The latest blog over on Feel The Boot is quite personal. I talk about what an important role luck played in our success at Anonymizer.
I tell a few of my favorite stories from that time to illustrate how we took control of our fate and exploited the hidden opportunities around us.
I am excited to announce that the Feel The Boot podcast is now live with audio version of all of our YouTube videos. You can get all the startup tips on the go with any of the major podcasting services.
Whether you are confused about stock options you have received or are trying to explain the concept to an employee, this article will help.
I have seen few topics generate more confusion than stock options. People with options in fast growing companies like to brag about them but often don’t actually understand them. Employees don’t understand what they are getting, so the option grant is less impactful. Here are the basics of what workers need to know about their stock options.
I have not been posting very much on Obscura.com lately because I have been working furiously on two other websites.
I am blogging about startups, entrepreneurship, and angel investing at Feel The Boot. This site allows me to help far more startups than I could possible mentor personally.
At Ntrepid I blog about managed attribution and online operations. Managed attribution is the natural extension and refinement of the anonymity work started by Anonymizer.
Read More
Open Source Intelligence or OSINT is a critical but frequently misunderstood method for gathering information about the world and potentially hostile organizations.
In this video and this blog I go into detail on what OSINT is and some of the complexities of doing it in practice.
While on a quick trip to Washington DC recently, I had a chance to sit down with Greg Otto and Jen O’Daniel of the Securiosity Podcast to talk about a wide range of topics. We discussed how I got started in privacy, why you don’t need to worry about nation state super hackers, being anonymous, OSINT, and wine. What a fun conversation!
My interview starts at about the 24 minute mark.
Airlines are leaking passport data. DHS is chasing China off the internet. And you can finally FaceTime again. In our interview, we talk to Lance Cottrell from Ntrepid -- hitting everything from astrophysics to wine. Oh, right, and the evolution of privacy on the internet. That's probably why you're listening.
Back in the 1990’s, I was involved in a discussion about how an individual could deal with Van Eck monitoring, where an attacker captures the contents of your screen from outside the building. My take was that if your opponent has a surveillance team in a van full of special equipment parked right outside your house, your only realistic option is to run and never look back, in hopes of starting a new life elsewhere. Perhaps this scenario is a bit dramatic, but it illustrates an important point. We spend a lot of time thinking about and trying to mitigate threats that are so extreme you are basically already doomed if they are ever used against you. You can’t mitigate against Mission Impossible-style attacks, because whatever you try to prevent, they always have another way of getting at you.
Earlier I wrote about why a good security advisory board can be a powerful addition to any business. In this article I dive in to exactly how to make sure you get that value from your advisory board. My taking the right actions, you can ensure a strong ROI for your time and money while significantly boosting the security of your organization.
I had a chance to talk with Hiawatha Bray of the Boston Globe about GrinchBots which are a form of scalping that drives the cost of many limited edition items into the stratosphere.
Read the full article HERE.
In this video from Fifth Domain I talk about the problems of conducting online undercover operations. In this video I talk about issues with profile photos, writing style analysis, and patterns of behavior.
When talking about information security, nation-state backed hackers are set up as the ultimate threat. The countries have brilliant hackers, unlimited resources, endless exploits, and they are all after you! Fortunately for us, there are also many more nation state hackers who are not that skilled, on a tight budget, and forced to use off-the-shelf tools. Just because your organization might be of interest to foreign services does not mean that you should just give up.
Published on cyber scoop.com
In 2016, my CEO asked me to work with an outside advisor, Gary McGraw, to create a Security Advisory Board (SAB) for our company. Right away, I realized that creating a strong advisory board to effectively support the company would take a lot of work. We spent significant time thinking about how this board could add value to the business, and how to ensure that the board’s ideas and solutions were implemented. First, let me note that credit for many of the ideas in these articles should go to Gary. He was instrumental in the creation and continued success of our SAB. In the first article of this two-parter, I will explore the kinds of value a SAB can bring to a company, and why its creation is worth all the effort. In the next article, I will talk about the nuts and bolts of executing a successful SAB.
Back at Black Hat I talked with the MISTI training institute about the many problems with passwords and some thoughts on how to do better.
I founded Anonymizer Inc. in 1995, almost 23 years ago. It was born of my passion and commitment to privacy, security, and anonymity. I deeply appreciate the support, encouragement, and loyalty from the millions of people who have used the service over the years.
I am profoundly proud of what this company has accomplished. We were the first commercial internet privacy service in the world. We created the Kosovo Privacy Project, provided censorship circumvention services to hundreds of thousands of people in China and Iran, and worked with numerous human rights groups to provide protected communications and safe access to information. We also set up a secure anonymous terrorist tip site in the first days following 9/11.
Read More
Reading legal documents is not something I usually enjoy. The Muller indictment of the Russian DNC hackers was different - the amount of detail revealed in the document stunned me, and suggests that the US had very deep visibility into the hackers’ operations. In this article I am not going to look at the details of the hacking or phishing attacks used. Rather, I am interested in how the hackers attempted to misattribute their activities and how their actions and errors undercut that effort.
Read the whole article at Security Week to see my analysis of all they ways the hackers failed in trying to remain hidden.
There has been endless discussion among security professionals about the ethics, propriety, legality, and effectiveness of corporations “hacking back” against attackers. On the other hand, there is no hesitation on the part of attackers to hack back against threat intelligence researchers who are investigating them. Identification and retaliation are a constant risk for anyone probing the darkest back alleys of the internet.
Read the whole article at Security Week to see why and how watching the wrong people can lead to counter-attack.
Sites on the Dark Web Have Several Motivations to Unmask Their Visitors
So, there you are, finally on the private sections of a dark market. You have established reputation and credibility with your targets. Suddenly, you get exposed as a “rat” and banned for life. They grab your escrowed cryptocurrency, and you are back at square one with a foe who is even more alert than before... How did this happen?
Read the full article at Security Week for my thoughts on staying anonymous while visiting the dark web.
I was recently asked, as an entrepreneur and angel investor, to provide the five most important skills and concepts for for founders in startups.
Any list like this will necessarily be incomplete but I found it an interesting question to think through.
Going with my first instincts, here is what I came up with.
Read More
Staying anonymous while engaging online is hard, particularly if you need to do so over an extended period of time. While there are thousands of things that can trip you up there are six mistakes that cause most of the problems. Read the article to learn what they are.
The Top 6 Mistakes That Will Blow Your Online Cover - SecurityWeek
The tragedy of the commons makes it hard to convince IoT companies to add real security to stop this kind of attack. My initial thoughts on the event were captured in this AP article.
