The Old New at All.Net

2020

  • 2020-12-17 - Decider™ (video) Integrated with GWiz™ for Investment Decisions
  • 2020-12 - Decider™ (home version) now online for all to use...
  • 2020-12 - Understanding a meta-language of influence
  • 2020-12B - An initial review of election fraud claims
  • 2020-11 - GWiz™ What do we measure and why?
  • 2020-10C - Cyberspace vs. COVID-19 - Re-education
  • 2020-10B - Cyberspace vs. COVID-19 - COVID is no excuse for poor service (i.e., experience)
  • 2020-10 - Will you still need me?
  • 2020-09C - Exit plan
  • 2020-09B - Why not vote for Trump?
  • 2020-09 - Expressing my appreciation
  • 2020-08 - Electing not to secure
  • 2020-07B - Cyberspace v. Covid-19 - Back to School?
  • 2020-07 - Social media background checks
  • 2020-06 - Cyberspace vs. Covid-19 - Propaganda
  • 2020-05-CDC - Whitehouse supressed CDC guidance on opening America
  • 2020-05B - Cyberspace vs. COVID-19 - American Cowardice
  • 2020-05 - There's a hole in my bucket...
  • 2020-04B - Cyberspace vs. COVID-19 - The Farce Awakens
  • 2020-04 - Keeping your cyber security program exciting!
  • 2020-03F - Cyberspace vs. COVID-19 - Cyberspace takes the offensive
  • 2020-03E - How to save the economy and the people - stimulus that actually works
  • 2020-03-20 - The greatest danger in 100 years is your chance to do something great! (YouTube) (Non-YouTube)
  • 2020-03D - Live Online Remote - Work from home - the 37 things you absolutely must know
  • 2020-03C - Cyberspace vs. the COVID-19 - UPDATED 2020-03-14
  • 2020-03C - Cyberspace vs. the COVID-19 - Shelter in place - out of an ?abundance? of caution
  • 2020-03B - Cyberspace vs. the COVID-19 - Campaigning with COVID - the CyberWar of 2020 grows
  • 2020-03 - In anticipation of litigation
  • 2020-02 - Law Journal interview with Fred Cohen
  • 2020-02B - Cyberspace vs. the Coronavirus - saving hundreds of millions of lives
  • 2020-02 - Cyber Security Stories - Episode 1
  • 2020-02 - The Evidence Please!
  • 2020-01 - I've been Hacked! What do I do?

    2019

  • 2019-12 - Three Little Words
  • 2019-11 - Safety better win!
  • 2019-10 - How to not be fired in 18 months
  • 2019-09-26 - Whistleblower Report Released - Audio reading
  • 2019-09 - Programs we should not allow
  • 2019-08 - Powerful Security
  • 2019-07 - Claims v. Reality in Cyber Security Sales
  • 2019-06 - Countering Russian propaganda in social media - one person at a time
  • 2019-05 - Security Inventory
  • 2019-04-18 - The Meuller Report
  • 2019-04 - Escalating and de-escalating incident response
  • 2019-03B - What's new at the RSA? Nothing (almost)
  • 2019-03 - Deprecating the use of social media by terrorist group for recruiting and grooming
  • 2019-02 - Dealing with deep fakes
  • 2019-01 - Every 15-20 years I do an update

    2018

  • 2018-12 - Cyber Security Intelligence
  • 2018-11 - It's a race, and I just said "Go!"
  • 2018-10 - The cyber security brain
  • 2018-09 - Duty to Protect
  • 2018-08C - The ONE Page Your Board Members Should Read About Cyber-Security
  • 2018-08B - Deception Rising Again
  • 2018-08 - The story behind the story behind the story of Aurora
  • 2018-07B - White Paper: The Pathfinder Approach to Cyber Security
  • 2018-07 - The basis for trust
  • 2018-06 - It's how you use it that counts - and GDPR
  • 2018-05 - 50 Ways to defeat your blockchain / distributed ledger / cryptocurrency system
  • 2018-04 - Countering the "natural" spread of deceptive social media memes
  • 2018-03 - Let's all go to 10-factor
  • 2018-02 - How cyber-security punishes good behavior
  • 2018-01 - While you were distracted

