Wendy Nather - How Google turned me into my mother: the proxy paradox in security

How Google turned me into my mother.

|
We are facing a big problem, one that's hidden behind the more prominent issues of cybercrime, encryption wars, and vulnerability disclosure. It's endemic to our digital infrastructure, and it's going to get worse over time. And it's so complex that I'm not sure I can do it justice in a ... Read More

A matter of taste.

|
I've figured it out: The word "cyber" is like garlic.For most palates, just a bit of cyber in anything is enough. It makes it all a bit more interesting.Some people love cyber so much that they put it in everything, in massive amounts (chicken with 40 cloves of cyber, for ... Read More

Why the airplane analogy doesn’t fly.

|
Don't get me wrong — I love Trey Ford. He is one of the most inspiring infosec pros I know. He's smart, creative, full of mind-blowing ideas, and has energy to spare. And I love his talk at SecTor about what we can learn about information sharing from the aviation ... Read More

When your risk profile is different.

|
Ready for some (more) unfounded speculation?Both people and organizations tend to want to keep their data within a circle of trust; it's why there has been (and continues to be) resistance to putting sensitive data in the cloud. It's a function of human nature to keep things close -- which ... Read More

Lessons in grown-up security.

|
Okay, so for the sake of those who can't say anything, I feel I have to say something.Remember how much you hate people talking about things they don't understand? So do I. And let's face it: if you're not on the inside of an organization, you don't know 100% of ... Read More

Achievement unlocked?

|
This week was Hell Week for analysts, otherwise known as Meet All The People, Inspect All The Things, otherwise known as the RSA Conference. Everything was going as expected: I made it through all the speaking engagements (at least one a day this time), spent a little time on the ... Read More

Looking logically at legislation.

|
There's a lot of fuss around the recent White House proposal to amend the Computer Fraud and Abuse Act, and some level-headed analysis of it. There's also a lot of defensive and emotional reaction to it ("ZOMG we're going to be illegal!").First of all, everyone take a deep breath. The ... Read More

Depends.

|
I've always had a problem with compliance, for a very simple reason: compliance is generally a binary state, whereas the real world is not. Nobody wants to hear that you're a "little bit compliant," and yet that's what most of us are.Compliance surveys generally contain questions like this:Q. Do you ... Read More

Shock treatment.

|
Another day, another bug ... although this one is pretty juicy. One of the most accessible primers on the Bash Bug is on Troy Hunt's blog.As many are explaining, one of the biggest problems with this #shellshock vulnerability is that it's in part of the Unix and Linux operating systems ... Read More

A tenuous grasp on reality.

|
"Don't blog while angry," they say. Well, it's too late now.One thing that has bothered me for years is the tendency for security recommendations to lean towards the hypothetical or the ideal. Yes, many of them are absolutely correct, and they make a lot of sense. However, they assume that ... Read More
Loading...