Peter Neumann said, “Security is a set of end-to-end total-system emergent properties,” and “Strength in Depth is desirable, but we have Weakness in Depth.” He quotes Einstein — “Everything should be made as simple as possible, but no simpler” — and warns that oversimplifying security leads to flaws. Read More
Tag: cybersecurity
Origin of Protective DNS and RPZ
The Architectural Evolution of Protective DNS: From Academic Prototyping to Global Security Standard The historical trajectory of the Domain Name System (DNS) has transitioned from a rudimentary directory service into the fundamental control plane of modern internet security. This transformation was neither accidental nor purely market-driven; it was the result of a protracted conflict between Read More
FAQ – Which Shadowserver Reports list CVEs
FAQ – Which Shadowserver Reports list CVEs? Many people frequently ask how Shadowserver includes CVEs (Common Vulnerabilities and Exposures) in its reports. Currently, there are over 140 reports published, with more on the way. The Shadowserver Alliance is active, working together to support the Shadowserver initiative and develop new report types. It’s a logical question Read More
Thank you for knocking on my LinkedIn door …
Thank you for the warm invitation to connect via LinkedIn! You are now following my profile. This will benefit anyone interested in the growth of the Internet, the resiliency of our infrastructure, and our digital safety. You’re welcome to follow me on my other social channels. That will allow you access to all my security,
Is ASEAN Ready for Serious Cybersecurity?
No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More
Perhaps it is time to admit that the ladder is on the wrong wall
I’m reading Paul Vixie’s Magical Thinking in Internet Security. I 100% agree with everything Paul is pointing out. We’ve had many conversations about these challenges in the past. But I’m now at a point where I’m looking in the mirror and realizing what we’re doing might be the wrong approach. I’m exasperated at the persistent Read More
Cyberwarfare is here; now what?
Cyberwarfare activities were always on the Internet. STUXNET, Google Aurora, and many other attacks were a fact of life. We had cyber attacks when Yugoslavia broke up. We have constant attacks in the Middle East. Cyberwar was part of a security practitioner’s threat model from the late ‘80s until the early 2000s. Then, cybercrime started Read More
Hybrid Warfare Lessons from Ukraine – Though Provoking
Hybrid warfare is a global reality. The global supply chain means that any war will have cyber-attacks happening everywhere along the supply chain. In this holiday “Security Catchup,” list John Deni facilitates, Vishwa Padigepati, Dr. Sarah J. Lohmann, & Vytautas Butrimas in their report – What Ukraine Taught NATO about Hybrid Warfare. Get a cup Read More
Why is an “APRICOT” critical to Asia/Pacific Internet Operations?
There is one conference where Asia & Pacific Critical people resources meet to maintain the operational relationships critical to the success of the Internet. Are you going to Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT)? People glue together the Internet and Telecom. People who meet, collaborate, and work with each other to keep Read More
Get Started in the Security Industry
Get started in the Security Industry, What are my first steps? If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos, Read More