    2017

  • 2017-12 - Two wrongs don't make a right - but 3 lefts do!
  • 2017-11 - If porn and drugs cannot help we are all in big trouble
  • 2017-10-09: Hacking the cognitive system - Deception in CyberWarfare - All CyberWar is Based on Deception?
  • 2017-10 - Supply chain and change control - how to get your Trojan to millions without viruses
  • 2017-09 - At some point you just have to stand for something
  • 2017-08 - Strategy v. Tactics - Cybersecurity is still tactical response focused
  • 2017-07 - Provide for the Common Defense
  • 2017-06-12: Kennedy Space Center: Cyber Warfare - the BIG picture
  • 2017-06 - Change your password - Doe Si Done!
  • 2017-05 - Why do they think they can just break the law?
  • 2017-04 - Analysis or Advertising?
  • 2017-03 - Defeating propaganda in the public media
  • 2017-02 - The end of biometrics
  • 2017-01 - A year of living well

    2016

  • 2016-12 - Not Pearl Harbor - the boiling frog
  • 2016-11 - Information Sharing - The end of cybersecurity?
  • 2016-10B: CyberWar Intensification
  • 2016-10: CyberSpace - The Final ...
  • 2016-09: If I made disk drives
  • 2016-08-29: HTCIA Keynote: FBI v. Apple - The Equities Issue (Slides)
  • 2016-08C: Asking too much - a lie for a lie
  • 2016-08B: Crimes against the environment
  • 2016-08: Provenance
  • 2016-07: How deep is the problem?
  • 2016-06B: I stand corrected - security can still get stupider
  • 2016-06: Enough with the technical security stuff
  • 2016-05: Stupid security getting stupider still - and falling into denial
  • 2016-04: Misimpressions by decision-makers (with update at the end)
  • 2016-03-24: MBITA The Cyber Silk Road - Risks and Rewards (Slides)
  • 2016-03-16: MBIT Big Data and Cyber Security (Slides)
  • 2016-03B: RSA - What's new in cybersecurity?
  • 2016-03: Equities: FBI v. Apple (early release)
  • 2016-02B: How secure is your data center and how can you tell?
  • 2016-02: How long does it take before people act responsibly? Hint: Forever!
  • 2016-01: Alternatives to encryption for securing open channels
  • 2015-12G1: Is your threat intelligence intelligent?
  • 2015-12G2: Winning the race with cybercrime in China
  • 2016-01-04 IFIP 2016 Pre-final Slides

    2015

  • 2015-12-26 IFIP 2016 Pre-final: Generalizations to Travel Time Consistency Checking
  • 2015-12: Countering mass propaganda and surveillance in the "war on terrorism"
  • 2015-11: We're missing the boat on legal controls over network traffic
  • 2015-10-28: CyberBox - Webster CyberLab in the palm of you hand.
  • 2015-10: Send me the Snowden docs
  • 2015-09: Why can't we make any of the systems we use secure from remote attack?
  • 2015-08: Who's to blame?
  • 2015-07-20: TakeDownCon Talk Slides
  • 2015-07: The greatest strategic blunder of all time?
  • 2015-06-16: Webinar on CyberInsurance
  • 2015-06-B: Incident at All.Net - 2015
  • 2015-06-10: The science of information protection and the Webster CyberLab
  • 2015-06: Reducing the Effects of Malicious Insiders Non-technologically
  • 2015-05: Iran(t) on merchantability for software
  • 2015-04: Fishing and phishing
  • 2015-03-21 Fearless Initial Assessment Process Overview
  • 2015-03-16 Fearless Webinar - Information Sharing
  • 2015-03-B: Error-induced misoperation - rowhammer
  • 2015-03-10: Draft updates to the Standard of Practice (Awareness, Authentication) are posted
  • 2015-03: Temporal microzones and end-user workstations
  • 2015-02: Input checking
  • 2015-01-26 IFIP TC11.9 - A Tale of Two Traces - Paper
  • 2015-01-26 IFIP TC11.9 - A Tale of Two Traces - Slide Deck
  • 2015-01-25 Webster emanations lab Optical experiment - Light signaling (YouTube)
  • 2015-01-25 Webster emanations lab Optical experiment 2 - Visible light data transfer (YouTube)
  • 2015-01-22 Webster emanations lab experiment 2 WiFi denial of services - WaveForm (YouTube)
  • 2015-01-20 Fearless Security: Standards of Practice in Context - Part 2: How we are applying them and how you can too. (Youtube)
  • 2015-01-20 CyberLab Audio DDoS demontration 1 (Youtube)
  • 2015-01-20 CyberLab Audio DDoS demontration 2 (Youtube)
  • 2015-01 - The year of the Trojans (and their unintended side effects)
  • UPDATE: Developing a global standard of practice supported by the science ..., Keynote Beijing, China (Video)

