Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Cybercrime

The “Patch and Pray” Approach to Cybersecurity

– On the front page of The New York Times of August 6, 2014, Nicole Perlroth and David Gelles published an article “Russian Hackers Steal Passwords of Billion Users: Data Still Vulnerable – 420,000 Sites, Big and Small, Were Targets, Firm Says.” Usually I wait a week to two or even a month or…

Snowden’s Unknown Cache

– While it was not entirely unexpected, it did come as a shock to read that the National Security Agency (NSA) may never know the full extent of the information that Booz Allan contractor Edward Snowden stole. In a front page article in The New York Times of December 15, 2013, with the title…

Confirmation of NSA IAM Deficiencies

– I read an article by Neil McAllister in The Register of August 30, 2013 confirming many of the suppositions that I made in my July 1, 2013 BlogInfoSec column “NSA: IAM … What IAM?” The article “NSA: NOBODY could stop Snowden—he was a SYSADMIN: Virtually unfettered access blew…

USG Enamored of Hackers

– Why is it that the U.S. Government not only wants to hire hackers but brags about it? And then, why are they surprised when the strategy backfires as it seemingly did with Edward J. Snowden? Christopher Drew and Scott Shane wrote an article “Résumé Shows Leaker Honed Hacking Skills” for the…

NSA: IAM … What IAM?

– Update: It has been several weeks since the Snowden leaks and, at time of writing, his every move, real and virtual, is being tracked by the media. While Snowden having access to top-secret information was mentioned briefly, as noted in this column, it wasn’t until weeks after the leaks (and…