Bad Surveys About Cyber Security [DtSR 239]

Several weeks ago on the April 4th NewsCast, the DtSR crew talked about this survey from Pew Center that “finds Americas lack understanding of cybersecurity measures.” While I don’t remember exactly what takes were made on the podcast, I know it didn’t cover a big point: This survey was pretty poorly written. The survey consisted […]

CIA != Law Enforcement [Security Now 603]

In Security Now episode 603, Steve dives into the Vault 7 leaks. And while I trust Steve’s technical analysis of the information, the conversation takes a sharp turn into two completely unrelated topics: Cryptographic backdoors for law enforcement use, and the vulnerability equities process (VEP). Steve’s assertion, and main take-away from Vault 7 leaks was […]

Yahoo! Password Breach [Defensive Security 172]

The Yahoo! breach that resulted in the compromise of 500+ million account credentials in late 2014 came into the public sphere recently, and while virtually every outlet hit the story in one way of another, it was the Defensive Security hosts who inspired response from me after episode 172. The fact that Yahoo! was breached […]

Average Data Breach Cost [Defensive Security 172]

In Defensive Security 172, Jerry and Andrew¬†discuss a paper from the Oxford Press’ Journal of Cyber Security ( This paper “seeks to examine the composition and costs of cyber events, and attempts to address whether or not there exist incentives for firms to improve their security practices and reduce the risk of attack.” Unfortunately, the […]

Trident [Security Now #575]

Steve Gibson devoted his technical segment in Security Now #575 to the recent Trident vulnerabilities as well as the associated malware in use in narrowly targeted iPhone espionage, as first publicized by Lookout. The topic was covered in almost every podcast this week (Defensive Security, DtSR, Paul’s Security Weekly, SANS, and even Tech News Today […]