^TagDavid Kruger

Portrait of insidious hacker organizing virus attack on corporate servers in hideout place. Serious man looking at camera sitting at desk with multiple displays.

^{Type
post

Author
News
Date
May 30, 2022

Categorized
Computer Security

Tagged
David Kruger, FBI hack 2016, Hacking (conflicting interests), Hacking (famous data breaches), Hacking (ransomware), Hacking (state-sponsored hacking), John Scott-Railton}

At the Water Cooler: They’re Talking About Computer Hacks Again

_{Some people appear to know all the answers to the latest assaults on our finances and privacy. If only the government would listen… (?)} _{News

May 30, 2022

6

Computer Security}

In 2020, hackers threatened to release thousands of Finnish psychotherapy patients’ records to the internet unless they paid a steep ransom. Meanwhile, just last month, U.S. authorities uncovered a ‘Swiss Army Knife’ for hacking industrial control systems. “The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.” (Wired) So yes, we have a problem. Wired sums up last year’s hacking news: “As John Scott-Railton, senior researcher at University of Toronto’s Citizen Lab, puts it, ‘2021 is the year where we’re realizing that the problems we chose not to solve years or decades ago are one by one coming back to haunt us.”” (December 24, 2021) The Read More ›

^{Type
post

Author
News
Date
May 10, 2022

Categorized
Business and Finance, Computer Security

Tagged
Data breaches (liability), David Kruger}

Cybersecurity: Why a Poke in the Eye Does Not Work

_{The current system punishes small businesses for data breaches they could not have prevented} _{News

May 10, 2022

7

Business and Finance, Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday, we looked at how online human data collectors get free from legal responsibility. Today we look at how the current system punishes small businesses for data breaches that they could not have prevented. A Poke in the Eye Furthermore, in the domain of unintended consequences, deterrence polices are based on the technological symptomatic point solution fallacy. Businesses are assumed to be negligent if they have a data breach. That’s correct in some cases, but in others, businesses, particularly small and medium-sized businesses, suffer increased compliance costs or have been bankrupted by data breaches that they Read More ›

Close up businesswoman collecting data information converting into statistics, planning strategy gathering resources creating visual graphical graphs using computer laptop and smart mobile device

^{Type
post

Author
News
Date
May 9, 2022

Categorized
Computer Security

Tagged
David Kruger, Human data collectors (HDCs)}

How Online Human Data Collectors Get Free From Responsibility

_{Cybersecurity expert David A. Kruger talks about the Brave Old World in which you have much less power than Big Tech does} _{News

May 9, 2022

8

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week, we looked at how search engine results can be distorted. This week, we look at how HDCs (human data collectors) free themselves from any responsibility for outcomes. Brave Old World HDCs’ licensing strategy is designed to free them from any vestige of fiduciary duty. Fiduciary law traces its roots back to the Code of Hammurabi in 1790 BC, through the Roman Empire, early British law, and up to the present day. The purpose of fiduciary law is to compensate for two sad facts of human nature. In unequally powered business relationships, 1) businesses with more Read More ›

close up man hand type on keyboard laptop to use search engine optimization (SEO) tools for finding customer or promote and advertise about content online for marketing technology and business concept

^{Type
post

Author
News
Date
April 27, 2022

Categorized
Computer Security

Tagged
David Kruger, search engines}

How Search Engine Results Can Be Distorted

_{Search providers such as Google are able to increase their ad revenues by distorting the search results delivered to users} _{News

April 27, 2022

11

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week, we looked at the way data is collected on us for and marketed. This week we look at how search engine results can not be what they seem: Off Target The promise and purpose of search technology is that with it a user can find what they are looking for, not what the search engine provider deems worthy of being found. That creates an inherent conflict of interest when search providers such as Google are able to increase their ad revenues by distorting the search results delivered to users. Distortion, in Read More ›

^{Type
post

Author
News
Date
April 13, 2022

Categorized
Computer Security

Tagged
David Kruger, Software developers (neglecting security), Symptomatic point solution fallacy}

Computer Safety Expert: Start Helping Ruin Cybercriminals’ Lives

_{Okay, their businesses. Unfortunately, part of the problem is the design of programs, written with the best of intentions…} _{News

April 13, 2022

8

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion focused on agile software development. Today’s discussion looks at making life somewhat less comfortable for the guy who wants to steal your credit card number. Ruining the Economics of Cyberattack Would fully implementing controllable data and full scope authentication prevent every cybersecurity failure? Of course not. There are scenarios, particularly those aided by human gullibility, ineptitude, and negligence, where cybersecurity can and will continue to fail. However, cyberattacks are carried out by human beings for the purpose of acquiring money and/or exercising power, and there is a cost/benefit analysis behind every attack. Controllable Read More ›

Computer code on a screen with a skull representing a computer virus / malware attack.

