The security industry is broken
It's easier to get "owned" than you think
Test of a good security product: would I use it?
Why Microsoft's free AV won't matter
Why most AV doesn't work (well)
Four minutes to infection?
Personal firewall problems
Why most people shouldn't run intrusion prevention systems
Problems with host intrusion prevention
Plenty of phish in the sea
Helping others stay safe on the Internet
Snake oil: legitimate vendors sell it, too
Is Apple really more secure?
OK, your mobile phone is insecure; should you care?
Do AV vendors write their own viruses?
One simple fix for the AV industry
Open source security: a red herring
Why SiteAdvisor was such a good idea
Is there anything we can do about identity theft?
Virtualization: host security's silver bullet?
When will we get rid of all the security vulnerabilities?
Application security on a budget
"Responsible disclosure" isn't responsible
Are man-in-the-middle attacks a myth?
HTTPS sucks: let's kill it!
CrAP-TCHA and the usability/security tradeoff
No death for the password
What AV companies should be doing (AV 2.0)
VPNs usually decrease security
Improving patch management
An open security industry
