Intel’s Secret Key to Decrypt Microcode Patches is Exposed

Intel’s Secret Key to Decrypt Microcode Patches is Exposed
by Matthew Rosenquist on 11-07-2020 at 8:00 am

Intels Secret Key to Decrypt Microcode Patches is Exposed

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines.

This is an important finding as it peels back yet another layer of the onion that protects the core CPU from malicious

Read More

We Don’t Want IoT Cybersecurity Regulations

We Don’t Want IoT Cybersecurity Regulations
by Matthew Rosenquist on 10-14-2020 at 6:00 am

We Dont Want IoT Cybersecurity Regulations

It simply makes no sense to call for IoT devices to be certified safe-and-secure. Before you get bent out of shape, hear me out.

Regulations are unwieldy blunt instruments, best left as a last resort. Cybersecurity regulations are not nimble, tend to be outdated the day they are instituted, and become a lowest-common-threshold… Read More


Painful IoT Security Lessons Highlighted by a Digital Padlock

Painful IoT Security Lessons Highlighted by a Digital Padlock
by Matthew Rosenquist on 10-04-2020 at 10:00 am

Painful IoT Security Lessons Highlighted by a Digital Padlock

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.

Straightforward penetration testing revealed horrible logical and physical security for a padlock that promotes… Read More


The 10 Worst Cybersecurity Strategies

The 10 Worst Cybersecurity Strategies
by Matthew Rosenquist on 07-26-2020 at 8:00 am

The 10 Worst Cybersecurity Strategies

Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you are…

Let’s count them down.

10. Cyber-Insurance

No need for security, … Read More


Teaching AI to be Evil with Unethical Data

Teaching AI to be Evil with Unethical Data
by Matthew Rosenquist on 07-05-2020 at 2:00 pm

Teaching AI to be Evil with Unethical Data

An Artificial Intelligence (AI) system is only as good as its training. For AI Machine Learning (ML) and Deep Learning (DL) frameworks, the training data sets are a crucial element that defines how the system will operate. Feed it skewed or biased information and it will create a flawed inference engine.

MIT recently removed Read More


Killer Drones to be Available on the Global Arms Markets

Killer Drones to be Available on the Global Arms Markets
by Matthew Rosenquist on 07-01-2020 at 10:00 am

Killer Drones to be Available on the Global Arms Markets

Turkey may be the first customer for the Kargu series of weaponized suicide drones specifically developed for military use.  These semi-autonomous devices have been in development since 2017 and will eventually be upgraded to operate collectively as an autonomous swarm to conduct mass synchronized attacks.

This situation… Read More


Misunderstanding the Economic Factors of Cybercrime

Misunderstanding the Economic Factors of Cybercrime
by Matthew Rosenquist on 05-31-2020 at 6:00 am

Misunderstanding the Economic Factors of Cybercrime

A new study by Cambridge Cybercrime Centre titled Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies concludes that cybercrime is boring and recommends authorities change their strategy to highlight the tedium in order to dissuade the growth of cybercrime.

Warning: Full-blown rant ahead,Read More


10 Areas of Change in Cybersecurity for 2020

10 Areas of Change in Cybersecurity for 2020
by Matthew Rosenquist on 05-17-2020 at 10:00 am

10 Areas of Change in Cybersecurity for 2020

Cybersecurity in 2020 will be evolutionary but not revolutionary. Although there is always change and churn, much of the foundational drivers remain relatively stable. Attacks in the next 12 months are likely to persist in ways already known but taking it up-a-notch and that will lead to a steady escalation between attackers… Read More


Preventing a Product Security Crisis

Preventing a Product Security Crisis
by Matthew Rosenquist on 04-26-2020 at 12:00 pm

Preventing a Product Security Crisis 1

The video conference company Zoom has skyrocketed to new heights and plummeted to new lows in the past few weeks. It is one of the handful of communications applications that is perfectly suited to a world beset by quarantine actions, yet has fallen far from grace because of poor security, privacy, and transparency. Governments,… Read More


There is No Easy Fix to AI Privacy Problems

There is No Easy Fix to AI Privacy Problems
by Matthew Rosenquist on 03-14-2020 at 8:00 am

There is No Easy Fix to AI Privacy Problems

Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems.

Not only does ML require vast amounts of data for the training process, but the derived system is also provided with access to even greater volumes of data as part of the inference processing while in operation. … Read More