My Writing
- Incident Response Asymmetry of People's Time When Handling Major Security Incidents Organizations without mature incident response programs overreact to breaches—calling all-hands meetings, micromanaging tasks, demanding night-and-day work—spending disproportionate time compared to...
- Malware 6 Ideas for a Protean Information Security Architecture Protean security architecture uses deception to complicate attackers' jobs asymmetrically—opening fake ports redirected to honeypots, deploying honeytokens mimicking applications, using DNS...
- Malware Malvertising: Dealing With Malicious Ads - Who and How? Ad networks could validate advertisers, research domain registrations, and examine Flash ads for malicious logic—but practices are ineffective or ignored. One organization reduced malware infections...
- Malware Malvertising: How Malicious Ads Are Deployed Attackers deploy malvertisements by compromising ad network infrastructure or by impersonating agencies representing legitimate clients. They sound professional, pay for campaigns, and sometimes...
- Malware Malvertising: How Malicious Ad Campaigns Are Protected Attackers protect malvertising campaigns by obfuscating JavaScript and ActionScript code and timing attacks for weekends when ad network staff aren't working. Malicious logic activates after...
- Malware Malvertising: The Mechanics of Malicious Ads Malicious ads redirect victims through chains of domains to exploit kits or social engineering sites. Flash-based ads embed ActionScript logic that can decide when and whom to attack, evade detection...