In 2000, McGraw wrote the first book on software security, paving the way for an entire industry. With BIML, he’s shifted his attention to a new frontier: machine-learning algorithms.
Earlier this week, Marcus Hutchins, the man who helped stop the WannaCry global ransomware attack, admitted in court to developing the Kronos banking malware as... Read More...
Are the nuclear-power industry’s collective responses to the 1986 disaster enough to stave off clever nation-state cyberattacks? The Parallax visits the toxic site and takes a closer look.
You might think of cybersecurity professionals as tech’s collective “watchers on the wall”—the guardians who let you know when doom is coming. With that perspec... Read More...
As veterans with cybersecurity experience struggle to find civilian jobs, employers are struggling to fill cybersecurity jobs. There’s a big opportunity here. Here’s what needs to change.
In a column for The Parallax, Gary McGraw outlines why his band wrote a song that passionately encourages every eligible voter to fill out and submit a ballot.
A device’s unwitting participation in a malicious robot network, or botnet, is practically detectable only through a forensic examination, experts tell us. But we can take steps to protect our devices.
Consumers have long adopted military terms to describe their many civilian challenges. They can also use military tactics to tackle those challenges. Here is a sampling of each.
The technically detailed indictment of 12 Russian GRU officers implies a struggle to find appropriate and effective cybersecurity deterrents to geopolitical hacking, experts say.
It’s not just Be’ersheba’s interdisciplinary approach. Israel’s unique politics, geography, and economics have played major roles in its transformation into a cybersecurity power player.
Homogenous viewpoints can lead security teams to jump to conclusions or miss key details. Diversity is important. Leading into her keynote at Day of S(h)ecurity, Vijaya Kaza says changes needs to start at the grade level.
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
To address cyberrisks, former Pennsylvania governor and DHS secretary Tom Ridge says the relationship between the private and public sectors needs to move from punitive to collaborative.
Critics push for the Trump administration to deliver on its promise of a national cybersecurity policy—one that has more legal weight than words like “should” and “may.”
The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”
The gig economy’s investment in cybersecurity education and protection is hard to quantify, but it’s easy to see that it’s important, researchers explain at the Enigma Conference.
In order to reduce damage, security teams need to change their approach to vulnerability assessment, Bryson Bort writes. This starts with recognizing that nobody is safe from a cybersecurity threat.
Georgia Senate Bill 315 includes vague language reflective of the CFAA antihacking law that experts and advocates fear would be used to unfairly punish security researchers.
“There’s just not enough cybertalent, not enough people with the level of expertise needed,” one expert says. Filling critical roles will mean recruiting and training outside the box.
While a passed House bill doesn’t directly address autonomous-vehicle hacking dangers, some experts maintain that broad regulatory language is better for rapidly developing technology.
While riding my motorcycle to DefCon and Black Hat, I visualized the security industry’s high-water mark—that place, Hunter S. Thompson wrote, “where the wave finally broke and rolled back.”
Good security relies on trust, which doesn’t scale well. So writes Internet pioneer Paul Vixie, as he reflects on the indictment of the man who stopped WannaCry on charges related to Kronos.
Our vital systems and seemingly frivolous daily communications are in need of technological scrutiny. And yet we often fail to see ourselves as targets and take action.
The 3-section order, which builds largely on initiatives the Obama administration set in motion, outlines federal guidance to “create more cohesion and consolidation between agencies.”
Revision proposals for the international agreement to control weapons exports aim to address language that could have severe consequences for security researchers.
As the new president establishes his cabinet, and issues (and holds back on) security-focused executive orders, questions abound about his cybersecurity intentions—and how he might follow through on them.
After a presidential election marked by hacks and leaks and claims of “bleak” urban streets, those of the nation’s capital were filled—quite literally—with anger and worry. And hope.
Oren Falkowitz, author of Pineapple Sparkle, says technology needs to provide for online consumers what seat belts provide for car passengers. And consumers need to appreciate it.
Will Trump be able to fill key positions? Will he heed warnings about Russia? Will he look to force tech companies to create encryption backdoors? Here’s what several experts tell us.
The former DHS secretary tells The Parallax that as people raise their consciousness about security, nations urgently need to form agreements about cyberwarfare limits.
From a plea for an “NIH for cyber” to a plan for “software supply chain transparency,” Black Hat and DefCon insiders say it’s time for the U.S. government to ensure software safety.
To any software engineer with an imagination, the resulting possibilities are horrifying. A favorable precedent would let the government turn us into unwilling surveillance assistants.
Tech issues may be too complex—and too lacking of simple populist messages—to argue about on stage. But the candidates have their opinions. Here’s an overview.
Even in assured defeat, competing in chess against the longstanding top player in the world is a privilege. It is also an experience in learning the value of adaptability.
Some lawmakers want social-media providers, ISPs, and other businesses to report suspected terrorist activity, but critics say additional requirements may be counterproductive.
A new book by Council on Foreign Relations member Micah Zenko explains why organizations still struggle with security vulnerabilities—and how “red teaming” promises a fresh start.
In the wake of the terrorist attacks in France, U.S. government agencies, including the CIA, are reiterating their arguments for security standard backdoors into communications data.
The political establishment and the tech industry aren’t clashing for the first or last time over the government’s proper role in safeguarding privacy and cybersecurity.
Opponents of the cyberthreat information-sharing bill, designed to protect companies that share cyberattack data with federal agencies from customer lawsuits, face tough odds.
Some security and policy experts see the agreement as a potential model for new treaties—or, at the very least, a sign of progress. Others see a whole lot of problems.
A proposed law to make it easier for government agencies to share information also would allow businesses to deliver personal data to the NSA or FBI, critics contend.
