04.26.2021 | 5'' read
Remembering Dan Kaminsky (1979-2021)
I share some memories of the late Dan Kaminsky, including his generosity to the hacker community and an insistence on empathy for the end user. Plus, some supply chain pain points.
ReadNewsletters
A weekly collection of news, op-ed analysis, tools and resources for cybersecurity practitioners. Curated and edited by Ryan Naraine and sent to your inbox every Monday morning.
Newsletters
Latest
Subscribe newsletter
04.19.2021 | 6'' read
Microsoft should suspend (then rethink) MAPP
Opinion: There's just too much blood in the water for Microsoft to continue operating the MAPP vuln data sharing program under the current structure. At a minimum, Microsoft must immediately suspend the top two tiers -- MAPP Validate and MAPP ANS -- and start rewriting the rules for participation. Plus, a personal note on Eclypsium and sponsorship.
Read04.12.2021 | 6'' read
Sandboxing and that Zoom zero-click exploit chain
My latest piece SecurityWeek piece on the economics (and narrow shelf life) of memory corruption mitigations has kickstarted an active discussion on the future of sandboxing to disrupt the economy of software exploitation. Plus, that Pwn2Own Zoom zero-click exploit chain should scare us all.
Read04.07.2021 | 4'' read
The return of in-person security events
This week, we respond to news that Solarwinds CEO will do a keynote (fireside chat) at next month's RSA Conference and how Black Hat is shaping up as the official return to in-person security events. Plus, three new podcast episodes on a variety of topics.
Read03.29.2021 | 6'' read
On disrupting .gov malware attacks
A major scoop by MIT Technology Review confirms what I've suspected all along -- Google's public flex came long after intense conversations about disruting and outing a "friendly" FEYE counter-terrorism campaign. Plus, a new podcast with Nico Waisman and a surge in firmware attacks.
Read