    2014

  • 2014-12-09 Fearless Security: Standards of Practice in Context - Part 1: Some Examples (small) (med) (big) (1080p) (youtube)
  • 2014-12: Stupid security getting even stupider
  • 2014-11-B: Eat your own dog food
  • 2014-11-03 Fearless Security: Technical Security Architecture - Structure and Colntent (small) (med) (big) (1080p)
  • 2014-11: What's the big deal about big data loss (actually theft)?
  • 2014-10-07 Fearless Security: Technical Security Architecture - Perception and Behavior (small) (med) (big) (1080p)
  • 2014-10: Cyber (whatever that is) insurance yet again?
  • 2014-09-24 Developing a global standard of practice supported by the science of information protection, Keynote Address Beijing, China (Video)
  • 2014-09-25 Beijing, China, Digital diplomatics, consistency analysis, and digital forensics
  • 2014-09-17: SARA and Standards of Practice - The ICS-ISAC SARA Conference
  • 2014-09-08 Fearless Security: Technical Security Architecture - Process and Data State (small) (med) (big) (1080p)
  • 2014-09-02 Webster Lab1 (small) (med) (big) (1080p)
  • 2014-09: 2-factor this into your thinking
  • 2014-08-20 Webster Man in the Middle Lab (small) (med) (big) (1080p)
  • 2014-08-11 Fearless Security: Technical Security Architecture - Lifecycles and Context (Small) (Med) (Large) (1080p)
  • 2014-08-05 Webster Cyber Explorers Overview and Prospectus (small) (med) (big) (1080p)
  • 2014-08-05 Time and Space Interval Record Schedule Consistency Analysis for Atomic Items without Interactions in Open Spaces with Stationary Locations
  • 2014-08-03 Webster CyberLab Access (small) (med) (big)
  • 2014-08-B: A touch of the Ebola
  • 2014-08: Aurora and why it doesn't really matter
  • 2014-07-17 Webster CyberLab Architecture (small) (med) (big)
  • 2014-07-14 Fearless Security - Technical Security Architecture - Inventory, Workflows, and Metadata (small) (med) (big)
  • 2014-07-10 K4 - Decision Making For Investors - ProSeeder (small) (med) (big)
  • 2014-07: Encrypt it all!!!
  • 2014-06-16 Fearless Security - Technical Security Architecture Overview (small) (med) (big)
  • 2014-06-11 K4 - Decision Making For Investors (small) (med) (big)
  • 2014-06: Is it secure?
  • 2014-05-12 Fearless Security - Control Architecture (small) (med) (big)
  • 2014-05: May Day - attack mechanisms revisited - were you surprised by the NSA's activities?
  • 2014-04-17 The Webster CyberLab DDoS demonstration (small) (med) (big)
  • 2014-04-14 Governance (small) (med) (big)
  • 2014-04: The RSA: Science Fiction and Humor
  • 2014-03-10 Risk Management - there are some subtleties (small) (med) (big)
  • 2014-03-B: The Snowden virus - disrupting the secret world by exploiting their policies
  • 2014-03: The four tactical situations of cyber conflict
  • 2014-02-10 Risk Management Concepts (small) (med) (big)
  • 2014-02: Countering hardware storage device Trojans
  • 2014-01-29: Decider update now available
  • 2014-01-B: After the Red Team
  • 2014-01-23 Decider Introduction (small) (med) (big)
  • 2014-01-20 Fearless Security - Duty to Protect (small) (med) (big)
  • 2014-01: Why we need better reporters to solve our security problems

