Thinking Security: Are You Being “Smart”?

This is the 42nd blog in a series about security and how security is about how you think. Many homes have received an upgrade lately with additional devices boughtor received – new “smart” TVs, “smart” phones, “smart” virtual assistants and even “smart” locks and garage doors, which allow you to control who can come into…

Read on...

Thinking Security: RSA Conference 2020

This is a special blog about the RSA 2020 Conference. The IT security world met again in San Francisco in February at the RSA Conference 2020. The Coronavirus (COVID-19) impacted this year’s conference, with several vendors and many delegates choosing not to attend. Even through that, the conference was huge and diverse and excellent as…

Read on...

Thinking security: Vulnerability Doctor, Stat!

This is the 36th blog in a series about security and how security is about how you think. Many thanks to my colleagues Ritva Kangasperko and Dr. Glen Newton for their contributions to this blog. We’ve all seen this scene on TV medical drama shows – the ambulance pulls up to the emergency room door,…

Read on...

Thinking Security – RSA Conference 2018

This is the 35th blog in a series about security and how security is about how you think. This blog is about RSA Conference 2018 – “where the world talks security.” It’s the annual meeting of the IT security community, held this year in mid-April at the Moscone Convention Center in San Francisco. For me,…

Read on...

Thinking Security: Oh, Oracle What Do You See?

This is the 34th blog in a series about security and how security is about how you think. Recently, I’ve been looking into the ROBOT attack against the TLS (formerly known as SSL) protocol. It’s a unique theoretical attack that tries to gain information about the server’s private key through a brute-force attack against a…

Read on...

Thinking security: What should I say?

This is the 33rd blog in a series about security and how security is about how you think. The Internet is a massive computer network. It is also a huge storage vault of everything that has ever been said, posted, snapped, tweeted and blogged. If you need to find out something, many search engines can…

Read on...

Thinking Security: So, What Happened?

This is the 32nd blog in a series about security and how security is about how you think. One of the characteristics of an engineer is a natural curiosity about how things work. Security practitioners are the same way. They want to know what happened and how. Engineers need to understand exactly how something is…

Read on...

Thinking security: Is security all about cryptography?

This is the 31st blog in a series about security and how security is about how you think. Thanks to Dr. Glen Newton and Jason Schultz for the OS 2200 insight used in this blog. I recently had the opportunity to talk with a high school senior who was interested in computer security. He said…

Read on...

Thinking Security: What Could Possibly Go Wrong?

This is the 30th blog in a series about security and how security is about how you think. We’ve all done it – clicked on a link, opened up an attachment, typed in sensitive information to a website. What could possibly go wrong? A number of things could go wrong – the link could be…

Read on...

Thinking Security: Thinking Or Not Thinking Security

This is the 29th blog in a series about security and how security is about how you think. The major theme of this blog has been the security mindset and how we “think” security. But when do we do we “think security”? If we’re good at it, we’re always thinking security. One of my favorite…

Read on...