2002 in review
Looking back at 2002. The year of structural responses to 2001's threats. A walk through what changed.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged structural — 14 results.
Slapper aftermath: the P2P precedent
A week into Slapper. The peer-to-peer architecture has produced a more durable compromised population than centralised worms produce. The defensive implications are substantial.
Reading XP development docs
Microsoft has published substantial development documentation around Windows XP's security architecture. Reading it carefully gives early signal about whether Trustworthy Computing is producing real change.
Microsoft's Windows pause begins
Reports are emerging of Microsoft pausing Windows development for security review. The pause is reportedly substantial; the substance is becoming clearer.
The Trustworthy Computing memo arrives
Bill Gates published the Trustworthy Computing memo yesterday. The substance is genuine; the implications are large. A first read.
2001 in review
Looking back at 2001. The year is the most operationally significant since I started this notebook. The structural shifts are large enough to deserve their own retrospective.
Trustworthy Computing rumours
Rumours of a substantial Microsoft security commitment have been firming up. The shape of what is coming is becoming clearer; my prior is shifting toward 'this might be real'.
Reading the Microsoft response carefully
Microsoft has been making substantial structural commitments in the wake of the year's IIS-and-Outlook incidents. A walk through what they have actually announced and what to take seriously.
Nimda aftermath: structural lessons
A week into Nimda. The structural lessons are clearer now than they were on day one. A walk through what defenders should take from this incident.
A small reflection on diversity arguments
After the second Linux worm in two months, the platform-diversity argument I have been making needs honest re-examination. Linux is no longer a niche target; my argument's foundation is weakening.
2000 in review: the year of distributed attacks
Looking back at 2000. The year is harder to summarise than 1999 was. Distributed attacks dominated; structural shifts continued; the threat landscape moved faster than I had expected.
IIS Unicode aftermath: the broader pattern
A week on from MS00-078. The exploitation pattern played out as expected. Time to step back and think about what this category of vulnerability tells us, and what I expect over the next year.
ILOVEYOU aftermath: the structural fixes Microsoft will not ship
Five days on from ILOVEYOU. The cleanup is mostly done. The structural fixes that would prevent the next variant are not coming. A walk through what the platform actually needs and why the platform is unlikely to deliver it.
Mafiaboy aftermath — the structural lessons
A week on from the Yahoo/eBay/Amazon/CNN attacks. The investigative picture is forming and the technical details are clearer. The structural lessons are large enough to deserve their own post.