    2013

  • 2013-12-16 Fearless Security - Understanding your business (small) (med) (big)
  • 2013-12: Return of the telnet return
  • 2013-11-14 Digital diplomatics and forensics - Going forward on a global basis - Paris, Digital Diplomatics
  • 2013-11-B: Transparency - a different protection objective
  • 2013-11-11 Fearless Security - The Basics (small) (med) (big)
  • 2013-11-11 Fearless Security - The Basics (slides)
  • 2013-11: Demystifying control architecture
  • 2013-10-B: The "big deal" approach to risk management
  • 2013-10: Trust and worthiness
  • 2013-09-11 50 CyberSecurity Myths and What To Do About Them - DARPA CyberSecurity Forum
  • 2013-09: The surveillance society: pros, cons, alternatives, and my view
  • 2013-08: 50 Ways to respond to "Computer Repair..."
  • 2013-08: Three words you should never use in security and risk management
  • 2013-07-B: How to justify (security) metrics and what to measure
  • 2013-07: Mobility and industrial control systems
  • 2013-06: Courses (audio with slides) at all.net
  • 2013-06: 6 more books now available in digital form for free
  • 2013-06: Separation of Duties and RFPs
  • 2013-05-22 Building a new scientific theory and practice of digital forensics - 1st International Summit of Digital Forensics Keynote Address
  • 2013-05-B:The harder problems
  • 2013-05: Write lock the past, access control the present, anticipate the future
  • 2013-04-B: Actionable metrics (Guest Editor)
  • 2013-04: Managing Oops
  • 2013-03-C: Limiting Insider Effects Through Micro-Zoning
  • 2013-03-B: Welcome to the Information Age - a 1-page primer
  • 2013-03: Security Heroes
  • 2013-02-B: Stupid Security Winner for 2012
  • 2013-02-11 The need for science and engineering disciplines to move the information protection field forward - CMU CyLab Invited Speaker
  • Card Trick (YouTube)
  • Coin Trick (YouTube)
  • 2000- Sandia National Laboratories talk on influence strategies (YouTube)
  • 1988 Cincinnati, OH Presentation on Computer Viruses (YouTube)
  • 1988-02-26 IBM Presentation on Computer Viruses (YouTube)
  • 1988-07-20 IBM Presentation on Computer Viruses (YouTube)
  • 2013-02 Thinking more clearly
  • 2013-01 Raising all boats - by improving the average

    2012

  • 2012-12-07 A note on recovery of data from overwritten areas of magnetic media
  • 2012-12 Enterprise Security Architecture Options and Basis
  • 2012-12 Industrial Control System Security Decisions and Architecture Update
  • When someone says they were "screwed" ...
  • 2012-12 Ten Bad Assumptions
  • 2012-11-15 Distributed Denial of Services - San Francisco Electronic Crimes Task Force
  • 2012-11 The Design Basis Threat
  • 2012-10-17 Separation Technology Options - Separation Management Decisions - Industrial Control Systems Joint Working Group
  • 2012-10 Industrial Control System Security Decisions and Architecture
  • 2012-10 Changing the leverage
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - As Published
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - Paper
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - Talk
  • 2012-09 Eventually, you are going to make a mistake
  • 2012-08 As the consequences rise, where is the risk management?
  • 2012-07 Changes at All.Net
  • 2012-07-01B The Facebook debacle and what it says about the other providers
  • 2012-06-05 Open CyberWar - Early Release
  • 2012-06-01 Question everything
  • 2012-05-30 Update on the State of the Science of Digital Evidence Examination
  • 2012-05-25 Forensic Methods for Detecting Insider Turning Behaviors - IEEE WRIT (paper)
  • 2012-05-25 Forensic Methods for Detecting Insider Turning Behaviors - IEEE WRIT (slides)
  • 2012-05-01 The threat reduction approach - Point - Counterpoint
  • 2012-04-01 The insider turned bad
  • 2012-04-01 Digital Forensic Evidence Examination - 4th Edition released
  • 2012-03 The Physics of Digital Information (part 2) (JDFSL)
  • 2012-03-01 Three emerging technologies
  • 2012-02-01 Ethics in security research
  • 2012-01-31: Influence Operations
  • 2012-01-24 Detection of Insider Turning Behaviors with Forensic Methods - DoD CyberCrime
  • 2012-01-01 The security squeeze

