A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]
BuboWerks just published our Recommended Risk Treatments for Cosmos Hub / Tendermint Validators. In association with that, we are announcing our fixed-price independent security assessments (or audit, if you prefer) for Cosmos Hub / Tendermint Validator operators. Here’s how it works: Download our contract for the work and ensure it meets your approval. Fill out our […]
In a previous post we covered the risk assessment of Cosmos Hub / Tendermint Validators. That opens the question of what should be done to address those risks. When performing risk treatment, you have four general approaches: Risk reduction: Controls are put in place that reduce the likelihood of the risk occurring, or the impact […]
In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]
As I noted in a previous post, we’ve been asked to look into the security aspects of running a Tendermint validator on the Cosmos Hub. In order to assess if the proper controls are in place, we must consider what the salient risks are against a system. There has been a lot of discussion of […]
This post is a bit different than our usual offerings in that it’s not about security — at least not directly. We have been asked to look into some security aspects of the Cosmos Network, which is based on the Tendermint blockchain technology. In order to do so, I wanted to understand what its network […]
There are projected to be 1.5 Million job openings for information security personnel, and that number is expected to more than double over the next four years. Certainly, recruiting and retaining qualified personnel is difficult for any profession. In this article, we’ll take a closer look at the information security job market. Is it as […]
The world has made it past the start of the EU’s General Data Protection Regulation (GDPR) without any major explosions. Much like Y2K, this is undoubtedly because companies were prepared. Everyone has become so peppered over the past few months with notices about privacy policies being updated that it has become the topic of humor […]
We have all heard that the chief impediment to the adoption of cloud services is security. While that is certainly a consideration, organizations (and CISOs in particular, based on anecdotal data) are starting to accept that: Security is just one factor that must be considered, and others such as cost may be larger impediments to […]
If you do a web search for Bubo you may also find the medical definition: enlarged lymph nodes (from Greek). It is certainly a less elegant image than the majestic great horned owl swooping down on its prey. At the same time, it is an accurate description of how many security teams operate today: lymph […]