Author Archives: Tirath

On the measurement trap of detect-to-protect

Put yourself in the shoes of a personal bodyguard. Your job is to protect Whitney Houston (or whatever). You wake up in the morning, do your yoga routine (or whatever), put on your suit, ankle holster, side holster etc and … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

WFP gotcha: connections, FwpsFlowAssociateContext, and ALE reauthorization

Anyone building endpoint security software on Windows may require some kind of firewall-like functionality, and if that’s the case they will probably encounter Windows Filtering Platform (WFP) at some point. I’ll let you search the interwebs for an introduction to … Continue reading

Posted in Uncategorized | Tagged , | 2 Comments

Performance-based contracting for cybersecurity

“Show me the incentive and I will show you the outcome.” — Charlie Munger Have you heard the one about how all the viruses are written by the antivirus companies? This joke makes the rounds at cocktail parties because it … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment

Podcasting: 5 dos and 5 don’ts

About 10 years ago (or was it 11 years… or 12 years… let’s cap it at 10 before I start to feel too old), I got a Sansa Clip. I loved my Sansa Clip. The killer app for me was … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

The cyber killchain: wrong, but is it useful?

All models are wrong, but some are useful. The trick is to determine in what circumstances a model may be useful. This is where mistakes are made. Today I was at a seminar on cybersecurity in the context of individuas, … Continue reading

Posted in Uncategorized | Leave a comment

Should Australia join ASEAN?

Former Australian Prime Minister Paul Keating believes that Australia should join ASEAN. This is a call that he has repeated since the surprise victory of Donald Trump. There are concerns about whether or not Australia could join ASEAN – certainly … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

A high-level evaluation of the OpenBSM audit system in OS X

One of the BSD legacy security mechanisms included with OS X is OpenBSM. This is an audit mechanism. In contrast, TrustedBSD (also included with OS X) is a mandatory access control mechanism which can block system calls based on some … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment