information security

Not all exploits are “grey in the dark”

2021-06-09 by grugq 1 Comment

Capabilities are not interchangeable, nor are they all equal. This seems obvious, and yet not everyone agrees (apparently). In this article about the six 0day exploits patched on June 7 2021, we have the following line: Kevin Breen, director of cyber threat research at Immersive Labs, said elevation of privilege flaws are just as valuable […]

SolarWind, enough with the password already!

2021-02-28 by grugq 5 Comments

This is a much delayed discussion on the complexity and nuance of the SolarWind hack. The simplistic and wrong messaging from some quarters of the infosec community has resulted in an atrocious misunderstanding of the hack in the public sphere. This has extended into the policy world as these bad takes are treated as cogent […]

Cyber Events

2020-12-20 by grugq Leave a Comment

There is a constant need to label cyber operations as “cyber ${battle from history}.” The most recent one, indeed the one that inspired me to write about this phenomenon, is the spectacularly insane “cyber Cuban missile crisis.” The exact quote is from some fraudulent “cyber security experts” apparently: Experts are telling me that the solar […]