Blog

My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.

Misleading Trademark Registration Invoices and Scams

Miscreants are attracted to law-skirting schemes that generate strong revenues without significant ongoing investments. You can observe these characteristics in the trademark registration campaign described below. It seems to have been active for at least a decade and spans Texas, Delaware, Washington and the Principality of Liechtenstein. This is a manifestation of the broader set of fake invoice scams, such is the website…

Read more

How to Send Customer Emails That Don’t Look Like Phishing

Businesses need a way to contact customers in a reliable manner that’s convenient for the recipient. Email is the obvious channel for such messages due to its ubiquity. However, this method presents many security challenges, as illustrated below. While it’s easy to highlight the vulnerabilities in these messages, it’s hard to offer constructive advice for a communications approach that strikes the right…

Read more

How Would You Detect and Impede Ransomware on an Endpoint?

Malware that encrypts and holds files at ransom can have devastating effects on personal documents, customer data and business operations. If you were designing software that could detect and impede such ransomware, what techniques would you use to safeguard the endpoint? Accomplishing this could involve observing the behavior of the programs running on the system to spot ransomware-like activity or employing deception to encourage…

Read more

Run Metasploit Framework as a Docker Container Without Installation Pains

Metasploit Framework is a powerful open source tool for penetration testing. Whether you’re looking to use it for work or are merely interested in experimenting with it, you can run Metasploit Framework in a Docker container without having to deal with the pain of installing the code and its dependencies. The Docker image “remnux/metasploit” is available as part of…

Read more

A Product Management Framework for Creating Security Products

Established enterprises as well as startups have much to consider when deciding how to build and launch a security solution that makes sense for their business and customers. While you can employ a variety of formal tech strategy frameworks, the following lightweight approach offers a reasonable starting point for defining security product plans by posing several fundamental questions. This common…

Read more

How to Share Malware Samples With Other Researchers

Malware analysts often need to share samples with each other. This might involve sending malicious files as password-protected email attachments or providing a link where the specimen might be downloaded. Because of the risks and the associated security precautions, sharing malicious program artifacts with other researchers can be tricky. Below are some considerations for engaging in such activities. See the end of…

Read more

First Impression Tips for Security Startups

First impressions matter for people as well as companies. When a security a startup courts customers or partners, it can easily miss the precious few opportunities to set the right tone for subsequent discussions. Having been on the receiving end of a fair number of security startup pitches as a potential customer and business partner, I’d like to share a few…

Read more

Information Security Measures Commensurate With Risky Behavior

The tighter you lock down the system, the more burdensome it will be to use and maintain. After all, every security measure adds overhead and increases the likelihood that a false positive will hinder a legitimate transaction. One way to strike a balance between security and usability might be to apply safeguards selectively, deploying them in proportion to the risk that the person’s behavior poses to…

Read more

Questions for Endpoint Security Startups

Much of the fight for access to sensitive data in the enterprise happens on endpoints. Innovative technologies for defending such systems often originate from startups, which seek to detect, resist and sometimes deceive intruders and their malware. Consider asking—and answering—the following questions to assess the business model of endpoint security startups to make informed purchasing, investing or other strategic decisions related to this segment. Relationship to Antivirus Traditional…

Read more