My Writing

• Web Security Tracking Known Malicious Websites by ETag Identifiers
  HTTP ETags can track malicious websites even when attackers rotate domain names for the same malicious server. CompuCom found a single ETag associated with malware that could filter 12 domains and...
• Risk Management The Role of Rituals in Information Security
  Security practices often function as rituals—painstaking steps we follow out of habit that provide a sense of control. Rituals reduce stress by overloading working memory, blocking intrusive...
• Incident Response Discover Whether a Company Was Hacked - New Service
• Tools Analyze Memory of an Infected System With Mandiant's Redline
  Mandiant's free Redline tool triages potentially compromised hosts through live memory analysis, replacing Audit Viewer. It uses Memoryze to capture memory, assigns Malware Risk Index scores using...
• Assessments Security Assessment Testing for Client-Side Vulnerabilities
  Client-side penetration testing mimics real attacks by targeting unpatched desktop software via malicious emails or websites. Three approaches offer increasing intrusiveness: tracking link clicks to...
• Risk Management Herd Behavior in Cybersecurity: The Good and The Bad
  The security industry exhibits herd-like behavior with both benefits and drawbacks. Higher vigilance by some allows others to focus elsewhere—good for collective defense. But anxiety is contagious...