Why do we continually blame the “user” for a lack of security awareness? Coming back from one of the most successful information security conferences in quite some time, it was difficult (but not impossible) to find something that needed improvement. I was confused and disappointed in the number of presentations that I attended that made statements to the effect of: • Users are dumb! • We need to tell our users to stop clicking ! • There is no patch for user stupidity! All of [...]

Information security perception is highly dependent on practitioner reputation. If a practitioner is foolish enough to plagiarize or damage the industry, sites like attrition.org are there to label the person as a charlatan. Recently, there were some rumors floating around about infamous, alleged charlatan Gregory D. Evans being unable to attend the major conferences (Black Hat, DEF CON and BSides) in Las Vegas, NV. Some have suggested that there were some financial constraints that prevented this. As I have noted in the past, I question [...]

Interesting article published regarding perceptions of piracy. What say you (besides Arrrrr…..) Piracy has become part and parcel of discussions about media and the internet. And everywhere in online discussion, from the biggest tech blogs to the smallest forum, people seem to have the same basic idea about piracy. Piracy is an evil that stems from entitled people wanting to get things for free. Furthermore, if we could find a way to do away with piracy – with the illicit copying of media using digital [...]

15 posts left… I’ve talked about this a few times over the years during various presentations but I wanted to document it here as well. It’s a concept that I’ve been wrestling with for 7+ years and I don’t think I’ve made any headway in convincing anyone, beyond a few head nods. Bad security isn’t just bad because it allows you to be exploited. It’s also a long term cost center. But more interestingly, even the most worthless security tools can be proven to “work” [...]