Apparently, at the SecTor security conference, someone tapped into the network and posted passwords to a Wall of Sheep. At the SecTor speakers dinner, several attendees were approached by colleagues and informed that their credentials appeared on the “Wall of Shame” for all to see. When questioned about how the encrypted and unencrypted traffic was [...]
Since anyone can declare anything a best practice in information security, I’d like to add my favorite to your list. Think. Thank you.
VisualComplexity.com intends to be a unified resource space for anyone interested in the visualization of complex networks. While it may not contain any examples specific to information security, there may be some methods and ideas that can be adapted to InfoSec.
Near misses are very valuable signals regarding future losses. If we ignore them in our cost metrics, we might make some very poor decisions. This example shows that there is a qualitative difference between “ground truth data” (in this case, historical cash flow for data breach events) and overall security metrics, which need to reflect our estimates about the future, a.k.a. risk.
Rob Lemos has a new article up on the MIT Technology Review, about some researchers from UC Santa Barbara who spent several months studying the Mebroot Botnet. They found some fascinating stuff and I’m looking forward to reading the paper when it’s finally published. While the vast majority of infected machines were Windows based (64% [...]
Earlier this month, the Department of Health and Human Services imposed a “risk of harm” standard on health care providers who lose control of your medical records. See, for example, “Health IT Data Breaches: No Harm, No Foul:” According to HHS’ harm standard, the question is whether access, use or disclosure of the data poses [...]