Who is the biggest spammer?

Who is truly the biggest spammer: the bad actors or those who don’t appear to be bad actors?

It is certainly nothing new that those labeling their spamming activity as ‘email marketing’ have no idea what real email marketing looks like, but that is not the point of this short article. I have been closely observing that so-called ‘security companies’ are generating most of the junk email traffic. It is ironic that companies… Continue reading Who is the biggest spammer?

I am not the technical person but I must sell you something I have no clue about!

well, I actually changed the second part sarcastically, this is the original version: I am not the technical person but I really must sell you something today, can I connect you to another person in my company, an engineer perhaps? you know, we have a very great product but I am just lacking understanding what… Continue reading I am not the technical person but I must sell you something I have no clue about!

Security solution which acts like traditional painkiller

most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon… Continue reading Security solution which acts like traditional painkiller

utilizing dark web as defense

I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security… Continue reading utilizing dark web as defense

endpoint protection won’t work!

any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection… Continue reading endpoint protection won’t work!

cybersecurity and culture

different cultures have different perception and reaction to cybersecurity matters because cyberspace is as diverse as real life and it consists of and affected by all cultures involved. cultures are not significantly different in terms of understanding and identification of behaviors of their members. for example being lazy may have slightly same definition in multiple… Continue reading cybersecurity and culture

you won’t get there without knowing the truth!

one of the main reasons Security community has hard time securing “stuff”, is lack of understanding of Hackers community. without knowing motives, the motivations behind breaking into computer systems, and deep knowledge of hacking and cracking techniques, securing a system is pointless. results are telling us every single day that we are not doing the… Continue reading you won’t get there without knowing the truth!

zero-trust: reselling old under a different name

the market has been acting as a reseller since late 90’s. we simply resell an old solution under a different shiny name again and again. one of the best examples is zero trust. with all noises around this concept, poor desperate companies waiting to resolve their security issues, or perhaps thirsty budgets waiting to find… Continue reading zero-trust: reselling old under a different name

Virtual NATO

It is very late for international community to act on fighting against Ransomware and Cyber-crime in general but still anything better than nothing. EU and US coordination on fighting ransomware reminds me of NATO foundation back in 1949. perhaps countries could have considered cyber crime a “global issue” sooner and act faster against organized international… Continue reading Virtual NATO