In a previous post we covered the risk assessment of Cosmos Hub / Tendermint Validators. That opens the question of what should be done to address those risks. When performing risk treatment, you have four general approaches: Risk reduction: Controls are put in place that reduce the likelihood of the risk occurring, or the impact […]
In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]
As I noted in a previous post, we’ve been asked to look into the security aspects of running a Tendermint validator on the Cosmos Hub. In order to assess if the proper controls are in place, we must consider what the salient risks are against a system. There has been a lot of discussion of […]
This post is a bit different than our usual offerings in that it’s not about security — at least not directly. We have been asked to look into some security aspects of the Cosmos Network, which is based on the Tendermint blockchain technology. In order to do so, I wanted to understand what its network […]
There are projected to be 1.5 Million job openings for information security personnel, and that number is expected to more than double over the next four years. Certainly, recruiting and retaining qualified personnel is difficult for any profession. In this article, we’ll take a closer look at the information security job market. Is it as […]
The world has made it past the start of the EU’s General Data Protection Regulation (GDPR) without any major explosions. Much like Y2K, this is undoubtedly because companies were prepared. Everyone has become so peppered over the past few months with notices about privacy policies being updated that it has become the topic of humor […]
We have all heard that the chief impediment to the adoption of cloud services is security. While that is certainly a consideration, organizations (and CISOs in particular, based on anecdotal data) are starting to accept that: Security is just one factor that must be considered, and others such as cost may be larger impediments to […]
If you do a web search for Bubo you may also find the medical definition: enlarged lymph nodes (from Greek). It is certainly a less elegant image than the majestic great horned owl swooping down on its prey. At the same time, it is an accurate description of how many security teams operate today: lymph […]
Why choose BuboWerks for help with your information security needs? BuboWerks was started to more effectively address the pains in your security program (or lack of a security program). We are able to do this through five key differentiators: Expertise across security programs Experience across organization types Ability to build solutions from inception through implementation […]
One of our partners recently asked me what I thought of Bro — was it something I would recommend setting up for one of his clients? If you’ve used Bro before, this is probably a no-brainer, but for many folks — even ones with deep infosec experience — Bro can be a little confusing. In […]