• Security vs Security Theatre; A Lesson for Abbott
    Security vs Security Theatre; A Lesson for Abbott

    Security theater, as defined by Wikipedia, “is the practice of implementing security measures that are considered to provide the feeling of improved security while doing little or nothing to achieve it.” This is a common term used by information security professionals and has been a concept for a long, long time. I recently pointed it…

  • The NVD Shell Game & Schrödinger’s Enriched Vulnerability
    The NVD Shell Game & Schrödinger’s Enriched Vulnerability

    I know, yet another blog about the National Vulnerability Database’s (NVD) ever-changing numbers?! That’s right, and I am not talking about the changes between April 14 and 15th. The numbers changed significantly because of the way NVD displayed statistics on their dashboard before a dramatic change in their enrichment policy. At VulnCon 2026, Harold Booth…

  • The Night I Almost Died
    The Night I Almost Died

    I write a lot. Most recently it has been about information security, movie reviews, so-called AI, and a few other topics. It’s been four years since I blogged about my poor experience with Abbott’s Libre2 glucose sensor technology and all the shortcomings. Since then I have tweeted to them a considerable amount when my continuous…

  • Starfleet Academy; The Review
    Starfleet Academy; The Review

    Starfleet Academy (SA), the latest TV show in the Star Trek line, debuted this year with a lot of fanfare and a fair share of drama. The show almost immediately hit the news with cries of it being “too woke”. The Washington Times headline called it a “woke culture war casualty” and Outkick said the…

  • Why Data From So Many Breaches Never Sees the Light of Day
    Why Data From So Many Breaches Never Sees the Light of Day

    Months ago I was chatting with a colleague about a recent data leak (a.k.a. Data breach), as we tend to do in this industry. Those terms are defined by Microsoft as “an unauthorized disclosure of sensitive, confidential, or personal information from an organization’s systems or networks to an external party“. Any time I see an…

  • InfoSec News (ISN) Mail List History
    InfoSec News (ISN) Mail List History

    As early as 1996, I created a mail list called InfoSec News (ISN) which initially was to share news about the industry. At the time, there were no online news sites covering the topic with any regularity and most were hobbies at best. So the original list had many articles that I had typed in…

  • An AI agent destroyed … hey wait a minute!
    An AI agent destroyed … hey wait a minute!

    Yesterday many people ran across a headline that was shocking, and repetitive. This time it read “‘Gone in 9 seconds’: Claude-powered AI agent deletes startup’s entire database“. For myself, the first thing I had to do was check the date of the article because I swore I had just read about this recently. Yep, April…

  • Don’t Call Me Boss
    Don’t Call Me Boss

    I don’t remember when it started but it was easily five to ten years ago. I’d be in a restaurant typically and a server or cashier would call me ‘boss’. It bothered me from day one because it usually came from a younger kid who presumably didn’t understand all of the connotations behind the word…

  • Security Software: Holding the Vault Door Open for Criminals
    Security Software: Holding the Vault Door Open for Criminals

    I have been consistently tracking a fun metric around vulnerabilities since March 19, 2024. Before that I would occasionally mention it during talks or chat, but I don’t think I formally blogged about it before this and didn’t track the exact number. So here we are to discuss the prevalence of vulnerabilities in security software,…

  • Another Wave of Random Thoughts
    Another Wave of Random Thoughts

    ATM ATMs have way too many options for many users, and definitely for most uses of the machines by volume. Sometimes, when I put my card in, why are you asking what language I want to use? The same one as last time maybe? And for someone who has the same exact transaction 95% of…