    2011

  • 2011-12-01 Can we attribute authorship or human characteristics by automated inspection?
  • 2011-11-03 Saving SMBs from data leakage
  • 2011-11-01 Webification and Authentication Insanity
  • 2011-10-26 Using architectural analysis tools for better protection decisions
  • Dr. Cohen's dissertation - "Computer Viruses " (1985)
  • 2011-10-15 Security Metrics (circa 2005) for the enterprise protection model
  • 2011-09 The Physics of Digital Information (part 1) (JDFSL)
  • 2011-10-01 Consistency Under Deception Implies Integrity - ICSJWG version
  • 2011-10-01 Security vs. Convenience - The Cloud - Mobile Devices - and Synchronization
  • 2011-09-29 Security Reference Architecture Frameworks - WebEx feed
  • 2011-09-29 Security Reference Architecture Frameworks - An Approach for the Energy Sector
  • 2011-09-22 ICS Security Architecture - Where Worlds Collide - SecureWorld
  • 2011-09-11 CIP version of "Progress and evolution of critical infrastructure protection over the last 10 years?"
  • 2011-09-01 Consistency under deception implies integrity
  • 2011-08-01 Progress and evolution of critical infrastructure protection over the last 10 years?
  • 2011-07 How Do We Measure Security?
  • 2011-07 Putting the Science in Digital Forensics (JDFSL)
  • 2011-07-01 The structure of risk and reward
  • 2011-06-28 Securing the Mobile Enterprise - Mobile Computing Summit 2011 - Security Workshop
  • 2011-06-15 Keynote on the Science of Security - Bogota
  • 2011-06-14 Challenges to Digital ForensicEvidence - Short Course - Bogota
  • June 1, 2011 Security Metrics - A Matter of Type
  • May 25, 2011 IEEE Oakland Conference: The need for and progress in science for information protection and digital forensics
  • May 1, 2011 The "R" word
  • April 12, 2011 - Dr. Cohen's Commencement Address at the University of Pretoria
  • April 12, 2011 - Fred Cohen receives an honorary doctorate in Computer Science
  • April 11, 2011 - Dr. Cohen's Guest Lecture at the University of Pretoria
  • April 1, 2011 - Change your passwords how often?
  • March 1, 2011 - Any is not All
  • February 16, 2011 Fred Cohen named "Fellow of (ISC)2" at RSA ceremony
  • February 14, 2011 MiniMetriCon: How to Tell When an Insider is About to Go Bad
  • February 14, 2011 MiniMetriCon: Metrics for Digital Forensics
  • February 1, 2011 - Why are we so concerned about governments getting our data?
  • January 30, 2011 - IFIP Paper: The State of the Science of Digital Evidence Examination
  • January 30, 2011 - IFIP Slides: The State of the Science of Digital Evidence Examination
  • January 22, 2011 - Dr. Cohen on aljazeera discussing cyberwarfare (YouTube)
  • January 15, 2011 - The Bottom Ten List - Information Security Worst Practices - Getting Even Worse
  • January 1, 2011 - Risk aggregation - again and again and again...

    2010

  • December 27, 2010 - All.Net has moved to the cloud!!!
  • December 11, 2010 - Book code cryptography may be nearly dead
  • December 1, 2010 - Changes to the Federal Rules of Evidence - Rule 26
  • November 2, 2010 - The physics of digital information and its application to digital forensics
  • November 1, 2010 - Keynote - Where do enterprise protection and digital forensics converge? AND Where do they diverge?
  • November 1, 2010 - How do we measure "security"?
  • October 1, 2010 - Moving target defenses with and without cover deception
  • September 14, 2010 - NeFX Workshop - Digital Forensic Evidence Examination - The State of the Science - and Where to Go From Here
  • September 1, 2010 - User Platform Selection Revisited
  • August 19, 2010 - Recent and Hoped for Advances in Digital Forensics (NPS guest lecture)
  • August 11, 2010 - Power Grid Protection (Keynote address at Smart Grid Meeting)
  • August 1, 2010 - The DMCA Still Restricts Forensics
  • July 3, 2010 - Updated Decider look and feel
  • July 1, 2010 - Mediated Investigative Electronic Discovery
  • June 1, 2010 - The difference between responsibility and control
  • May 21, 2010 - A Method for Forensic Analysis of Control
  • May 20, 2010 - Forensic Fonts Paper published in SADFE
  • May 20, 2010 - Forensic Fonts Slides presented at SADFE
  • May 1, 2010 - The Virtualization Solution
  • April 1, 2010 - Attacks on information systems - a bedtime story
  • March 1, 2010 - The attacker only has to be right once - another information protection fallacy
  • February 18, 2010 - Another ridiculous cyber warfare game to scare deciders into action
  • February 2, 2010 - Risk Management: There Are No Black Swans
  • February 1, 2010 - Developing the science of information protection
  • January 30, 2010 - The Science of Digital Forensic Evidence Examination (the paper)
  • January 7, 2010 - Attribution of Messages to Sources in Digital Forensics
  • January 4, 2010 - The Science of Digital Forensic Evidence Examination
  • January 1, 2010 - The Bottom Ten List - Information Security Worst Practices

