• The Jericho Blog Graveyard (2014 – 2021)
    The Jericho Blog Graveyard (2014 – 2021)

    This is a continuing short run series of blogs summarizing old drafts and either declaring them dead, while listing them here, or keeping them as they are still relevant. Part 1 – The Jericho Blog Graveyard (2010 – 2013)Part 2 – The Jericho Blog Graveyard (2014 – 2015)Part 3 – The Jericho Blog Graveyard (2016…

  • Mythos Needs to Shift Left
    Mythos Needs to Shift Left

    Over the years I have been part of many discussions around a classic debate around red team versus blue team, the value of penetration testing, and the value they each bring. I started my InfoSec career in 1996 doing pentesting (aka red teaming) a couple years before it really exploded. For nine years that was…

  • Vulnerability Embargos Are Dead
    Vulnerability Embargos Are Dead

    Introduction When a researcher finds a security vulnerability that impacts more than one vendor, and they wish to coordinate disclosure with both, it creates a situation where an embargo must be put in place. In this context that simply means that all three parties agree not to make the information public until a given date.…

  • Calif’s Bold Claims; Missing Receipts
    Calif’s Bold Claims; Missing Receipts

    Here we go again, more Mythos rumors and claims to unpack. I wrote a lengthy blog on Anthropic, Glasswing, and Mythos just over a month ago but this is about a very specific event and set of claims. A significant reason I am writing this is due to what I believe are poorly written headlines…

  • Noise2Signal Podcast: Which Does the Squirrel Bring?
    Noise2Signal Podcast: Which Does the Squirrel Bring?

    For those not familiar, Mehul Revankar recently started a podcast named Noise2Signal. While there are a lot of podcasts out there and it is easy to lose track, this one stands out as Mehul has connections with a lot of folks that are significant in the history of information security. In fact, he interviewed Renaud…

  • Amazon Auto-buy: A Slick New Feature
    Amazon Auto-buy: A Slick New Feature

    For half a year now, I have been using a third-party site (Keepa) to track movie prices on Amazon (and a few other sites), waiting for them to drop to the price I will pay. New movies are often released on physical media at fairly absurd rates. Almost fifty dollars for a new release when…

  • Security vs Security Theatre; A Lesson for Abbott
    Security vs Security Theatre; A Lesson for Abbott

    Security theater, as defined by Wikipedia, “is the practice of implementing security measures that are considered to provide the feeling of improved security while doing little or nothing to achieve it.” This is a common term used by information security professionals and has been a concept for a long, long time. I recently pointed it…

  • The NVD Shell Game & Schrödinger’s Enriched Vulnerability
    The NVD Shell Game & Schrödinger’s Enriched Vulnerability

    I know, yet another blog about the National Vulnerability Database’s (NVD) ever-changing numbers?! That’s right, and I am not talking about the changes between April 14 and 15th. The numbers changed significantly because of the way NVD displayed statistics on their dashboard before a dramatic change in their enrichment policy. At VulnCon 2026, Harold Booth…

  • The Night I Almost Died
    The Night I Almost Died

    I write a lot. Most recently it has been about information security, movie reviews, so-called AI, and a few other topics. It’s been four years since I blogged about my poor experience with Abbott’s Libre2 glucose sensor technology and all the shortcomings. Since then I have tweeted to them a considerable amount when my continuous…

  • Starfleet Academy; The Review
    Starfleet Academy; The Review

    Starfleet Academy (SA), the latest TV show in the Star Trek line, debuted this year with a lot of fanfare and a fair share of drama. The show almost immediately hit the news with cries of it being “too woke”. The Washington Times headline called it a “woke culture war casualty” and Outkick said the…