Airplane Terrorism, Data-Driven Edition

by Chandler on December 31, 2009

I’m just off a flight from London back to the United States and I’m hesitant to attempt to think while jet-lagged.  I’ll have some more thoughts and first-hand observations once my head clears, however. In the meantime, Nate Silver has (…)

Read the rest of this entry »

An Open Letter to the New Cyber-Security Czar

by adam on December 23, 2009

Dear Howard, Congratulations on the new job! Even as a cynic, I’m surprised at just how fast the knives have come out, declaring that you’ll get nothing done. I suppose that low expectations are easy to exceed. We both know (…)

Read the rest of this entry »

NotObvious On Heartland

by alex on December 21, 2009

I posted this also to the securitymetrics.org mailing list.  Sorry if discussing in multiple  venues ticks you off. The Not Obvious blog has an interesting write up on the Heartland Breach and impact.  From the blog post: “Heartland has had (…)

Read the rest of this entry »

For Blog/Twitter Conversation: Can You Defend “GRC”?

by alex on December 15, 2009

Longtime readers know that I’m not the biggest fan of GRC as it is “practiced” today.  I believe G & C are subservient to risk management. So let me offer you this statement to chew on: “A metric for Governance (…)

Read the rest of this entry »

Top Security Stories of the Year?

by adam on December 14, 2009

On Wednesday, I’ll be joining a podcast to discuss “top security stories of the year.” I have a couple in mind, but I’d love to hear your nominations. What are the most important things which have happened in information security (…)

Read the rest of this entry »

Data Not Assertions

by David Mortman on December 10, 2009

There have already been a ton of posts out there about the Verizon DBIR Supplement that came out yesterday, so I’m not going to dive into the details, but I wanted to highlight this quick discussion from twitter yesterday that (…)

Read the rest of this entry »

Huh, who knew?

by adam on December 10, 2009

We have a comments feed. I suppose we should add that to somewhere sane. In the meanwhile, you should click here. We have smart commenters, and what they say is usually worthwhile.

Emerging threat: Social Botnets

by Russell on December 9, 2009

We think of botnets as networks of computing devices slaved to some command & control system. But what about human-in-the-loop botnets, where humans are either participants or prime actors? I’m coining this label: “social botnets”. Recent example: “Health Insurers Caught Paying Facebook Gamers To Oppose Reform Bill”.

NEW: Verizon 2009 DBIR Supplement

by Russell on December 9, 2009

The supplement provides case studies, involving anonymous Verizon clients, that detail some of the tools and methods hackers used to compromise the more than 285 million sensitive records that were breached in 90 forensic cases Verizon handled last year.

Sweden: An Interesting Demographic Case Study In Internet Fraud

by alex on December 7, 2009

(quietly, wistfully singing “Yesterday” by the Beatles) From my favorite Swedish Infosec Blog, Crowmoor.se. I don’t speak Swedish, so I couldn’t really read the fine article they linked to.  Do go read their blog post, I’ll wait here. Back?  Great.  (…)

Read the rest of this entry »