In the past, I’ve explained how security products combine sensors and throttles with threat intelligence to protect users and devices from attack. I’ve also outlined how the evolution of software, including increased complexity and a focus on privacy, have made it harder than ever for sensors and throttles to function effectively, leading to security andContinue reading “Participatory Extensible Security”
Author Archives: ericlaw
Spring 10Ks
After two solid half-marathons early this year, I was excited for the start of the 10K season to see whether I could keep improving my times. I had mixed results. Cap10K On Sunday, April 12th, I awoke at 5:20 before my alarm, had a cup of coffee and a banana. I left the house atContinue reading “Spring 10Ks”
Cybersecurity Metaphors
Uneven Protection Attacks flow like water: if you have a hole in your defenses, attacks will flow through that hole. Unless they’re trying to win a prize or show off, attackers do not bother attacking where your security posture is strongest. Making your tallest wall taller usually isn’t useful. Encryption Security folks love encryption, forContinue reading “Cybersecurity Metaphors”
Exploiting Vulnerable Drivers
Often, attackers will attempt to prevent security software from interfering with their attack chains by abusing a vulnerable driver to kill or otherwise disable the system’s security software (antivirus/edr/etc). Because drivers run in highly-privileged OS Kernel mode, it is difficult to prevent attackers from achieving their goals if they manage to achieve code execution inContinue reading “Exploiting Vulnerable Drivers”
Smart App Control
Users of modern versions of Windows 11 have a powerful security feature for keeping their devices secure, known as Smart App Control. I’ve talked about this feature a few times over the last year, but in April 2026, a powerful improvement landed. Previously, Smart App Control could not be turned back on if you everContinue reading “Smart App Control”
text/plain 