{"id":778,"date":"2021-01-03T13:36:47","date_gmt":"2021-01-03T13:36:47","guid":{"rendered":"http:\/\/lapsed.ordinary\/?page_id=778"},"modified":"2023-12-01T19:11:20","modified_gmt":"2023-12-01T19:11:20","slug":"writing","status":"publish","type":"page","link":"http:\/\/lapsed.ordinary\/writing\/","title":{"rendered":"Writing"},"content":{"rendered":"\n<p>I have been writing non-fiction for as long as I can reminder, from popular science articles as a mathematics student to various kinds of music journalism in the late 1990s and early 2000s.<\/p>\n\n\n\n<p>I started writing about digital security in 2007 next to my regular duties, with hundreds of blog posts published on <a href=\"https:\/\/www.virusbulletin.com\/blog\/\">Virus Bulletin&#8217;s blog<\/a>. I also kept a popular weekly threat intelligence <a href=\"https:\/\/www.virusbulletin.com\/newsletter\">newsletter<\/a> in 2018 and 2019.<\/p>\n\n\n\n<p>This page contains a selection of my writing at Virus Bulletin and elsewhere on digital security, some of which can also be found on my <a href=\"https:\/\/martijngrooten.medium.com\/\">Medium page<\/a>. More personal writing can be found on my <a href=\"\/blog\">blog<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<p><a href=\"https:\/\/internews.org\/resource\/field-guide-to-incident-response-for-civil-society-and-media\/\">Field Guide to Incident Response for Civil Society and Media<\/a> (with  <em>Internews<\/em>, November 2023)<\/p>\n\n\n\n<p><a href=\"https:\/\/internews.org\/resource\/global-trends-in-digital-security-civil-society-and-media\/\">Global Trends in Digital Security: Civil Society and Media<\/a>, as well as country threat landscape reports for <a href=\"https:\/\/internews.org\/resource\/armenia-digital-threat-landscape-civil-society-media\/\">Armenia<\/a>, <a href=\"https:\/\/internews.org\/resource\/brazil-digital-threat-landscape-civil-society-media\/\">Brazil<\/a>, <a href=\"https:\/\/internews.org\/resource\/mexico-digital-threat-landscape-civil-society-media\/\">Mexico<\/a>, <a href=\"https:\/\/internews.org\/resource\/serbia-digital-threat-landscape-civil-society-media\/\">Serbia<\/a> and <a href=\"https:\/\/internews.org\/resource\/ukraine-digital-threat-landscape-civil-society-media\/\">Ukraine<\/a> (with <em>Internews <\/em>and Afef Abrougui, November 2023)<\/p>\n\n\n\n<p><a href=\"https:\/\/cyberhub.am\/en\/blog\/2023\/10\/25\/technical-writeup-malware-campaigns-targeting-armenian-infrastructure-and-users\/\">Malware Campaigns Targeting Armenian Infrastructure and Users<\/a> (with <em>CyberHUB-AM<\/em>, October 2023)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.oreilly.com\/library\/view\/97-things-every\/9781098101381\/\">Privacy tools (not) for you<\/a> (<em>Silent Push<\/em>, December 2021)<\/p>\n\n\n\n<p>Chapter (on stalkerware) in <a href=\"https:\/\/www.oreilly.com\/library\/view\/97-things-every\/9781098101381\/\">97 Things Every Information Security Professional Should Know<\/a> (<em>O&#8217;Reilly<\/em>, September 2021; book edited by Christina Morillo) <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/learning.oreilly.com\/library\/cover\/9781098101381\/250w\/\" alt=\"97 Things Every Information Security Professional Should Know\"\/><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/www.silentpush.com\/blog\/icedid-command-and-control-infrastructure\">IcedID Command and Control Infrastructure<\/a> (<em>Silent Push<\/em>, March 2021)<\/p>\n\n\n\n<p><a href=\"https:\/\/martijngrooten.medium.com\/david-epstein-range-book-review-ec8ab742a8ee\">David Epstein \u2014 Range (book review)<\/a> (<em>Medium<\/em>, January 2021)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.tripwire.com\/state-of-security\/security-data-protection\/cyber-security\/dns-but-not-way-you-may-think\/?utm_source=bambu&amp;utm_medium=social&amp;utm_campaign=advocacy&amp;blaid=1103553\">It\u2019s Always DNS \u2013 But Not in the Way You May Think<\/a> (<em>Tripwire<\/em>, January 2021)<\/p>\n\n\n\n<p><a href=\"https:\/\/martijngrooten.medium.com\/the-promises-of-secure-email-5ce78d632ed7\">The promises of secure email<\/a> (<em>Medium<\/em>, December 2020)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.tripwire.com\/state-of-security\/security-data-protection\/iot\/iot-devices-privacy-security-in-abusive-relationships\/\">IoT