“No Evidence” and Breach Notice
by adam on April 30, 2009
According to ZDNet, “Coleman donor data breached in January, but donors alerted by Wikileaks not campaign:” Donors to Minnesota Senator Norm Coleman’s campaign got a rude awakening this week, thanks to an email from Wikileaks. Coleman’s campaign was keeping donor (…)
@Mortman MP3d on Threat Post
by alex on April 29, 2009
I’ll go ahead and promote David. He’s interviewed over at Threat Post. Pod/Talk cast it up! In this episode of the Digital Underground podcast, Dennis Fisher talks with David Mortman, CSO-in-residence at Echelon One and longtime security executive, about whether (…)
Congratulations, Open Security Foundation
by adam on April 25, 2009
The Open Security Foundation, creators of OSVDB and DataLossDB have won SC Magazine’s Editor’s Choice award for 2009. It’s well deserved. In other Open Security Foundation News, about a dozen people asked me how to get a stylin’ DataLossDB t-shirt. (…)
Standing Still
by Chandler on April 20, 2009
Following up on Ben’s comment to s/green/secure/g, infosec generally makes life /harder/ for people (at least in the short-term), all to keep bad things from happening. I’ll argue it’s even worse than that. Since “secure” is neither achievable nor a (…)
s/green/secure/g
by adam on April 19, 2009
Don’t miss this fascinating article in the New York Times, “Why Isn’t the Brain Green?” You can read it for itself, but then you hit paragraphs like this: It isn’t immediately obvious why such studies are necessary or even valuable. (…)
Breach Notification Law Across the World
by adam on April 18, 2009
“Data Breach Noti?cation Law Across the World from California to Australia” by Alana Maurushat. From the abstract: The following article and table examine the specifics of data breach notification frameworks in multiple jurisdictions. Over the year of 2008, Alana Maurushat (…)
Project Quant: Patch Management Metrics
by alex on April 17, 2009
Rich Mogull, Adrian Lane, (of Securosis) and Jeff Jones (of Microsoft) have started a “transparent” metrics project “to help build an independent model to measure the costs and effectiveness of patch management.” They’re calling it (for now) Project Quant. As (…)
Evolution of Information Analysis
by alex on April 16, 2009
Real briefly, something that came to me reading Marcus Ranum over at Tenable’s Blog. Marcus writes: Usually, when I attack pseudo-science in computer security, someone replies, “Yes, but some data is better than none at all!” Absolutely not true! Deceptive, (…)
Black Swan-Proof InfoSec?
by alex on April 16, 2009
I came across an interesting take on Nassim Taleb’s “Black Swan” article for the Financial Times via JP Rangaswami‘s blog “Confused in Calcutta“. Friends and folks who know me are probably tired of my rants about what I think of (…)
A Curmudgeon is a Little Confused by the 2009 DBIR
by Brooke on April 16, 2009
I’ve given Vz’s DBIR a quick perusal. The data are interesting indeed and the recommendations are obvious. There is little new here in the way of recommendations – I guess nobody is listening or the controls are ineffective (or a (…)