My Writing

• Malware Analysis Several Malware Analysis Reports to Learn From
  Learning from other analysts' reports is valuable when you can't reverse-engineer malware yourself. Recommended write-ups cover Murofet (file infection, password stealing), Avzhan (DDoS bots), Visal...
• Social Networking Information Security in the World of Social Media
• Cloud Security Risks to Consider When Adopting Cloud Services
  Cloud risks stem from three characteristics: agility (rapidly-changing environments make consistent controls hard), sharing (compromise to one component affects neighbors), and outsourcing (loss of...
• Tools Smells Like Phish: Symantec's Update Norton Internet Security Email
• Authentication Facebook's One-Time Passwords: Why?
  Facebook's OTP feature replaces passwords for public computer logins rather than adding a second factor. It addresses keyloggers on kiosks but not common attack vectors like session cookie theft or...
• Risk Management Risk Management: Objectivist and Subjectivist Approaches
  Objectivists rely purely on historical data to predict risk; subjectivists complement data with judgment about context. A coin flipped by a magician might warrant different probability assessments...