Microsoft's Chain of Fools

On Monday this week, Brian Krebs broke a story that the NSA had discovered a critical flaw in Microsoft Windows software responsible for core security functions including, among other responsibilities, verifying the identity of other computers on local networks and the internet as well as assuring the authenticity and provenance…

My $169 development Chromebook

How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security Update I'll give this a proper update in the coming days, but much of this post is no longer needed. First class support for native VMs and containers have landed in Dev & Canary channels for Chrome…

A day in the life of a nasty Word Malware

This is a write-up from an incident in 2015, but many lessons still apply today. Only 10 out of 55 anti-virus engines detected the malware, and those that missed it include some major players: Microsoft, TrendMicro, Symantec, Kaspersky, FProt, Bit Defender, Comodo, Fortinet and Sophos. The only two major vendors…

Barebones LetsEncrypt cron job

This is a barebones, simple LetsEncrypt cron job shell script to auto-refresh TLS (or SSL v 4 if you prefer) certificates. If you host your own site, the easiest solution is probably to run a Caddy web server and let it do the heavy lifting. But if you need a…

About

I'm an odd duck. My formal training is in computational neuroscience & clinical research, specifically around signal and image analysis, using machine learning for real-time classification and pattern recognition. Besides my research, much of my energy for the past several years has been focused on networks, public cloud infrastructure, and…