Devices: Privacy and Security in Abusive Relationships<\/a> (<em>Tripwire<\/em>, October 2020)<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"388\" src=\"http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/tripwire_blog_post.png\" alt=\"Article in Tripwire's The State of Security blog\" class=\"wp-image-812\" srcset=\"http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/tripwire_blog_post.png 500w, http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/tripwire_blog_post-300x233.png 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/www.civilsphereproject.org\/blog\/2020\/5\/4\/phantomlance-android-malware-highlights-the-complexity-of-the-mobile-threat\">PhantomLance Android malware highlights the complexity of the mobile threat<\/a> (<em>Civilsphere<\/em>, May 2020)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/12\/parting-thoughts-1-cybersecurity-social-science\/\">Cybersecurity as a social science<\/a> (<em>Virus Bulletin<\/em>, December 2019)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/10\/stalkerware-poses-particular-challenges-anti-virus-products\/\">Stalkerware poses particular challenges to anti-virus products<\/a> (<em>Virus Bulletin<\/em>, October 2019)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/01\/threat-intelligence-teams-should-consider-recruiting-journalists\/\">Threat intelligence teams should consider recruiting journalists<\/a> (<em>Virus Bulletin<\/em>, January 2019)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/08\/security-industry-genuinely-willing-help-you-do-good-work\/\">The security industry is genuinely willing to help you do good work<\/a> (<em>Virus Bulletin<\/em>, August 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.forbes.com\/sites\/martijngrooten\/2018\/07\/08\/brave-move-good-for-tor-and-privacy\/\">Brave Move Good For Tor And Privacy<\/a> (<em>Forbes<\/em>, July 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/05\/turkish-twitter-users-targeted-mobile-finfisher-spyware\/\">Turkish Twitter users targeted with mobile FinFisher spyware<\/a> (<em>Virus Bulletin<\/em>, May 2018)<\/p>\n\n\n\n<p><a href=\"http:\/\/A crime against statistics that is probably worse than the cyber attacks faced in County Durham\">A crime against statistics that is probably worse than the cyber attacks faced in County Durham<\/a> (<em>Virus Bulletin<\/em>, February 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/02\/there-no-evidence-wild-malware-using-meltdown-or-spectre\/\">There is no evidence in-the-wild malware is using Meltdown or Spectre<\/a> (<em>Virus Bulletin<\/em>, February 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/01\/book-review-serious-cryptography\/\">Book review: Serious Cryptography<\/a> (<em>Virus Bulletin<\/em>, January 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/01\/tips-researching-tech-support-scams\/\">Tips on researching tech support scams<\/a> (<em>Virus Bulletin<\/em>, January 2018)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/11\/vulnerabilities-play-only-tiny-role-security-risks-come-mobile-phones\/\">Vulnerabilities play only a tiny role in the security risks that come with mobile phones<\/a> (<em>Virus Bulletin<\/em>, November 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/09\/case-against-running-windows-xp-more-subtle-we-think-it\/\">The case against running Windows XP is more subtle than we think it is<\/a> (<em>Virus Bulletin<\/em>, September 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/09\/patching-important-even-when-it-only-shows-maturity-your-security-process\/\">Patching is important even when it only shows the maturity of your security process<\/a> (<em>Virus Bulletin<\/em>, September 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/08\/removing-vpns-its-chinese-app-store-apple-turns-its-biggest-security-asset-aggasnt-its-users\/\">By removing VPNs from its Chinese App Store, Apple turns its biggest security asset against its users<\/a> (<em>Virus Bulletin<\/em>, August 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/may\/wannacry-shows-we-need-understand-why-organisations-dont-patch\/\">WannaCry shows we need to understand why organizations don&#8217;t