat thanks to the recommendation of a business connection that loves Space. The event was hosted at The National Press Club in Washington,...
22 January 2020
January 22, 2020 - Earlier this month, the Real World Crypto(graphy) conference took place at Colombia University in New York City. The RWC conference is a collection of presentations where cryptography meets industry, so much of the content is tangible and attracts engineers as much as it does researchers. This...
9 December 2019
December 9 2019 - Last month, we received an email at our info@crimsonvista.com address offering to help us with our password strength. We get lots of emails, some spam, some not, but most require a little investigation before we decide to engage or not. Any guesses as to whether this...
26 September 2016
I worry about the future of Computer Security. One of the reasons I worry so much is that the deck always seems to be stacked. The bad guys have a much easier job: they have to find one bug and we have to find them all. They have to figure out...
6 September 2016
I really enjoy teaching the Network Security course at Johns Hopkins University. It’s a privilege to work with the students and to spend time thinking about the fundamental principles behind my profession. The best reward of all, though, is when former students send me an email about applying lessons from...
29 August 2016
It is well understood that there is generally an inverse relationship between system complexity and system security. That is, as system complexity increases, system security generally decreases. Complexity manifests itself in a variety of ways, and each introduces its own set of challenges and risks. Consider these three examples. First,...
8 August 2016
On August 1st, 2016, Brian Krebs posted an article on his blog about The Social Security Administration (SSA) and their new “two factor” authentication system. It’s definitely worth reading, but I’m going to summarize a few points: The SSA is requiring cell-phone based two-factor authentication on all existing accounts on...
1 August 2016
Frédéric Bastiat is famous for his assertion about the difference between good and bad economists. One translation reads: Between a good and a bad economist this constitutes the whole difference - the one takes account of the visible effect; the other takes account both of the effects which are seen,...
25 July 2016
Apparently security researchers at Sophos have started using the term BWAIN, or “Bug With An Impressive Name,” to describe bugs that show up in the media with clever handles. For some reason, they believe that the security bugs named “Heartbleed”, “POODLE”, and “LOGAM” represent a new publicity trend. Maybe they do,...
11 July 2016
Did you know that the average user has 19 passwords? The number is probably higher. The cited source is two years old, and the number of online services continues to grow. Moreover, most users have at least one or two devices with default passwords including their routers, entertainment devices, and so...
5 July 2016
What will computing look like in 100 years? Of all the questions that perplex me, the one that concerns me the most is how much of our future computing resources must be wasted on matters of security. And yes, I mean wasted. Consider how much energy goes into not producing or...
25 June 2016
Security Theater is almost universally connoted as a negative term. As used by Bruce Schneier, a premier security expert, Security Theater are measures taken that make people feel more secure without actually improving security. He describes, for example, many post 9/11 security measures enforced by the TSA and others in...
20 June 2016
Trying to create a secure computer system is a terrible headache. For both theoretical and practical reasons, the odds are rarely in favor of the good guys. As an example of an unhappy theoretical dilemma, it has been known since the 80’s, based on the well-known Halting Problem, that it is...
13 June 2016
The real problem is not whether machines think but whether men do. The quotation above, from B. F. Skinner, is one of my favorites1. Within this pithy line lies a universe of questions, debates, and perhaps even unexplored philosophies. For my part, I believe that it also gets to the core...
2 June 2016
In my previous blog post, I mused about the concept of a Philosophical Zombie (P-Zombie) in the world of Computer Security. A P-Zombie looks and acts human, but is behaving without intention or sentience. The behavior may be complex, but it lacks free-will. In the security space, where errors are...
23 May 2016
Sometimes I wish I would have studied Philosophy in college. Philosophers get to study, discuss, and debate cool things like free will, intention, and Zombies. Wait… What? The so-called Philosophical Zombie (P-Zombie) is a hypothetical construct used in certain thought experiments. The basic concept is that the P-Zombie can look and behave...
3 May 2016
Predicting the future of technology is notoriously difficult. But that doesn’t stop us. No matter how many times our soothsayers are wrong, I predict that we will be reading a good number of “Top 10 [fill in the blank] to expect in 2017.” Predicting prediction is a pretty safe bet....
26 April 2016
Author’s Note: This post goes into more technical “guts” than I usually prefer. For those readers less familiar with computer programming, please skim the first half. Hopefully the punchline at the end will still make sense I love programming languages. I’ve been studying them for over a decade, and...