According to ZDNet, “Coleman donor data breached in January, but donors alerted by Wikileaks not campaign:” Donors to Minnesota Senator Norm Coleman’s campaign got a rude awakening this week, thanks to an email from Wikileaks. Coleman’s campaign was keeping donor information in an unprotected database that contained names, addresses, emails, credit card numbers and those [...]
Filed under: Uncategorized by adam on Thursday, April 30, 2009
1 Comment »
I’ll go ahead and promote David. He’s interviewed over at Threat Post. Pod/Talk cast it up! In this episode of the Digital Underground podcast, Dennis Fisher talks with David Mortman, CSO-in-residence at Echelon One and longtime security executive, about whether we’ve become too reliant on compliance, the changing nature of the CSO’s job and how [...]
Filed under: Uncategorized by alex on Wednesday, April 29, 2009
1 Comment »
The Open Security Foundation, creators of OSVDB and DataLossDB have won SC Magazine’s Editor’s Choice award for 2009. It’s well deserved. In other Open Security Foundation News, about a dozen people asked me how to get a stylin’ DataLossDB t-shirt. It’s pretty easy-donate. I think you get one at the $100 level.
Filed under: Uncategorized by adam on Saturday, April 25, 2009
1 Comment »
Following up on Ben’s comment to s/green/secure/g, infosec generally makes life /harder/ for people (at least in the short-term), all to keep bad things from happening. I’ll argue it’s even worse than that. Since “secure” is neither achievable nor a static state, it can never be done and standing still means falling behind. One of [...]
Filed under: Uncategorized by Chandler on Monday, April 20, 2009
No Comments »
Don’t miss this fascinating article in the New York Times, “Why Isn’t the Brain Green?” You can read it for itself, but then you hit paragraphs like this: It isn’t immediately obvious why such studies are necessary or even valuable. Indeed, in the United States scientific community, where nearly all dollars for climate investigation are [...]
Filed under: Uncategorized by adam on Sunday, April 19, 2009
2 Comments »
“Data Breach Noti?cation Law Across the World from California to Australia” by Alana Maurushat. From the abstract: The following article and table examine the specifics of data breach notification frameworks in multiple jurisdictions. Over the year of 2008, Alana Maurushat of the Cyberspace Law and Policy Centre, with research assistance from David Vaile and student [...]
Filed under: Uncategorized by adam on Saturday, April 18, 2009
No Comments »
Rich Mogull, Adrian Lane, (of Securosis) and Jeff Jones (of Microsoft) have started a “transparent” metrics project “to help build an independent model to measure the costs and effectiveness of patch management.” They’re calling it (for now) Project Quant. As you can probably guess, I’m all for transparent metrics projects, and I hope you’ll at [...]
Filed under: Uncategorized by alex on Friday, April 17, 2009
1 Comment »
Real briefly, something that came to me reading Marcus Ranum over at Tenable’s Blog. Marcus writes: Usually, when I attack pseudo-science in computer security, someone replies, “Yes, but some data is better than none at all!” Absolutely not true! Deceptive, inaccurate, and misleading data is worse than none at all, because it can encourage you [...]
Filed under: Uncategorized by alex on Thursday, April 16, 2009 | Social tagging: metrics > statistics
1 Comment »
I came across an interesting take on Nassim Taleb’s “Black Swan” article for the Financial Times via JP Rangaswami‘s blog “Confused in Calcutta“. Friends and folks who know me are probably tired of my rants about what I think of Taleb’s work and what I think he’s gotten wrong. But really, I find his FT [...]
Filed under: Uncategorized by alex on Thursday, April 16, 2009
1 Comment »
I’ve given Vz’s DBIR a quick perusal. The data are interesting indeed and the recommendations are obvious. There is little new here in the way of recommendations – I guess nobody is listening or the controls are ineffective (or a bit of both). Regardless, I have a few items that confuse and irritate me a [...]
Filed under: Uncategorized by Brooke on Thursday, April 16, 2009 | Social tagging: breach reports > confused > ineffective > metrics > sleep
2 Comments »