The last two years I’ve been intently focused launching FortMesa to solve what I think is a civilization-level risk: Cyber Security.
I’ve got plenty of product messaging out there, but some people have asked me to talk more specifically about the mission.
Here’s a repost from a document I’ve circulated.
Please do check out what we’re doing if you’d like to know more.
Continue reading “FortMesa Mission”
Today I learned NIST no longer admits cell phone SMS authentication is horribly insecure.
NIST SP800-63B Published June 2017 refutes earlier guidance to avoid SMS authentication because security.
Last week I was lucky to have squeezed an early sample of the Samsung Chromebook Pro out of my distributor for evaluation. This is not a review of the device but of how a device like this one, equipped with the ChromeOS stack might fit into the enterprise. Continue reading “Chrome Flat On My Desk”
A couple of months ago I reported a chained vector vulnerability which affected a corner case 2-Factor bug to Facebook. Continue reading “Run of the mill “infosec researcher”.”
How I Passed the CISSP in Two Weeks
So it’s been on my mind a while, okay, maybe a long while.
What’s a certification I can take that will provide assurance to my clients and not be a complete waste of time or lock me into a fixed mind set dependent on a single vendor’s solutions?
Continue reading “The CISSP Crucible”
URL: BIS Proposal & Comments
Bureau of Industry and Security export restriction proposal and my comments below …
Continue reading “BIS Comment RE: export restrict security tools”
Okay, so this shouldn’t be news to anyone moderately concerned with the safety of their personal information or corporate resources, but this week reinforced a growing trend in information systems:
The web-browser is the largest attack vector on any platform.
This week saw one disclosure and two separate 0-day attacks which left nowhere to hide on the web.
Continue reading “News Flash: World Wide Web is Wild Wild West … still”