Contributor David Holmes

Snooping on Tor from Your Load Balancer

Blog / Jul 3, 2018

By david holmes

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

Spring 2018 Password Attacks

/ Jun 20, 2018

By david holmes

David Holmes writes for Security Week, discussing how 90-day password expirations could be making it easier for attackers to brute-force your network.

The 2017 TLS Telemetry Report

Report / Apr 23, 2018

By david holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

5 Fun Facts About the 2018 Singapore Cybersecurity Statute

/ Apr 19, 2018

By david holmes

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

/ Apr 3, 2018

By david holmes

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

IoT: Moving to Security by Design

/ Mar 27, 2018

By david holmes

With device developers rushing to build IoT as fast as they can, security can suffer.

Threat Modeling the Internet of Things: Modeling Reaper

/ Mar 9, 2018

By david holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

The Email that Could Steal Your Life Savings and Leave You Homeless

Blog / Feb 8, 2018

By debbie walkowski david holmes

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

Blog / Jan 4, 2018 (MODIFIED: Jan 18, 2018)

By david holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

Bleichenbacher Rears Its Head Again with the ROBOT Attack

Blog / Dec 27, 2017 (MODIFIED: Jan 15, 2018)

By david holmes

Bleichenbacher attacks will likely continue to pop up until TLS 1.3 is fully adopted, which could take years.

The Good, the Bad and the Ugly: Bitcoin and Cryptocurrencies

/ Dec 1, 2017

By david holmes

F5 Labs' David Holmes writes for LinkedIn, discussing whether cryptocurrencies are a scam or a revolution.

Reaper: The Professional Bot Herder’s Thingbot

Blog / Oct 26, 2017 (MODIFIED: Dec 18, 2017)

By david holmes justin shattuck

While Reaper might be considered an “object lesson” today, it should serve as a blistering warning that IoT security needs to be fixed now.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

Blog / Oct 3, 2017 (MODIFIED: Nov 14, 2017)

By david holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Five Reasons the CISO is a Cryptocurrency Skeptic—Starting With Bitcoin

Blog / Sep 13, 2017 (MODIFIED: Oct 24, 2017)

By david holmes

There’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals.

RSA in a “Pre-Post-Quantum” Computing World

Blog / Aug 1, 2017 (MODIFIED: Sep 7, 2017)

By david holmes

Quantum computing is coming. What should your strategy be today to deal with what’s on the horizon?

How Quantum Computing Will Change Browser Encryption

Report / Jul 13, 2017 (MODIFIED: Nov 2, 2017)

By david holmes

Safeguarding TLS against attack in the quantum computing age will require changes to today’s TLS key exchange algorithms.

Strike Back at Silent Bob: Scan and Block Ports Used by Intel AMT

Blog / May 16, 2017 (MODIFIED: Jul 24, 2017)

By david holmes

Is the Intel AMT vulnerability as bad as we all first thought? Either way, here are some suggestions for protecting yourself.

Profile of a Hacker: The Real Sabu, Part 2 of 2

Blog / May 2, 2017 (MODIFIED: Dec 29, 2017)

By david holmes

New information sheds light on Sabu’s activities following the revelation of his identity.

Profile of a Hacker: The Real Sabu, Part 1 of 2

Blog / Apr 18, 2017 (MODIFIED: Sep 5, 2017)

By david holmes

Notorious hacker of Anonymous and LulzSec fame is challenged by rival hacker, The Jester, to reveal his identity.

The 2016 TLS Telemetry Report

Report / Jan 19, 2017 (MODIFIED: Jul 6, 2017)

By david holmes

In just four short years, encryption estimates have gone from almost non-existent (in the low single digits before 2013) to just over 50% by the end of 2016. How much of a victory is this?

DARPA Proves Automated Systems Can Detect, Patch Software Flaws at Machine Speed

Article / Oct 23, 2016 (MODIFIED: Jul 6, 2017)

By debbie walkowski john hall david holmes

DARPA claims it takes most organizations an average of 312 days to discover software vulnerabilities. That’s an eternity for hackers to wreak havoc in your network.

We Expected SSL Everywhere, and It’s Well on the Way

Article / Aug 2, 2016 (MODIFIED: Jul 6, 2017)

By david holmes

Malicious actors and eavesdroppers are forcing Internet communication into a single cryptographic protocol: SSL.

Follow us on social media.