NSA and FBI Take Different Paths for Cybersecurity

When NSA security researchers learned that the methods used by Microsoft Windows 10 machines to examine digitally signed code (like that used to install patches) had a vulnerability which would have allowed the Agency to slip in malware, they had to debate the best method of protecting the nation. On the one hand, they could…

Details

Update on Iowa

Yesterday, I wrote about two employees of CoalFire who were arrested for performing a physical pen test of various courthouses in Iowa. The article focused on the need to have a well-defined Statement of Work and contract. Well, guess what. The State of Iowa Judicial Branch released exactly these documents. And guess what? Page 12 of the…

Details

Data Privacy – I Do Not Think That Word Means What You Think it Means

On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…

Details

Security status unknown

Do CEOs and Boards have any idea what the company’s cybersecurity status is? Cybersecurity and privacy compliance should be a top priority of the Board of Directors and senior management of any publicly traded company, right? Not so fast, kemo sabe. The problem is, everyone thinks that their problems, their issues, their topics should be…

Details

All’s Fair in Love and Cyberwar

Von Clausewitz said that war is diplomacy by other means. If that’s true, then litigation — particularly divorce and custody litigation is war by other means.  And in war, there are casualties. In modern custody and divorce litigation, one of the casualties is cybersecurity and privacy. And the courts don’t seem to care. At all.…

Details

Till Hacks Do Us Part

As a former prosecutor and defense counsel, I was often asked how I could handle dealing with criminals.  I explained that the difference between criminal law and family law was that in criminal law, you were dealing with bad people at their best. In family law, you are dealing with good people at their worst. A…

Details