Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]

Processes

Stake Flip Attack

Posted on

In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]

Non-Security

Cosmos / Tendermint Network Architecture

Posted on

This post is a bit different than our usual offerings in that it’s not about security — at least not directly. We have been asked to look into some security aspects of the Cosmos Network, which is based on the Tendermint blockchain technology. In order to do so, I wanted to understand what its network […]

People

The Information Security Job Market

Posted on

There are projected to be 1.5 Million job openings for information security personnel, and that number is expected to more than double over the next four years. Certainly, recruiting and retaining qualified personnel is difficult for any profession. In this article, we’ll take a closer look at the information security job market. Is it as […]

Processes

GDPR Impact on Non-EU Companies

Posted on

The world has made it past the start of the EU’s General Data Protection Regulation (GDPR) without any major explosions. Much like Y2K, this is undoubtedly because companies were prepared. Everyone has become so peppered over the past few months with notices about privacy policies being updated that it has become the topic of humor […]

Processes

High Security SaaS

Posted on

We have all heard that the chief impediment to the adoption of cloud services is security. While that is certainly a consideration, organizations (and CISOs in particular, based on anecdotal data) are starting to accept that: Security is just one factor that must be considered, and others such as cost may be larger impediments to […]

BuboWerks

Other Definition of Bubo

Posted on

If you do a web search for Bubo you may also find the medical definition: enlarged lymph nodes (from Greek). It is certainly a less elegant image than the majestic great horned owl swooping down on its prey. At the same time, it is an accurate description of how many security teams operate today: lymph […]