^{Type
post

Author
News
Date
April 12, 2022

Categorized
Computer Security

Tagged
Agile software, Computer security (costs), David Kruger}

The Sweet Science of Agile Software Development

_{Effective security, as opposed to partial security, increases costs in the short run but decreases them in the long run} _{News

April 12, 2022

7

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion focused on putting a lid on risks. Today’s discussion looks at the sweet science of agile software development — proactive, not reactive responses. Agile Software Development, Known Art, and Updates to the Rescue The “get out of it one piece of software and data at a time” requirement seems daunting, if not impossible, but it isn’t as bad as it sounds due to agile software development, the availability of “known art,” and the speed at which large-scale software changes propagate via the Internet. A key attribute of agile software development is frequently Read More ›

Gas cylinders used welding Industrial in factory

^{Type
post

Author
News
Date
April 11, 2022

Categorized
Computer Security

Tagged
Authentication controls for data, Cyberattackers (as scapegoat for lapses), Data control (standards), Data security (methods), David Kruger, Encryption (and control of data), Featured}

Cybersecurity: Put a Lid on the Risks. We Already Own the Lid

_{Security specialist David Kruger says, data must be contained when it is in storage and transit and controlled when it is in use} _{News

April 11, 2022

11

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Last week’s discussion focused on the ingredients that cybersecurity needs to work. Today, the focus is on putting a lid on risks. Put a Lid on It Fortunately, we have at our disposal untold millions of man hours of safety engineering focused on safely extracting benefits from the use of hazardous things. For example, our homes and the highways we travel on are chock full of beneficial things that can easily kill us, such as high voltage electricity, flammable/explosive natural gas, and tanker trucks filled with flammable or toxic chemicals driving right next Read More ›

^{Type
post

Author
News
Date
April 7, 2022

Categorized
Computer Security

Tagged
Computer security (1950s vs. today), David Kruger, Featured, Software developers (neglecting security)}

Ingredients That Cybersecurity Needs To Actually Work

_{Software makers continue to produce open data as if we were still living in the 50s, and the Internet had never been invented.} _{News

April 7, 2022

11

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here as a series. Yesterday’s discussion made the point that the hacker’s target isn’t networks, computers, or users; they are just pathways to the target —gaining control of data is the target. Today, we look at the ingredients that cybersecurity needs to work. Necessary Ingredients Data in this context is digitized information. Digital information is physical, as in, it’s governed by the laws of physics. Data is the result of software converting (digitizing) human usable information into patterns of ones and zeros that are applied to “quantum small” physical substrates: microscopic transistors, electrical pulses, light, radio waves, Read More ›

^{Type
post

Author
News
Date
April 6, 2022

Categorized
Computer Security

Tagged
cybersecurity, Cybersecurity (computing defense potential), Cybersecurity (hype), Cybersecurity (misconceptions), David Kruger, Featured}

What’s Wrong With Cybersecurity Technology?

_{Know your enemy: The target isn’t networks, computers, or users; they are pathways to the target —gaining control of data} _{News

April 6, 2022

10

Computer Security}

Veteran software developer David A. Kruger offered some thoughts on computer security recently at Expensivity and we appreciate the opportunity to republish them here. He starts with “Root Cause Analysis 101” Now we’ll apply the lessons learned in yesterday’s discussion to cybersecurity: Lesson Learned 1: A pattern of multiple types of recurring related failures indicates the presence of an unidentified root cause. In cybersecurity, is there a pattern of multiple types of recurring failures that appear to be related? Yes! A cybersecurity failure occurs whenever a cyberattacker gains control of data and then: 1) views or plays it, 2) steals copies of it, 3) ransoms it, 5) impedes its flow, 5) corrupts it, or 6) destroys it. The lesson learned is that the Read More ›

Composite image of hacker holding laptop and credir card

^{Type
post

Author
News
Date
November 16, 2021

Categorized
Artificial Intelligence, Data Privacy

Tagged
Breach fatigue, Cyberattacks (made easy), Data (as hazard), David Kruger, Hazardous data, Identifiers (for security), Inherently safer design (ISD for cybersecurity), Liability (reduced for software and hardware)}

Physicality Of Data: The Road To Inherently Safer Authentication

_{Even though the world is arguably far more at risk from uncontrolled data than from uncontrolled HHCs, there are no hordes of people demanding solutions — yet} _{News

