Secret Questions
by adam on May 19, 2009
Congratulations to Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University). Their paper, “It’s No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions” has been Slashdotted. It’s really good research, which Rob Lemos (…)
Definitions: cloudenfreude
by Chandler on May 15, 2009
cloudenfreude — Feeling of happiness at watching the discomfort of others, especially senior management, as they accept in aggregate for *aaS the same risks which were easily accepted piecemeal over time for the analgous service internally.
First International Alternative Workshop on Aggressive Computing and Security
by adam on May 15, 2009
Thinking security can not be done without adopting a preferential mode of thought of the attacker. A system cannot be defended if we do not know how to attack it. If the theory is still an interesting approach to formalize (…)
PCI Data Available
by alex on May 15, 2009
Interesting information was made available today from VISA about PCI Compliance status for Level 1, 2, and 3 merchants. Find it as a .pdf >>here<< (thanks to Mike Dahn for bringing it to our notice). **UPDATE** You may want to (…)
Richard Bejtlich’s Quantum State
by alex on May 14, 2009
Is Statistically Mixed? Richard Bejtlich (whom I do admire greatly in most all of his work) just dug up a dead horse and started beating it with the shovel, and I just happen to have this baseball bat in my (…)
European View on Breaches
by adam on May 13, 2009
I hadn’t seen this article by Peter Hustinix when it came out, but it’s important. He says that “All data breaches must be made public:” The good news is that Europe’s lawmakers want to make it obligatory to disclose data (…)
The Eyes of Texas Are on Baseboard Management Controllers? WHAT??!!!
by alex on May 7, 2009
OR TEXAS HB1830S IS SWINEFLU LEGISLATION, IT’S BEEN INFECTED BY PORK! **UPDATE: It looks like the “vendor language” around Section Six has been struck! Given Bejtlich’s recent promises, I thought we’d take a quick but pragmatic look at why risk (…)
Time To Patch, Patch Significance, & Types of Cloud Computing
by alex on May 5, 2009
Recently, a quote from Qualys CTO Wolfgang Kandek struck me kind of weird when I was reading Chris Hoff yet again push our hot buttons on cloud definitions and the concepts of information security survivability. Wolfgang says (and IIRC, this (…)
Cybersecurity Review Turf Battle
by adam on May 3, 2009
Many at RSA commented on the lack of content in Melissa Hathaway’s RSA keynote. The Wall St Journal has an interesting article which may explain why, “Cybersecurity Review Sets Turf Battle:” President Barack Obama’s cybersecurity review has ignited turf battles (…)