Newsletter

Monday blues, 3/1/2021:

I wrote a short piece on my decision to leave Intel Corp. late last year to expand Security Conversations into a full-fledged property focused on telling long-form stories about entrepreneurship, innovation and defense.

Having spent the last decade of my career on the vendor side of the house (at Kaspersky, Bishop Fox and Intel), I’ve seen the gears of defensive innovation grind slowly forward and I want to really share in that “boring, but sexy” excitement with you all.

There are fascinating stories in defense and they’re worth the time to gather and tell them.  Drop a line if you have a suggestion on guests for the podcast or stories for the newsletter. Under-represented folks to the front of the line.

On to the newsletter…

A (fun) peek inside the Apple security garden:

Everyone knows that Apple’s cult-like devotion to secrecy extends well into security.  It’s near impossible to get information out of Cupertino on routine security questions but, on the flip side, the ongoing delivery of the Apple Platform Security Guide (direct PDF) should earn Ivan Krstic and team and pat on the back.

The deep-dive guide is chock-full of defensive news stories and some journalists are starting to highlight the code changes and design principles powering defense on iPhones, iPad and MacOS devices. My pal Rich Mogull’s analysis for TidBITS is superb and you should read it.

If you’ve long been amused bemused by Apple’s counter-productive advertising that there’s no malware on MaOS, the entire section on native MacOS anti-malware capabilities may open some eyes.  They include a rudimentary, always-on Malware Removal Tool, the use of YARA signatures for malware hunting, Gatekeeper and rootkit detection for endpoint protection.

• No formal announcement yet but Uber’s new CISO appears to be Latha Maripuri (formerly NewsCorp).
• Nike’s Jameeka Green Aaron is the new CISO at Auth0.
• Bank of America’s Ally Miller is heading to Reddit take on the CISO role left vacant when Sean Catlett left to be Slack’s chief security officer.
• Caleb Sima (formerly SPI, Bluebox, CapitalOne, Databricks) is the new security chief at Robinood.
• Mike Hanley has left Cisco and is moving to GitHub to run the security operations there.
• Cisco handed the CISO gig to Anthony Grieco.  Brad Arkin also recently joined CISO as SVP, Chief Security and Trust Officer.

• Google Cloud new CISO Phil Venables underlines that “no Google systems were affected by the Solarwinds event” and publishes a paper on its own hardware and supply-chain security checkpoints.
• A fascinating look at how ransomware negotiations go down (PDF) between cybercriminals and desperate business victims.
• NSA on embracing zero -trust (PDF): This data-centric security model allows the concept of least-privileged access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors.  Hoff’s thoughts on zero-trust is also worth following.
• Recorded Future has sights on a Chinese threat actor using malware to India’s power sector amidst border tensions.  Also see this Robert M. Lee thread on the story and claims.
• Google Cloud is giving away the definitive book on building security and reliable systems (PDF).  Read it.

• Endgame is an AWS pen-testing tool that lets you use one-line commands to backdoor an AWS account’s resources with a rogue AWS account.  Hat-tip to podcast guest Sounil Yu for flagging.
• OSV, from Google, is a vulnerability database and triage infrastructure for open-source projects.
• Wazuh is an enterprise-ready security monitoring solution for treat detection, integrity monitoring, incident response and compliance.
• Over at ZDNet, SJVN argues that it’s time for Chromium to stop being a Google-only open-source project.

• ​This October 1972 U.S. Air Force document is the first known mention of memory corruption vulnerabilities. Today;, 50 years later, memory corruption exploitation remains the rage.
• The Libby app allows you to listen to audio books for free through your public library (you’ll need a library card).

Have a fantastic week,

_ryan