    2009

  • 2009-12b - COFEE and the state of digital forensics (Christmas special!!!)
  • December 3, 2009 - Dr. Cohen named a "Security Hero" by PC Pro
  • 2009-12 - Using the right words
  • November 13, 2009 - Dr. Cohen became a "Digital Forensics Certified Practitioner"
  • November 3, 2009 - Forensic Fonts
  • 2009-11 - Passwords again - why we can't leave well enough alone
  • 2009-10 - Partitioning and virtualization - a strategic approach
  • 2009-09 - Forensics: The limits of my tools, my techniques, and myself
  • 2009-08 - Virtualization and the cloud - Risks and Rewards
  • 2009-07 - The speed of light, it's easy to forge, email is always fast, and more
  • 2009-06 - Security Decisions: Deception - When and where to use it
  • 2009-05b - Culture clash: Cloud computing and digital forensics
  • 2009-05 - Protection testing: What protection testing should we do?
  • 2009-04b - Proposed Cyber-Security Law: What's the problem?
  • 2009-04 - Risk management: There are no black swans

    On April 2, 2009 ABC News identified Dr. Cohen as the most famous hacker of all time. But by grouping him with convicted computer criminals, they did a real disservice to the public. While Dr. Cohen has successfully innovated over the course of his 30+ year career in information protection, has identified and demonstrated many novel methods of attack and defense, and has done successful penetration tests for government and private concerns many times, he has never been arrested for any crime, he has long held US government security clearances, and he is one of the most trusted individuals in the information protection field in the world today.

  • 2009-03 - How spam vigilantes are wrecking email and encourage violations of law
  • 2009-02b - Digital forensics must come of age
  • 2009-02 - A structure for addressing digital forensics
  • January 25, 2009 - Digital Forensic Evidence clickable diagram
  • January 25, 2009 - Run decider from your browser
  • 2009-01 - Change management: How should I handle it?

    2008

  • 2008-12-B - Short Note: Twittering away your privacy
  • 2008-12 - Digital Forensic Evidence: A Wave Starting to Break
  • 2008-11 - Security Decision: Zoning your network
  • 2008-10 - Social tension and separation of duties
  • 2008-09 - Default deny is best practice? Not anymore!
  • 2008-08 - Control architecture: Access controls
  • 2008-07 - Fault modeling, the scientific method, and thinking out of the box
  • 2008-06 - Inventory Revisited - How to reduce security losses by 70%?
  • 2008-05 - Control Requirements for Control Systems... Matching Surety to Risk
  • Decision Support Systems for Security - RSA Conference - (2008-04-11)
  • April 7, 2008 - Metrics for Digital Forensics - MiniMetriCon Slides
  • April 4, 2008 - New Book: "Enterprise Information Protection" AVAILABLE SOON
  • 2008-04 - The Botnets have come - The Botnets have come...
  • March 1, 2008 - New Book: "Challenges to Digital Forensic Evidence" NOW AVAILABLE
  • 2008-03 - Enterprise Information Protection - It's About the Business
  • February 28, 2008 - ISOI 1996 DCA presentation used for...
  • Febuary 28, 2008 - ISOI DCA presentation - DCAs then and now
  • 2008-02 - The Digital Forensics World
  • 2008-02 - Who Should Do Your Digital Forensics?
  • January 28, 2008 - Failing Floppy Disk Recovery - IFIP Paper in Kyoto
  • January 21, 2008 - New Book: "Challenges to Digital Forensic Evidence"
  • 2008-01 - Accidental Security
  • 2008-01 - Unintended Consequences

    2007

  • 2007-12 - Security, justice, and the future
  • 2007-11 - Security by Psychology
  • 2007-10 - Making compliance simple - not
  • 2007-09 - Identity Assurance and Risk Aggregation
  • 2007-08 - The ethical challenge
  • 2007-07 - Security Decision Support
  • 2007-06 - User platform selection
  • 2007-05 - Risk Management
  • 2007-04 - Security Ethics and the Professional Societies
  • 2007-03 - Emerging Risk Management Space
  • 2007-02 - Emerging Market Presence
  • 2007-01 - Market Maturity and Adoption Analysis Summary
  • 2007-00 - Analysis Framework
  • December 31, 2007 - Why you cannot always trust the WayBack Machine for digital forensic evidence

    2007 (Get Smart)

