Category: Ethics

Waging War in the Digital Age

What are the ethical ramifications of waging war via computer? Does war even have to be declared? Where are the boundaries in the virtual world? What happens when machines begin to think for themselves? These are the questions I explore

I Support George Hotz

For the past couple of weeks, I have been reading with great interest the coverage of Sony deciding to bring suit against George Hotz. George, or GeoHot, as he is known, and others like him, hacked the PS3 after Sony

Where do You Draw the Line?

As a young infosec practitioner, I quickly learned that morals and ethics had to be intertwined with everything I did. Someone with the knowledge of how to defend systems usually has a pretty good grasp on how to attack them.

How Free Do You Want to Be?

When I bought a laptop about three years ago, I booted it up, read the Windows Vista EULA and decided it wasn’t for me. A quick reboot and install of Ubuntu took care of my concerns and has served me

Tagged with:

Beware of

Awhile back, I blogged about how not to handle notification of a possible breach. In that case, I began to receive spam to a very unique address only used at one place. When I attempted to report the potential breach,

Tagged with:

The Ethics of Publicly Disclosing Breaches

In the security research community, it is commonly held that the ethical thing to do when discovering a vulnerability is to contact the software developer. Only after a lack of response, after the vulnerability has been fixed, or after the

Tagged with:

2WoO Day 3: Abusing OSSEC–the Countermeasures

Yesterday, I blogged about how we could beat OSSEC up, or, to put it more accurately, the people and protocols behind it. Today, we’re going to discuss how we can fight back against the bullies. For this post to make

Tagged with:

2WoO Day 2: Abusing OSSEC

No discussion about the effectiveness of a security monitoring tool would be complete without exploring ways to defeat that tool. While this may seem self-defeating, it is my belief that an honest perspective about strengths and weaknesses of the tools

Tagged with:

An Analysis of the Analysis of the Attack

Over at the Apache blog, you’ll find a nice and detailed incident report on the recent, successful attack on I thought it might be worth a few minutes to share my thoughts on their write-up. First, I would like

Tagged with: , ,

The OSSEC Effect

Many years ago, after I had been using OSSEC in an enterprise setting for a few months, I noticed an interesting phenomenon. Administrators, many of whom I had forwarded “was this you?” alerts to, were now coming to me to

Tagged with: