The Old New at All.Net
  • 2011-12-01 Can we attribute authorship or human characteristics by automated inspection?
  • 2011-11-03 Saving SMBs from data leakage
  • 2011-11-01 Webification and Authentication Insanity
  • 2011-10-26 Using architectural analysis tools for better protection decisions
  • Dr. Cohen's dissertation - "Computer Viruses " (1985)
  • 2011-10-15 Security Metrics (circa 2005) for the enterprise protection model
  • 2011-09 The Physics of Digital Information (part 1) (JDFSL)
  • 2011-10-01 Consistency Under Deception Implies Integrity - ICSJWG version
  • 2011-10-01 Security vs. Convenience - The Cloud - Mobile Devices - and Synchronization
  • 2011-09-29 Security Reference Architecture Frameworks - WebEx feed
  • 2011-09-29 Security Reference Architecture Frameworks - An Approach for the Energy Sector
  • 2011-09-22 ICS Security Architecture - Where Worlds Collide - SecureWorld
  • 2011-09-11 CIP version of "Progress and evolution of critical infrastructure protection over the last 10 years?"
  • 2011-09-01 Consistency under deception implies integrity
  • 2011-08-01 Progress and evolution of critical infrastructure protection over the last 10 years?
  • 2011-07 How Do We Measure Security?
  • 2011-07 Putting the Science in Digital Forensics (JDFSL)
  • 2011-07-01 The structure of risk and reward
  • 2011-06-28 Securing the Mobile Enterprise - Mobile Computing Summit 2011 - Security Workshop
  • 2011-06-15 Keynote on the Science of Security - Bogota
  • 2011-06-14 Challenges to Digital ForensicEvidence - Short Course - Bogota
  • June 1, 2011 Security Metrics - A Matter of Type
  • May 25, 2011 IEEE Oakland Conference: The need for and progress in science for information protection and digital forensics
  • May 1, 2011 The "R" word
  • April 12, 2011 - Dr. Cohen's Commencement Address at the University of Pretoria
  • April 12, 2011 - Fred Cohen receives an honorary doctorate in Computer Science
  • April 11, 2011 - Dr. Cohen's Guest Lecture at the University of Pretoria
  • April 1, 2011 - Change your passwords how often?
  • March 1, 2011 - Any is not All
  • February 16, 2011 Fred Cohen named "Fellow of (ISC)2" at RSA ceremony
  • February 14, 2011 MiniMetriCon: How to Tell When an Insider is About to Go Bad
  • February 14, 2011 MiniMetriCon: Metrics for Digital Forensics
  • February 1, 2011 - Why are we so concerned about governments getting our data?
  • January 30, 2011 - IFIP Paper: The State of the Science of Digital Evidence Examination
  • January 30, 2011 - IFIP Slides: The State of the Science of Digital Evidence Examination
  • January 22, 2011 - Dr. Cohen on aljazeera discussing cyberwarfare (YouTube)
  • January 15, 2011 - The Bottom Ten List - Information Security Worst Practices - Getting Even Worse
  • January 1, 2011 - Risk aggregation - again and again and again...
  • December 27, 2010 - All.Net has moved to the cloud!!!
  • December 11, 2010 - Book code cryptography may be nearly dead
  • December 1, 2010 - Changes to the Federal Rules of Evidence - Rule 26
  • November 2, 2010 - The physics of digital information and its application to digital forensics
  • November 1, 2010 - Keynote - Where do enterprise protection and digital forensics converge? AND Where do they diverge?
  • November 1, 2010 - How do we measure "security"?
  • October 1, 2010 - Moving target defenses with and without cover deception
  • September 14, 2010 - NeFX Workshop - Digital Forensic Evidence Examination - The State of the Science - and Where to Go From Here
  • September 1, 2010 - User Platform Selection Revisited
  • August 19, 2010 - Recent and Hoped for Advances in Digital Forensics (NPS guest lecture)
  • August 11, 2010 - Power Grid Protection (Keynote address at Smart Grid Meeting)
  • August 1, 2010 - The DMCA Still Restricts Forensics
  • July 3, 2010 - Updated Decider look and feel
  • July 1, 2010 - Mediated Investigative Electronic Discovery
  • June 1, 2010 - The difference between responsibility and control
  • May 21, 2010 - A Method for Forensic Analysis of Control
  • May 20, 2010 - Forensic Fonts Paper published in SADFE
  • May 20, 2010 - Forensic Fonts Slides presented at SADFE
  • May 1, 2010 - The Virtualization Solution
  • April 1, 2010 - Attacks on information systems - a bedtime story
  • March 1, 2010 - The attacker only has to be right once - another information protection fallacy
  • February 18, 2010 - Another ridiculous cyber warfare game to scare deciders into action
  • February 2, 2010 - Risk Management: There Are No Black Swans
  • February 1, 2010 - Developing the science of information protection
  • January 30, 2010 - The Science of Digital Forensic Evidence Examination (the paper)
  • January 7, 2010 - Attribution of Messages to Sources in Digital Forensics
  • January 4, 2010 - The Science of Digital Forensic Evidence Examination
  • January 1, 2010 - The Bottom Ten List - Information Security Worst Practices
  • December 22, 2009 - COFEE and the state of digital forensics (Christmas special!!!)
  • December 3, 2009 - Dr. Cohen named a "Security Hero" by PC Pro
  • December 1, 2009 - Using the right words
  • November 13, 2009 - Dr. Cohen became a "Digital Forensics Certified Practitioner"
  • November 3, 2009 - Forensic Fonts
  • November 1, 2009 - Passwords again - why we can't leave well enough alone
  • October 1, 2009 - Partitioning and virtualization - a strategic approach
  • September 1, 2009 - Forensics: The limits of my tools, my techniques, and myself
  • August 1, 2009 - Virtualization and the cloud - Risks and Rewards
  • July 1, 2009 - The speed of light, it's easy to forge, email is always fast, and more
  • June 1, 2009 - Security Decisions: Deception - When and where to use it
  • May 1, 2009 - Culture clash: Cloud computing and digital forensics
  • May 1, 2009 - Protection testing: What protection testing should we do?
  • April 8, 2009 - Proposed Cyber-Security Law: What's the problem?

    On April 2, 2009 ABC News identified Dr. Cohen as the most famous hacker of all time. But by grouping him with convicted computer criminals, they did a real disservice to the public. While Dr. Cohen has successfully innovated over the course of his 30+ year career in information protection, has identified and demonstrated many novel methods of attack and defense, and has done successful penetration tests for government and private concerns many times, he has never been arrested for any crime, he has long held US government security clearances, and he is one of the most trusted individuals in the information protection field in the world today.

  • April 1, 2009 - Risk management: There are no black swans
  • March 1, 2009 - How spam vigilantes are wrecking email and encourage violations of law
  • February 14, 2009 - Digital forensics must come of age
  • February 1, 2009 - A structure for addressing digital forensics
  • January 25, 2009 - Digital Forensic Evidence clickable diagram
  • January 25, 2009 - Run decider from your browser
  • January 1, 2009 - Change management: How should I handle it?
  • December 15, 2008 - Short Note: Twittering Away Your Privacy
  • December 1, 2008 - Digital Forensic Evidence: A Wave Starting to Break
  • November 1, 2008 - Security Decision: Zoning your network
  • October 1, 2008 - Social tension and separation of duties
  • September 1, 2008 - Default deny is best practice? Not anymore!
  • August 1, 2008 - Control Architecture: Access Controls
  • July 1, 2008 - Fault modeling, the scientific method, and thinking out of the box
  • June 1, 2008 - Inventory Revisited - How to reduce security losses by 70%?
  • May 1, 2008 - Control Requirements for Control Systems... Matching Surety to Risk
  • Decision Support Systems for Security - RSA Conference - (2008-04-11)
  • April 7, 2008 - Metrics for Digital Forensics - MiniMetriCon Slides
  • April 4, 2008 - New Book: "Enterprise Information Protection" AVAILABLE SOON
  • April 1, 2008 - The Botnets are coming - The Botnets are coming...
  • March 1, 2008 - New Book: "Challenges to Digital Forensic Evidence" NOW AVAILABLE
  • March 1, 2008 - Enterprise Information Protection - It's About the Business
  • February 28, 2008 - ISOI 1996 DCA presentation used for...
  • Febuary 28, 2008 - ISOI DCA presentation - DCAs then and now
  • January 28, 2008 - Failing Floppy Disk Recovery - IFIP Paper in Kyoto
  • January 21, 2008 - New Book: "Challenges to Digital Forensic Evidence"
  • January 1, 2008 - Get Smart ... Accidental Security
  • January 1, 2008 - Unintended Consequences
  • December 31, 2007 - Why you cannot always trust the WayBack Machine for digital forensic evidence
  • December 1, 2007 - Get Smart ... Security End-of-year
  • December 1, 2007 - Security, justice, and the future
  • November 1, 2007 - Get Smart ... Covert Awareness
  • November 1, 2007 - Security by Psychology
  • October 1, 2007 - Get Smart ... Measuring Compliance
  • October 1, 2007 - Making compliance simple - not
  • September 1, 2007 - Get Smart ... Identity Assurance
  • September 1, 2007 - Identity Assurance and Risk Aggregation
  • August 30, 2007 - Influence updated to new GUI, controls, file formats, etc.
  • August 18, 2007 - Decider libraries updated and controls improved
  • August 10, 2007 - Consulting service offerings updated
  • August 1, 2007 - Get Smart ... Conflicts of Interest
  • August 1, 2007 - The ethical challenge
  • July 1, 2007 - Get Smart ... Making Better Security Decisions
  • July 1, 2007 - Security Decision Support
  • June 10, 2007 - The Decider - Download Now!!!
  • June 1, 2007 - Get Smart ... Which User Platform
  • June 1, 2007 - User Platform Selection
  • June 1, 2007 - Risk Management
  • May 14, 2007 - How to be reasonably secure using mobile off-the-shelf computing
  • May 13, 2007 - Podcast site with a few interesting items
  • May 1, 2007 - Security Ethics and the Professional Societies
  • April 17, 2007 - New Security Metrics software - Download now!!!
  • April 1, 2007 - Industry Analysis Report - The Emerging Risk Management Space
  • April 1, 2007 - Get Smart ... Information Content Inventory
  • March 1, 2007 - Simulator, database, games - again available at all.net
  • March 1, 2007 - Industry Analysis Report - Emerging Market Presence
  • March 1, 2007 - Get Smart ... Sensible Security - You Wouldn't?
  • February 1, 2007 - Industry Analysis Report - Framework and Market Summary
  • February 1, 2007 - Get Smart ... Measuring Security
  • January 15, 2007 - Influence Update - improved reporting and analysis
  • January 1, 2007 - Get Smart ... Closing the Gap
  • December 1, 2006 - Security Decisions 2007 - Download now!!!
  • December 1, 2006 - Get Smart ... The Security Schedule?
  • November 26, 2006 - Simulator, database, games moving to java versions - temporarily available at north.all.net
  • November 22, 2006 - Free online courses on Linux, Linux Firewalls, and Linux Networking
  • November 15, 2006 - Read about Strategic Scenario Adventures
  • November 14, 2006 - Influence updated to include simulation and in-depth advice
  • Join our low-volume announcement list at yahoogroups
  • November 1, 2006 - Get Smart ... The Holidays Bring the Fraudsters
  • October 1, 2006 - Get Smart ... Physical/Logical Convergence?
  • September 24, 2006 - SecurityDecisions - Security decision support tool sampler
  • September 20, 2006 - Gamer - Security awareness and training sampler
  • September 18, 2006 - Maps - software security mapping tool
  • September 10, 2006 - Influence - software tool
  • September 1, 2006 - Get Smart ... How can I Show I am Me in Email?
  • August 1, 2006 - Get Smart ... Service Oriented Architecture Security Elements
  • July 6, 2006 - New SP-800-53 to ISO and Governance Guidebook Map
  • July 1, 2006 - Get Smart ... The Life Expectancy of Defenses
  • June 19, 2006 - Get Smart... Why the CISO should work for the CEO - Three Case Studies
  • June 15, 2006 - Business modeling for risk management - presentation update
  • March 13, 2006 - New Information Warfare Book Released
  • March 1, 2006 - Information Security Awareness Basics Released

    Managing Network Security

    2003

    July, 2003 - Why?
    June, 2003 - Background Checks
    May, 2003 - Operations Security for the Rest of Us
    April, 2003 - Documenting Security
    March, 2003 - Novelty Detection
    February, 2003 - Switching Your Infrastructure
    January, 2003 - Security Programming

    2002

    December, 2002 - Back Up a Minute
    November, 2002 - Breaking In - to test security?
    October, 2002 - Reworking Your Firewalls
    Sepember, 2002 - Deception Rising
    August, 2002 - You're in a Bind!
    July, 2002 - Is Open Source More or Less Secure?
    BOUNS ARTICLE - July, 2002 - Smashed Again by Stupid Security
    June, 2002 - Academia's Vital Role in Information Protection
    May, 2002 - Terrorism and Cyberspace
    April, 2002 - Misimpressions We Need to Extinguish
    March, 2002 - Embedded Security
    February, 2002 - How to Get Around Your ISP
    January, 2002 - The End of the Internet as we Know it

    2001

    December, 2001 - The World Doesn't Want to be Fixed
    November, 2001 - The Deception Defense
    October, 2001 - The DMCA
    September, 2001 Special Issue - The Balancing Act
    September, 2001 - The Best Security Book Ever Written
    August, 2001 - Bootable CDs
    July, 2001 - A Matter of Power
    June, 2001 - The Wireless Revolution
    May, 2001 - The New Cyber Gang - A Real Threat Profile
    April, 2001 - To Prosecute or Not to Prosecute
    March, 2001 - Corporate Security Intelligence
    February, 2001 - Testing Your Security by Breaking In - NOT
    January, 2001 - Marketing Hyperbole at its Finest

    2000

    December, 2000 - The Millennium Article - Yet Again! - The Bots are Coming!!! The Bots are Coming!!!
    November, 2000 - Why Everything Keeps Failing
    October, 2000 - The Threat
    September, 2000 - Chipping
    August, 2000 - Understanding Viruses Bio-logically
    July, 2000 - What does it do behind your back?
    June, 2000 - Why Can't We Do DNS Right?
    May, 2000 - Eliminating IP Address Forgery - 5 Years Old and Going Strong
    April, 2000 - Countering DCAs
    March, 2000 - Collaborative Defense
    February, 2000 - Worker Monitoring
    January, 2000 - Digital Forensics

    1999

    December, 1999 - Why it was done that way
    BONUS ARTICLE - November, 1999 - So Much Evidence... So Little Time
    November, 1999 - The Limits of Cryptography
    October, 1999 - Security Education in the Information Age
    September, 1999 - In Your Face Information Warfare
    August, 1999 - What's Happening Out There
    July, 1999 - Attack and Defense Strategies
    June, 1999 - The Limits of Awareness
    May, 1999 - Watching the World
    April, 1999 - Simulating Network Security
    Bonus Article: Incident at All.Net - 1999 Edition
    March, 1999 - The Millisecond Fantasy
    February, 1999 - Returning Fire
    January, 1999 - Anatomy of a Successful Sophisticated Attack

    1998

    December, 1998 - Balancing Risk
    November, 1998 - The Real Y2K Issue?
    October, 1998 - Time-Based Security?
    September, 1998 - What Should I Report to Whom?
    August, 1998 - Third Anniversary Article - The Seedy Side of Security
    July, 1998 - How Does a Typical IT Audit Work?
    June, 1998 - Technical Protection for the Joint Venture
    May, 1998 - Risk Staging
    April, 1998 - The Unpredictability Defense
    March, 1998 - Red Teaming
    February, 1998 - The Management of Fear
    January, 1998 - Y2K - Alternative Solutions

    1997

    December, 1997 - 50 Ways to Defeat Your Intrusion Detection System
    November, 1997 - To Outsource or Not to Outsource - That is the Question.
    October, 1997 - The Network Security Game
    September, 1997 - Change Your Password - Do Si Do
    August, 1997 - Penetration Testing?
    July, 1997 -
    June, 1997 - Relativistic Risk Analysis
    May, 1997 - Prevent, Detect, and React
    April, 1997 - Would You Like to Play a Game?
    March, 1997 - Risk Management or Risk Analysis?
    February, 1997 - Network Security as a Control Issue
    January, 1997 - Integrity First - Usually

    1996

    December, 1996 - Where Should We Concentrate Protection?
    November, 1996 - How Good Do You Have to Be?
    October, 1996 - Why Bother?

    Internet Holes

    September, 1996 - The SYN Flood
    August, 1996 - Internet Incident Response
    July, 1996 - Internet Lightning Rods
    June, 1996 - UDP Viruses
    May, 1996 - Eliminating IP Address Forgery
    April, 1996 - Spam
    March, 1996 - Bonus: Incident at All.Net
    March, 1996 - The Human Element
    January, 1996 - Automated Attack and Defense

    1995

    December, 1995 - 50 Ways to Attack Your World Wide Web Systems
    November, 1995 - Network News Transfer Protocol
    October, 1995 - The Sendmail Maelstrom
    September, 1995 - Packet Fragmentation Attacks
    August, 1995 - ICMP

    On-Line Strategic Gaming:
    Web-based Strategic Games
    Web-based on-line strategic games are now supported. A default game (One Upsmanship) provides a simple game where you try to think up a better short joke than your competitors. More complex games are available for those wishing to purchase strategic games.

    New Articles:
    Managing Network Security
    December, 1998 - Balancing Risk
    Technical Baselines
    Classification Scheme for Information System Threats, Attacks, and Defenses;A Cause and Effect Model; and Some Analysis Based on That Model.
    Recent Research Results
    A Note on the Role of Deception in Information Protection

    New Features:
    The InfoSec Bookstore
    A listing of hundreds of books on information security with select book reviews and push-button ordering from Amazon.com.
    The Security Educators Mailing List
    Our mission is to provide an open forum for educators in information security to discuss issues related to courses, curriculum, books, and other education-related items.
    DTK Version 0.6
    DTK's newest version includes features like time/use based authentication, remote access to intrusion data, and network infocon support.

    To contact us, send email to fred at all.net