• 2026 East Coast Drive (Part 3: VA / DC)
    2026 East Coast Drive (Part 3: VA / DC)

    June 5 (Friday) From Richland, Virginia it was time to head North toward Washington D.C. The day was primarily stopping at a few towns to check out stores and drive through the areas to get a feel for them. I had driven through this area in 2022 as part of another cross country trip but…

  • 2026 East Coast Drive (Part 2: North Carolina / Virginia)
    2026 East Coast Drive (Part 2: North Carolina / Virginia)

    June 3 (Wednesday) After the convention I drove back to Wilmington, North Carolina to check out a few shops and grab lunch along the river. The old downtown area is nice to walk and has a lot to see including art and a battleship. Being back in the South also gave a bit of nostalgia…

  • 2026 East Coast Drive (Part 1: NaClCON)
    2026 East Coast Drive (Part 1: NaClCON)

    Pre-game For the first half of June I attended NaClCON and then drove through five states and the District of Columbia. The trip began with a rare flight that required a layover as Wilmington, North Carolina is a small regional airport. That put me through O’Hare which I despise due to past trips that left…

  • My Quest for the White Squirrel!
    My Quest for the White Squirrel!

    I recently attended NaClCON in Carolina Beach, North Carolina. After the con concluded I took a drive through North Carolina, Virginia, Washington D.C., West Virginia, Kentucky, Tennessee, and back through North Carolina to fly out. Between June 3rd and June 12th I drove around two thousand miles to see a couple states I had never…

  • Colorado Voting System Irregularities & Continued Rigging
    Colorado Voting System Irregularities & Continued Rigging

    Earlier this year I wrote about how the Colorado voting system is effectively “rigged” to enforce a two-party system. In that I said “In Colorado, if you are not registered with political affiliation, you are given two ballots; one Democrat and one Republican. This forces you to vote along party lines even if you do…

  • MSRC; Tell The Whole Story Please
    MSRC; Tell The Whole Story Please

    Every so often, it seems that Microsoft Security Response Center (MSRC) likes to stick their proverbial foot in their mouth on the topic of vulnerability disclosure. The root issue is that collectively, MSRC does not seem to appreciate either their own history or the bigger picture. As such they have a myopic view on the…

  • The Jericho Blog Graveyard (2014 – 2021)
    The Jericho Blog Graveyard (2014 – 2021)

    This is a continuing short run series of blogs summarizing old drafts and either declaring them dead, while listing them here, or keeping them as they are still relevant. Part 1 – The Jericho Blog Graveyard (2010 – 2013)Part 2 – The Jericho Blog Graveyard (2014 – 2015)Part 3 – The Jericho Blog Graveyard (2016…

  • Mythos Needs to Shift Left
    Mythos Needs to Shift Left

    Over the years I have been part of many discussions around a classic debate around red team versus blue team, the value of penetration testing, and the value they each bring. I started my InfoSec career in 1996 doing pentesting (aka red teaming) a couple years before it really exploded. For nine years that was…

  • Vulnerability Embargos Are Dead
    Vulnerability Embargos Are Dead

    Introduction When a researcher finds a security vulnerability that impacts more than one vendor, and they wish to coordinate disclosure with both, it creates a situation where an embargo must be put in place. In this context that simply means that all three parties agree not to make the information public until a given date.…

  • Calif’s Bold Claims; Missing Receipts
    Calif’s Bold Claims; Missing Receipts

    Here we go again, more Mythos rumors and claims to unpack. I wrote a lengthy blog on Anthropic, Glasswing, and Mythos just over a month ago but this is about a very specific event and set of claims. A significant reason I am writing this is due to what I believe are poorly written headlines…