On Privacy Nihilism

On the feeling of futility and the importance of action.

Security Is a Shell Game

Whose CVE Is It Anyway?

Trojan Source and Why It Matters

Win by Building for Failure

1Password 8 Early Access: Security, Comments, & FAQs

On Apple, Privacy, and Device Control

Declaring War on Ransomware

On Automatic Updates and Supply Chain Attacks

LinkedIn: The Breach That Isn't but Is

Crew Resource Management for Security Teams

Best Practices vs Inane Practices

Proposal: Association of Security Researchers

The (Questionable) Future of YAWAST

Developers, Developers, Developers

Dezinformatsiya

Book Review: Active Measures

Checklist: Starting a Security Consulting Firm

YAWAST: News & Mission

Utilitarian Nightmare: Offensive Security Tools

Insane Ideas: Blockchain-Based Automated Investment System

YAWAST v0.7 Released

TLS: 64bit-ish Serial Numbers & Mass Revocation

Bitcoin is a Cult

Exploiting the Jackson RCE: CVE-2017-7525

Breaking the NemucodAES Ransomware

Confide, Screenshots, and Imaginary Threats

Shadow Brokers, Equation Group, Oh My…

Looking for value in EV Certificates

On the need for an open Security Journal

TLS Certificates from the Top Million Sites

Ruby + GCM Nonce Reuse: When your language sets you up to fail…

Testing for SWEET32 with YAWAST

Simple Messaging and Identity Management Protocol (SMIMP) - Final Version

Developers: Placing Trust in Strangers

Threat Modeling for Applications

When Hashing isn’t Hashing

Seamless Phishing

PL/SQL Developer: HTTP to Command Execution

Crypto Crisis: Fear over Freedom

PL/SQL Developer: Nonexistent Encryption

Battle Fronts in the Crypto War

Juniper, Backdoors, and Code Reviews

Dovestones Software AD Self Password Reset (CVE-2015-8267)

Much ado about Juniper

The Manifesto

The Door to Nowhere

Responsible Disclosure Is Wrong

Making BSides Knoxville

Crypto Front Door: Everyone Welcome!

The Evolution of Paranoia

Irrational Attribution: APT3.14159

Speaking at SC Magazine Congress

On NSA-Proof Security

A backdoor by any other name…

On The Ethics of BadUSB

Making BadUSB Work For You – DerbyCon

SMIMP at the DEFCON Crypto Village

On Strong Identity Management

Jumping through hoops…

SMIMP - The Design Goals

Introducing SMIMP

The Sinking Ship of E-Mail Security

phpMyID: Fixing Abandoned OSS Software

Security By Buzzword – Why I don’t support Ensafer

On Opportunistic Encryption

VICIDIAL: Multiple Vulnerabilities

Worried about the NSA? Try AES-512!

Crypto, the NSA, and Broken Trust

Making Android NSA-Proof

Is moving offshore really crazy?

Hash Storage: Make Attackers Work

Cryptocat: What is the measure…

Do one thing right…

OPSEC, The NSA, and You

Password Hashing: No Silver Bullets

The WikiLeaks We Deserve

1Password, PBKDF2, & Implementation Flaws

Security Done Wrong: Leaky FTP Server

First, Do No Harm: Developers & Bad APIs

Evernote: Doing it (mostly) right

Netgear Admin Password Disclosure

UPEK Windows Password Decryption

Yahoo’s Associated Content Hacked?

Assange, Ecuador, and the Cyberarmy

Snapchat: API & Security

Slipping Past LastPass

MiniPwner

Gpg4win & IDEA

My 5 minutes of infamy

IIN (BIN) Database

Poking Mykonos

Google Chrome Leaking Credit Card Data?

OpenID: ID of The Future?

A Secure Mentality

Dynamic Social Media Images for Hugo

Developer Tools & Productivity

Whose CVE Is It Anyway?

Trojan Source and Why It Matters

Insane Ideas: NFT the Stars

Generating Content Stats for Hugo

Producing useful insight into your content

Hugo & Content-Based Related Content

Win by Building for Failure

1Password 8 Early Access: Security, Comments, & FAQs

On Automatic Updates and Supply Chain Attacks

Insane Ideas: Stock in People

Developers, Developers, Developers

Insane Ideas: Blockchain-Based Automated Investment System

Ruby + GCM Nonce Reuse: When your language sets you up to fail…

Simple Messaging and Identity Management Protocol (SMIMP) - Final Version

Developers: Placing Trust in Strangers

Threat Modeling for Applications

Juniper, Backdoors, and Code Reviews

Making BadUSB Work For You – DerbyCon

Introducing SMIMP

phpMyID: Fixing Abandoned OSS Software

Hash Storage: Make Attackers Work

Password Hashing: No Silver Bullets

1Password, PBKDF2, & Implementation Flaws

First, Do No Harm: Developers & Bad APIs

Revisiting Snapchat API & Security

Snapchat: API & Security

Piracy is not Theft

MiniPwner

Gpg4win & IDEA

My 5 minutes of infamy

IIN (BIN) Database

VB6: Not so open source

You can’t fix stupid…

…and thanks for the fish (Twitter v. Developers)

Rails 3 & Dreamhost PS

Google Chrome and H.264

What’s your Code Legacy?

GetSatisfaction: Is it worth it?

Switching hosts, again.

I Love My Job

Task Management with Tasks

OpenID: ID of The Future?