  • 2007-12 - Security End-of-year
  • 2007-11 - Covert Awareness
  • 2007-10 - Measuring Compliance
  • 2007-09 - Identity Assurance
  • 2007-08 - Conflicts of Interest
  • 2007-07 - Making Better Security Decisions
  • 2007-06 - Which User Platform
  • 2007-05 - Managing Risks
  • 2007-04 - Information Content Inventory
  • 2007-03 - Sensible Security - You Wouldn't?
  • 2007-02 - Measuring Security
  • 2007-01 - Closing the Gap
  • August 30, 2007 - Influence updated to new GUI, controls, file formats, etc.
  • August 18, 2007 - Decider libraries updated and controls improved
  • August 10, 2007 - Consulting service offerings updated
  • June 10, 2007 - The Decider - Download Now!!!
  • May 14, 2007 - How to be reasonably secure using mobile off-the-shelf computing
  • May 13, 2007 - Podcast site with a few interesting items
  • April 17, 2007 - New Security Metrics software - Download now!!!
  • March 1, 2007 - Simulator, database, games - again available at all.net
  • January 15, 2007 - Influence Update - improved reporting and analysis

    2006

  • 2006-12 - The Security Schedule
  • 2006-11 - The Holidays Bring the Fraudsters
  • 2006-10 - Physical/Logical Convergence??
  • 2006-09 - How can I Show I am Me in Email?
  • 2006-08 - Service Oriented Architecture Security Elements
  • 2006-07 - The Life Expectancy of Defenses
  • 2006-07 - BONUS ISSUE: The End of the World as we Know it
  • 2006-06 - Why the CISO should work for the CEO - Three Case Studies
  • December 1, 2006 - Security Decisions 2007 - Download now!!!
  • November 26, 2006 - Simulator, database, games moving to java versions - temporarily available at north.all.net
  • November 22, 2006 - Free online courses on Linux, Linux Firewalls, and Linux Networking
  • November 15, 2006 - Read about Strategic Scenario Adventures
  • November 14, 2006 - Influence updated to include simulation and in-depth advice
  • Join our low-volume announcement list at yahoogroups
  • September 24, 2006 - SecurityDecisions - Security decision support tool sampler
  • September 20, 2006 - Gamer - Security awareness and training sampler
  • September 18, 2006 - Maps - software security mapping tool
  • September 10, 2006 - Influence - software tool
  • July 6, 2006 - New SP-800-53 to ISO and Governance Guidebook Map
  • June 15, 2006 - Business modeling for risk management - presentation update
  • March 13, 2006 - New Information Warfare Book Released
  • March 1, 2006 - Information Security Awareness Basics Released

    Managing Network Security

    2003

  • July, 2003 - Why?
  • June, 2003 - Background Checks
  • May, 2003 - Operations Security for the Rest of Us
  • April, 2003 - Documenting Security
  • March, 2003 - Novelty Detection
  • February, 2003 - Switching Your Infrastructure
  • January, 2003 - Security Programming

    2002

  • December, 2002 - Back Up a Minute
  • November, 2002 - Breaking In - to test security?
  • October, 2002 - Reworking Your Firewalls
  • Sepember, 2002 - Deception Rising
  • August, 2002 - You're in a Bind!
  • July, 2002 - Is Open Source More or Less Secure?
  • BOUNS ARTICLE - July, 2002 - Smashed Again by Stupid Security
  • June, 2002 - Academia's Vital Role in Information Protection
  • May, 2002 - Terrorism and Cyberspace
  • April, 2002 - Misimpressions We Need to Extinguish
  • March, 2002 - Embedded Security
  • February, 2002 - How to Get Around Your ISP
  • January, 2002 - The End of the Internet as we Know it

    2001

  • December, 2001 - The World Doesn't Want to be Fixed
  • November, 2001 - The Deception Defense
  • October, 2001 - The DMCA
  • September, 2001 Special Issue - The Balancing Act
  • September, 2001 - The Best Security Book Ever Written
  • August, 2001 - Bootable CDs
  • July, 2001 - A Matter of Power
  • June, 2001 - The Wireless Revolution
  • May, 2001 - The New Cyber Gang - A Real Threat Profile
  • April, 2001 - To Prosecute or Not to Prosecute
  • March, 2001 - Corporate Security Intelligence
  • February, 2001 - Testing Your Security by Breaking In - NOT
  • January, 2001 - Marketing Hyperbole at its Finest

