security theater

On Microsoft’s Lousy Cloud Security

| | cloud computing, Cybersecurity, Microsoft, national security policy, security theater, Uncategorized
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security ...
Schneier on Security
vulnerability, patch, Cisco, flaw, patch, vulnerabilities, Cato, patch, automation, patch management, Action1 patching cyberattacks JumpCloud patching

The CVE Treadmill: Why You Can’t Patch Your Way to Security 

| | AI-generated code security, Attack Surface Reduction, Behavioral Security, Breach Prevention, CISO strategy, CVE prioritization, CVE treadmill, cybersecurity patching, exploitability, legacy software risk, modern vulnerability management, patch management, pre-CVE exploitation, Red Team validation, Runtime Visibility, security operations, security theater, threat intelligence limitations, Vulnerability Management, zero-day exploitation
Patching alone no longer stops breaches. Learn why CVE-based vulnerability management is failing and how runtime visibility reveals what’s truly exploitable in your environment ...
Security Boulevard

Rational Astrologies and Security

| | Cybersecurity, psychology of security, security theater, Uncategorized
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own ...
Schneier on Security
Finally! Windows to Block Password Guessing — by Default

Finally! Windows to Block Password Guessing — by Default

| | access management, brute-force attacks, iam, identity and access management, Microsoft, policy, rdp bruteforce, SB Blogwatch, security theater, Windows, You know what else blocks RDP brute-force attacks by default? Closing port 3389
Brute-force guessing of Windows credentials is a common entry point for hackers. After 27 years, Microsoft is finally fixing the dumb default that allows it ...
Security Boulevard

Why Vaccine Cards Are So Easily Forged

| | cheating, COVID-19, essays, forgery, security theater, Uncategorized, Vulnerabilities
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose ...
Schneier on Security
More Musings on Reverse Security Theater and “Security Signalling”

More Musings on Reverse Security Theater and “Security Signalling”

| | Compliance, Cybersecurity, security, security theater
“Security theater” (a term widely attributed to Bruce Schneier) “refers to security measures that make people feel more secure without doing anything to actually improve their security.” This concept essentially denotes fake, ...
Stories by Anton Chuvakin on Medium
humanoid, robot, AI, cybersecurity, ChatGPT copyright robots continuous intelligence

Trust Nothing if You Want Real Security

| | ethical hacking, Freaky Clown, security, security theater, Trust, white hat
As I looked over the schedule for Check Point’s CPX 360 conference, one keynote session jumped out at me, not because of the topic but because of the name of the presenter: ...
Security Boulevard