A relevant tale of medical survival over at The Reality-Based Community: Three years ago a 39-year-old American man arrived at the haematology clinic of Berlin’s sprawling Charité hospital. (The venerable Charité, one of the great names in the history of medicine, used to be in East Berlin, but it’s now the brand for the merged [...]
——————————— UPDATE: @lbhuston gives us the dirty low down here: http://stateofsecurity.com/?p=766 ——————————— This was a test of the emergency broadcast system. This was only a test, had this been a real change in the Threat Landscape….. You may have read in various media outlets about a little incident that happened yesterday concerning the mailing of [...]
Hey all, sorry it’s been so long since I put up some eye candy. Today’s posts come from the usual sources (flowing data and other various information design blogs) but I also wanted to point you to a new source of cool: http://www.informationisbeautiful.net/ So without futher adieu, your Visualization Friday Posts (some pertinent to the [...]
And I couldn’t agree more. Capability and Maturity Model Creation in Information Security – PS – sorry for using “NewSchool” as a verb.
Todays New York Times has an interesting article “A Lawsuit Tries to Get at Hackers Through the Banks They Attack” about the folks over at Unspam who are suing under the Can-Spam Act in an attempt to get the names of miscreants who have been attacking banks. More interestingly, they are hoping to force the [...]
Over at Haft of the Spear, Michael Tanji asks: You are the nation’s new cyber czar/shogun/guru. You know you can’t _force _anyone to do jack, therefore you spend your time/energy trying to accomplish what three things via influence, persuasion, shame and force of will? My three: De-stigmatize failure. Today, we see the same failures we [...]
I’ve been busy and haven’t had a lot of time to dig in, but Rich Mogull has some really good articles, “Heartland Hackers Caught; Answers and Questions,” and “Recent Breaches- We May Have All the Answers.” I have two questions: Were these custom attacks, or a failure to patch? Reading what’s not in the USSS/FBI [...]
Hey y’all, happy Monday morning. I’ve put Dave & my presentation for Security BSides up on slideshare: http://www.slideshare.net/alexhutton/mortmanhutton-security-bsides-presentation Mortman/Hutton Security B-Sides Presentation View more presentations from alexhutton. Also note that this includes the Black Hat presentation we gave on the Mortman/Hutton Vulnerability/Exploit model. I hope you will enjoy! PS – There’s probably audio available for [...]
There’s been lots of discussion here and elsewhere about what’s wrong with GRC as a market and that discussion is pretty spot on. However, last week, I was chatting with Alex and it suddenly hit me that while GRC doesn’t work, the very concept is even more broken then we had previously thought. I briefly [...]
Bill Brenner has an interview with Robert Carr, the CEO of Heartland. It’s headlined “Heartland CEO on Data Breach: QSAs Let Us Down.” Some smart security folks are outraged, asserting that Carr should know the difference between compliance and security, and audit and assessment. Examples include Rich Mogull’s “Open Letter to Robert Carr” and Alan [...]