Running RegEdit as SYSTEM

What It Takes To Be A Great Developer

Happy (Belated) Birthday VB!

Extreme Simplicity

The Pressure to Be Great

Piracy: Modern Marketing

Superstars & Monkeys

VB: The dumbing of a Great Language

Where’s the service?

Back From New York

APISettings

Conexant (formerly Rockwell) Softmodem HSF Modem

CloseApp

Is Long-form Writing Dead?

Why I Will Never Write With AI

25% Unemployment in Tech?

A look at the Tech Industry, Economy, & Unemployment

On AI, Art, Writing, and the Distillation of Creativity

When AI Becomes I

The challenge of defining life when intelligence goes non-biological.

Millions of Jobs

or: On AI, Job Creation & Destruction, and The Race to Oblivion

AI: Art Without Expression?

Lessons Learned from 20 Years & Why You Should Blog

Hard-won lessons from two decades of blogging, and why you should start your own.

On AI, Art, Writing, and the Distillation of Creativity

AI: Art Without Expression?

On Art, Heritage, Nazis, & 3D Scanners

What’s your Code Legacy?

What It Takes To Be A Great Developer

On Privacy Nihilism

On the feeling of futility and the importance of action.

Whose Monkeys Are These?

The 'Somebody Else's Problem' Problem in Leadership

Good Faith, Moral Duty, and Selfishness

Security Is a Shell Game

Taking Responsibility for the Spotlight

On sharing the spotlight with those that need the opportunity more

Dezinformatsiya

Book Review: Active Measures

Utilitarian Nightmare: Offensive Security Tools

Breaking the NemucodAES Ransomware

Confide, Screenshots, and Imaginary Threats

Crypto Crisis: Fear over Freedom

“New Atheism” & The Philosophy of Atheism

Battle Fronts in the Crypto War

The Manifesto

The Door to Nowhere

Responsible Disclosure Is Wrong

Crypto Front Door: Everyone Welcome!

The Evolution of Paranoia

Utopia Found; Utopia Lost

Orwellian Justice

On NSA-Proof Security

A backdoor by any other name…

On The Ethics of BadUSB

The Sinking Ship of E-Mail Security

Security By Buzzword – Why I don’t support Ensafer

On Opportunistic Encryption

Worried about the NSA? Try AES-512!

Crypto, the NSA, and Broken Trust

Making Android NSA-Proof

Is moving offshore really crazy?

Cryptocat: What is the measure…

Do one thing right…

OPSEC, The NSA, and You

DEFCAD & Freedom of Information

The WikiLeaks We Deserve

Evernote: Doing it (mostly) right

Revisiting Snapchat API & Security

Assange, Ecuador, and the Cyberarmy

SOPA Is Inevitable

A Secure Mentality

Whose Monkeys Are These?

The 'Somebody Else's Problem' Problem in Leadership

25% Unemployment in Tech?

A look at the Tech Industry, Economy, & Unemployment

On Productivity

Taking Responsibility for the Spotlight

On sharing the spotlight with those that need the opportunity more

Communicating With Respect

On communicating in a respectful, open, honest, and empathetic manner

On Software Subscriptions

A look at why subscriptions deliver more value to users, the tools I'm in love with today, and why this shift is happening

Parasitic & Symbiotic Business Models

Crew Resource Management for Security Teams

Best Practices vs Inane Practices

Leading Experts

Checklist: Starting a Security Consulting Firm

Making BSides Knoxville

Piracy is not Theft

on Hiring

I Love My Job

Task Management with Tasks

The Pressure to Be Great

Superstars & Monkeys

Five Hundred

The 500th post: a look back, and a look ahead.

Good Faith, Moral Duty, and Selfishness

Developer Tools & Productivity

When AI Becomes I

The challenge of defining life when intelligence goes non-biological.

Twitter Becomes a Walled Garden

On Art, Heritage, Nazis, & 3D Scanners

Logseq: My External Brain

Death, Cancer, and Missed Chances

On Software Subscriptions

A look at why subscriptions deliver more value to users, the tools I'm in love with today, and why this shift is happening

Parasitic & Symbiotic Business Models

Leading Experts

Write Like You Are Running Out of Time

Bitcoin is a Cult

30 Days of Brave

“New Atheism” & The Philosophy of Atheism

2015: Year In Review

on Unfair Judgement

Utopia Found; Utopia Lost

2014: Year In Review

Irrational Attribution: APT3.14159

Orwellian Justice

Speaking at SC Magazine Congress

Jumping through hoops…

A month with DuckDuckGo

HP Folio 13

Moving to Octopress

SOPA Is Inevitable

Thoughts on the iPad, from an Apple hater

Rosen Shingle Creek

Buying a MacBook from CowBoom.com

Being Fair

Am I doing too much?

on Hiring

Is this thing on?

From Outlook, to Gmail, to The Bat!

Rebuilding My Network

Back From New York

Lessons Learned from 20 Years & Why You Should Blog

Hard-won lessons from two decades of blogging, and why you should start your own.

Is Long-form Writing Dead?

Why I Will Never Write With AI

Twitter Becomes a Walled Garden

Logseq: My External Brain

On Productivity

Communicating With Respect

On communicating in a respectful, open, honest, and empathetic manner

Proposal: Association of Security Researchers

Write Like You Are Running Out of Time

On the need for an open Security Journal

SMIMP at the DEFCON Crypto Village

Blog Traffic: Another View

Where’s the service?