News
News
News
Quick Hits
Commentary
Commentary
News
News
News
News
Commentary
Quick Hits
News
Commentary
News
News
Quick Hits
News
News
As I point out in the intro to my last book, Securing Systems, the first standards reference to design-time security requirements that I managed to find was NIST 800-14, 1996! My chapter in Core Software Security describes...
In reply to: Design-time Security Engagement: Still Coming
As bad as these out-of-sequence execution vulnerabilities are (and might prove to be), we saw more than enough monsterously bad cybersecurity breaches in 2017 - without the help of Meltdown, Spectre or any follow-on scenarios. We...
In reply to: Still just vulnerabilities
lbert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient...
In reply to: Feshop2017 Criminal Hackers, Carders forums, Dumps and Fullz CVV, and Identity Theft
Thank you for your comment. I do agree with you, these points you clearly articulate are valid and must be taken into consideration for developing any meaningful and workable policies or regulations. While some discovered...
In reply to: Re: Software == Bugs
Well, there were different mentions from different blogs. Can you please tell me where did you found those sentences at?
In reply to: IG followers for Apple's?">Re: ...and what about IG followers for Apple's?
Yup BIOS updates have been a mostly ignored / de-prioritized security risk. Some new security companies such as Eclypsium are working on BIOS integrity and version reporting & updating for enterprises.
In reply to: Re: Another thing to consider
Don't be too hard - after all most EVERYTHING is on a Windows platform to start with. However nice and wonderful Ubuntu and Linux are ... percentage is always windows, the curse we have to live with.
In reply to: Re: Which "Kernel"? PUT TARGET PLATFORM FRONT AND CENTER
The Turing Proof has not yet fallen. Short summary: an automated process cannot prove that an automated process is correct. IOW, software can be proven to have errors, but not proven to be absolutely correct. That means...
In reply to: Software == Bugs
Fortunately most BIOS updates are now operating system - installable items. I remember the dead, long dead days of Compaq Deskpro with 3.5" floppy disk updates and heaven forbid you interrupt the BIOS load --- dead...
In reply to: Re: Another thing to consider
The Year in Security: 2017A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.