BLOG

WannaCry news Over the last few days a WannaCry worm/ransomware attack has swept across the planet resulting in headlines.  Forensics of the worm which spreads a ransomware payload is being meshed with political news. It’s likely that the key worm concepts came from stolen and leaked US Government cyber tools.  Here are some observations from the eSleuth crew. An early and accurate analysis from Jake Williams of Rendition Infosec was presented in a SANS webinar — on the same day

In the current political focus it is not helpful to have another harangue from an opinion shaper. This blog includes just my personal experiences — and the role of computer forensics. Remember the ’70s? Seattle had become the bomb capital of the US. The government was the focus of much of the hate. I recall a coworker at UW who summed this mood up pretty well. His philosophy was that there is no good in

Last week a long-time client called to ask for quick cyber risk assessment. No threat of violence — but they wanted to know if their (very good) network security would effectively defend them against a known (very aggressive) cyber threat. An immediate opinion was needed. I was faced with the problem that decision makers live with especially in high-threat or violent situations. Few problems in management are purely quantitative. Even the formulas that are used

Software from Redmond, Washington always seems newsworthy. This software project was going well and beginning to get national attention. One day the focus turned inward, however. During a test of the project, the boss discovered that the new software was providing links to pornography on the Internet. Ouch! He made solving this problem a high priority and called to provide a forensic investigation of the issue. The investigation Computer forensic imaging and analysis of a server

The tough job in risk assessment is separating the goofiness of ordinary life from factors that might indicate potential violence. Assessment isn’t prediction — but both have similar uncertainties. In a world with lots of physical variables, each represented by a known stochastic process the job is lots easier. A numerical simulation of the collection, such as a monte carlo analysis, can give credible results. It is even possible with data from trusted opinion polls,

Two former spooks met for a gourmet lunch on the side of an extinct volcano. Sounds interesting… and it was. I was with Patrick Wardle, Director of R&D for synack.com. His company has taken an effective new approach to discovering network vulnerabilities for their clients. We talked a bit about how the landscape of computer security has been changing. 2016 is shaping up to become the year of Ransomware. With a more Macs being used

Tomorrow is Memorial Day in the US. Just a few weeks ago Liberation Day, Bevrijdingsdag, was remembered in the Netherlands. They recognize the sacrifice of foreign soldiers who defeated the German occupiers in World War II. Near Maastricht, 8,301 American soldiers are buried. They fell in “Operation Market Garden” in the battles to liberate Holland in the fall winter of 1944. Every one of the men buried in the cemetery, as well as those in

Stalkers, controlling spouses, creepy bosses and predators like tracking. The good things in our electronic environment can create problems for us… and opportunities for stalkers. Computer logins and email headers can disclose clues about location. Photos carry metadata that can include GPS coordinates. Watch out for cellphones! Phones can reveal location continuously to a stalker. There are lots of vulnerabilities here. Some suggestions are: — Check to see if a family plan may reveal your location to