Breach Harm: Should Arizona be required to notify?

by adam on June 28, 2011

Over at the Office of Inadequate Security, Pogo was writing about the Lulzsec hacking of Arizona State Police. Her article is “A breach that crosses the line?” I’ve been blogging for years about the dangers of breaches. I am concerned (…)

Read the rest of this entry »

Sex, Lies & Cybercrime Surveys: Getting to Action

by adam on June 23, 2011

My colleagues Dinei Florencio and Cormac Herley have a new paper out, “Sex, Lies and Cyber-crime Surveys.” Our assessment of the quality of cyber-crime surveys is harsh: they are so compromised and biased that no faith whatever can be placed (…)

Read the rest of this entry »

Communicating with Executives for more than Lulz

by adam on June 15, 2011

On Friday, I ranted a bit about “Are Lulz our best practice?” The biggest pushback I heard was that management doesn’t listen, or doesn’t make decisions in the best interests of the company. I think there’s a lot going on (…)

Read the rest of this entry »

Are Lulz our best practice?

by adam on June 10, 2011

Over at Risky.biz, Patrick Grey has an entertaining and thought-provoking article, “Why we secretly love LulzSec:” LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely (…)

Read the rest of this entry »

How the Epsilon Breach Hurts Consumers

by adam on June 3, 2011

Yesterday, Epsilon and Sony testified before Congress about their recent security troubles. There was a predictable hue and cry that the Epsilon breach didn’t really hurt anyone, and there was no reason for them to have to disclose it. Much (…)

Read the rest of this entry »

ThreatPost goes New School

by adam on June 1, 2011

In “It’s Time to Start Sharing Attack Details,” Dennis Fisher says: With not even half of the year gone, 2011 is becoming perhaps the ugliest year on record for major attacks, breaches and incidents. Lockheed Martin, one of the larger (…)

Read the rest of this entry »