patch<\/a> (<em>Virus Bulletin<\/em>, May 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/03\/why-sha-1-collision-means-you-should-stop-using-algorithm\/\">Why the SHA-1 collision means you should stop using the algorithm<\/a> (<em>Virus Bulletin<\/em>, March 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/02\/security-products-and-https-lets-do-it-better\/\">Security products and HTTPS: let&#8217;s do it better<\/a> (<em>Virus Bulletin<\/em>, February 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2017\/02\/we-shouldnt-forget-those-most-vulnerable-our-digital-world\/\">We shouldn&#8217;t forget those most vulnerable in our digital world<\/a> (<em>Virus Bulletin<\/em>, February 2017)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2016\/05\/make-tor-work-better-web-we-need-be-honest-about-it\/\">To make Tor work better on the web, we need to be honest about it<\/a> (<em>Virus Bulletin<\/em>, May 2016)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2016\/04\/it-fine-vulnerabilities-have-names-we-just-need-not-take-them-too-seriously\/\">It&#8217;s fine for vulnerabilities to have names \u2014 we just need not to take them too seriously<\/a> (<em>Virus Bulletin,<\/em> April 2016)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2016\/02\/security-vendors-should-embrace-those-hunting-bugs-their-products\/\">Security vendors should embrace those hunting bugs in their products<\/a> (<em>Virus Bulletin<\/em>, February 2016)<\/p>\n\n\n\n<p><a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/11\/op-ed-how-did-they-break-diffie-hellman\/\">(How) did they break Diffie-Hellman?<\/a> (<em>Ars Technica<\/em>, November 2015)<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"392\" src=\"http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/arstechnica_dh_article.png\" alt=\"Op-ed in Ars Technica\" class=\"wp-image-815\" srcset=\"http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/arstechnica_dh_article.png 500w, http:\/\/lapsed.ordinary\/wp-content\/uploads\/2021\/01\/arstechnica_dh_article-300x235.png 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p><a href=\"https:\/\/grahamcluley.com\/linkedin-scam\/\">\u2018Why I fell victim to a LinkedIn scam \u2013 and why I would do so again tomorrow\u2019<\/a> (<em>grahamcluley.com<\/em>, September 2015)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2015\/05\/you-are-your-own-threat-model\/\">You are your own threat model<\/a> (<em>Virus Bulletin<\/em>, May 2015)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2015\/01\/what-would-cameron-s-anti-terrorism-proposals-mean-uk\/\">What would Cameron&#8217;s &#8216;anti-terrorism&#8217; proposals mean for the UK?<\/a> (<em>Virus Bulletin<\/em>, January 2015)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2014\/12\/book-review-countdown-zero-day\/\">Book review: Countdown to Zero Day<\/a> (<em>Virus Bulletin<\/em>, December 2014)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.lapsedordinary.net\/2013\/09\/23\/how-the-nsa-cheated-cryptography\/\">How the NSA cheated cryptography<\/a> (<em>Lapsed Ordinary<\/em>, September 2013)<\/p>\n\n\n\n<p><a href=\"https:\/\/www.virusbulletin.com\/blog\/2018\/04\/road-ipv6-generally-smooth-contains-few-potholes\/\">And the devil is six: the security consequences of the switch to IPv6<\/a> (<em>Virus Bulletin<\/em> February 2012)<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have been writing non-fiction for as long as I can reminder, from popular science articles as a mathematics student to various kinds of music journalism in the late 1990s and early 2000s. I started writing about digital security in 2007 next to my regular duties, with hundreds of blog posts published on Virus Bulletin&#8217;s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/pages\/778"}],"collection":[{"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/comments?post=778"}],"version-history":[{"count":27,"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/pages\/778\/revisions"}],"predecessor-version":[{"id":1032,"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/pages\/778\/revisions\/1032"}],"wp:attachment":[{"href":"http:\/\/lapsed.ordinary\/wp-json\/wp\/v2\/media?parent=778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}