November 16, 2021

7

Artificial Intelligence, Data Privacy}

“The Physicality Of Data And The Road To Inherently Safer Authentication” was originally published by Forbes, (October 8, 2021) David Kruger is Co-Founder and VP of Strategy for Absio Corporation and a co-inventor of Absio’s Software-defined Distributed Key Cryptography (SDKC). Two different classes of identifiers must be tested to reliably authenticate things and people: assigned identifiers, such as names, addresses and social security numbers, and some number of physical characteristics. For example, driver’s licenses list assigned identifiers (name, address and driver’s license number) and physical characteristics (picture, age, height, eye and hair color and digitized fingerprints). Authentication requires examining both the license and the person to verify the match. Identical things are distinguished by unique assigned identities such as a Read More ›

industry metallurgical plant dawn smoke smog emissions bad ecology aerial photography

^{Type
post

Author
News
Date
November 15, 2021

Categorized
Business and Finance, Data Privacy

Tagged
Computer security, Cyberattack (as effect not cause), Data security (need for rethink), David Kruger, Dimethyl cadmium (example of hazard), Hazard (data security concept), Inherently safer design (ISD), Software (as hack prone), Trevor Kletz}

Physicality Of Data And The Road To Inherently Safer Computing

_{The software industry today is precisely where the chemical industry was in 1978; hazard control is a mere afterthought} _{News

November 15, 2021

7

Business and Finance, Data Privacy}

“The Physicality Of Data And The Road To Inherently Safer Computing” was originally published by Forbes, August 24, 2021. David Kruger is Co-Founder and VP of Strategy for Absio Corporation and a co-inventor of Absio’s Software-defined Distributed Key Cryptography (SDKC). Our current concept of cybersecurity is to defend against attacks and remedy failure by erecting more and better defenses. That’s a fundamental mistake in thinking that guarantees failure. Why? Because it’s mathematically impossible for a defensive strategy to fully succeed, as explained in the previous installment of this article series. Another even more fundamental mistake in thinking is that cyberattackers are the cause of our woes. They aren’t. They’re the effect. A hazard is a potential source of harm. Cyberattackers target certain Read More ›

Global cyber attack around the world with planet Earth viewed from space and internet network communication under cyberattack with red icons, worldwide propagation of virus online

^{Type
post

Author
News
Date
November 11, 2021

Categorized
Data Privacy

Tagged
Cyberattacks (why increasing), Cyberdefense (assessing potential), Cybersecurity (assessing vulnerability), Data (not designed for security), David Kruger, Encryption (and control of data)}

The Physicality Of Data And The Road To Cybersecurity

_{With cyberattacks trending upward, remember that cyberattack potential is always greater than cyberdefense potential} _{News

November 11, 2021

7

Data Privacy}

“The Physicality Of Data And The Road To Cybersecurity” was originally published by Forbes, July 28, 2021. David Kruger is Co-Founder and VP of Strategy for Absio Corporation and a co-inventor of Absio’s Software-defined Distributed Key Cryptography (SDKC). This article is the second in a series on the physicality of data. The first part is here. Cybersecurity failures have been trending sharply upwards in number and severity for the past 25 years. The target of every cyberattack is data — i.e., digitized information that is created, processed, stored and distributed by computers. Cyberattackers seek to steal, corrupt, impede or destroy data. Users, software, hardware and networks aren’t the target; they’re vectors (pathways) to the target. To protect data, the current strategy, “defense in Read More ›

Laptop with pendrive, sd card, CD and portable hard drive. Concept of data storage

^{Type
post

Author
News
Date
November 10, 2021

Categorized
Artificial Intelligence, Business and Finance, Data Privacy, Economics

Tagged
Data ownership (feasibility), Data vs. information, David Kruger, Encryption (and control of data), Information vs. data, Ownership (four levels), Privacy (and smart devices), Smart devices (and privacy)}

The Physicality Of Data And The Road To Personal Data Ownership

_{News

November 10, 2021

8

Artificial Intelligence, Business and Finance, Data Privacy, Economics}

“The Physicality Of Data And The Road To Personal Data Ownership” was originally published by Forbes, July 2, 2021. David Kruger is co-founder and VP of Strategy for Absio Corporation, and a co-inventor of Absio’s Software-defined Distributed Key Cryptography (SDKC). This article is the first in a series on the physicality of data. I’ll follow up with additional installments of this series over the next several weeks, so check back to see those as they become available. All of us tend to conflate the word “data” with the word “information.” Usually, that’s OK, but collapsing data on a computer and information into one thing rather than two separate things makes thinking accurately about data ownership difficult. Here’s why: Information is Read More ›