    2000

  • December, 2000 - The Millennium Article - Yet Again! - The Bots are Coming!!! The Bots are Coming!!!
  • November, 2000 - Why Everything Keeps Failing
  • October, 2000 - The Threat
  • September, 2000 - Chipping
  • August, 2000 - Understanding Viruses Bio-logically
  • July, 2000 - What does it do behind your back?
  • June, 2000 - Why Can't We Do DNS Right?
  • May, 2000 - Eliminating IP Address Forgery - 5 Years Old and Going Strong
  • April, 2000 - Countering DCAs
  • March, 2000 - Collaborative Defense
  • February, 2000 - Worker Monitoring
  • January, 2000 - Digital Forensics

    1999

  • December, 1999 - Why it was done that way
  • BONUS ARTICLE - November, 1999 - So Much Evidence... So Little Time
  • November, 1999 - The Limits of Cryptography
  • October, 1999 - Security Education in the Information Age
  • September, 1999 - In Your Face Information Warfare
  • August, 1999 - What's Happening Out There
  • July, 1999 - Attack and Defense Strategies
  • June, 1999 - The Limits of Awareness
  • May, 1999 - Watching the World
  • April, 1999 - Simulating Network Security
  • Bonus Article: Incident at All.Net - 1999 Edition
  • March, 1999 - The Millisecond Fantasy
  • February, 1999 - Returning Fire
  • January, 1999 - Anatomy of a Successful Sophisticated Attack

    1998

  • December, 1998 - Balancing Risk
  • November, 1998 - The Real Y2K Issue?
  • October, 1998 - Time-Based Security?
  • September, 1998 - What Should I Report to Whom?
  • August, 1998 - Third Anniversary Article - The Seedy Side of Security
  • July, 1998 - How Does a Typical IT Audit Work?
  • June, 1998 - Technical Protection for the Joint Venture
  • May, 1998 - Risk Staging
  • April, 1998 - The Unpredictability Defense
  • March, 1998 - Red Teaming
  • February, 1998 - The Management of Fear
  • January, 1998 - Y2K – Alternative Solutions

    1997

  • December, 1997 - 50 Ways to Defeat Your Intrusion Detection System
  • November, 1997 - To Outsource or Not to Outsource - That is the Question.
  • October, 1997 - The Network Security Game
  • September, 1997 - Change Your Password – Do Si Do
  • August, 1997 - Penetration Testing?
  • July, 1997 -
  • June, 1997 - Relativistic Risk Analysis
  • May, 1997 - Prevent, Detect, and React
  • April, 1997 - Would You Like to Play a Game?
  • March, 1997 - Risk Management or Risk Analysis?
  • February, 1997 - Network Security as a Control Issue
  • January, 1997 - Integrity First - Usually

    1996

  • December, 1996 - Where Should We Concentrate Protection?
  • November, 1996 - How Good Do You Have to Be?
  • October, 1996 - Why Bother?


    Internet Holes

  • September, 1996 - The SYN Flood
  • August, 1996 - Internet Incident Response
  • July, 1996 - Internet Lightning Rods
  • June, 1996 - UDP Viruses
  • May, 1996 - Eliminating IP Address Forgery
  • April, 1996 - Spam
  • March, 1996 - Bonus: Incident at All.Net
  • March, 1996 - The Human Element
  • January, 1996 - Automated Attack and Defense

    1995

  • December, 1995 - 50 Ways to Attack Your World Wide Web Systems
  • November, 1995 - Network News Transfer Protocol
  • October, 1995 - The Sendmail Maelstrom
  • September, 1995 - Packet Fragmentation Attacks
  • August, 1995 - ICMP
    On-Line Strategic Gaming:
    Web-based Strategic Games
    Web-based on-line strategic games are now supported. A default game (One Upsmanship) provides a simple game where you try to think up a better short joke than your competitors. More complex games are available for those wishing to purchase strategic games.

    New Articles:
    Managing Network Security
    December, 1998 - Balancing Risk
    Technical Baselines
    Classification Scheme for Information System Threats, Attacks, and Defenses;A Cause and Effect Model; and Some Analysis Based on That Model.
    Recent Research Results
    A Note on the Role of Deception in Information Protection

    New Features:
    The InfoSec Bookstore
    A listing of hundreds of books on information security with select book reviews and push-button ordering from Amazon.com.
    The Security Educators Mailing List
    Our mission is to provide an open forum for educators in information security to discuss issues related to courses, curriculum, books, and other education-related items.
    DTK Version 0.6
    DTK's newest version includes features like time/use based authentication, remote access to intrusion data, and network infocon support.

    To contact us, send email to fred at all.net