My Writing

• Social Engineering The Targeted Attack Potential of Vanity Web Searches
  Vanity web searches create targeted attack opportunities. Attackers can create pages with a target's name, wait for Google indexing, then add malware knowing the person will visit when alerts...
• Risk Management Cyber Warfare Encompasses Only Some Security Concerns
  Cyberwar discussions focus on mega breaches, but thousands of small breaches occur hourly and may exceed economic losses of high-profile incidents. Military cyber capabilities don't help civilian...
• Risk Management Shrinking vs. Slicing the Pie of Online and Computer Crime
  Most security defenses "slice the pie"—making your target less attractive shifts attackers elsewhere without reducing overall crime. "Shrinking the pie" requires disrupting the ecosystem: stronger...
• Web Security Tracking Known Malicious Websites by ETag Identifiers
  HTTP ETags can track malicious websites even when attackers rotate domain names for the same malicious server. CompuCom found a single ETag associated with malware that could filter 12 domains and...
• Risk Management The Role of Rituals in Information Security
  Security practices often function as rituals—painstaking steps we follow out of habit that provide a sense of control. Rituals reduce stress by overloading working memory, blocking intrusive...
• Incident Response Discover Whether a Company Was Hacked - New Service