Breach Harm: Should Arizona be required to notify?
by adam on June 28, 2011
Over at the Office of Inadequate Security, Pogo was writing about the Lulzsec hacking of Arizona State Police. Her article is “A breach that crosses the line?” I’ve been blogging for years about the dangers of breaches. I am concerned (…)
Sex, Lies & Cybercrime Surveys: Getting to Action
by adam on June 23, 2011
My colleagues Dinei Florencio and Cormac Herley have a new paper out, “Sex, Lies and Cyber-crime Surveys.” Our assessment of the quality of cyber-crime surveys is harsh: they are so compromised and biased that no faith whatever can be placed (…)
Communicating with Executives for more than Lulz
by adam on June 15, 2011
On Friday, I ranted a bit about “Are Lulz our best practice?” The biggest pushback I heard was that management doesn’t listen, or doesn’t make decisions in the best interests of the company. I think there’s a lot going on (…)
Are Lulz our best practice?
by adam on June 10, 2011
Over at Risky.biz, Patrick Grey has an entertaining and thought-provoking article, “Why we secretly love LulzSec:” LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely (…)
How the Epsilon Breach Hurts Consumers
by adam on June 3, 2011
Yesterday, Epsilon and Sony testified before Congress about their recent security troubles. There was a predictable hue and cry that the Epsilon breach didn’t really hurt anyone, and there was no reason for them to have to disclose it. Much (…)
ThreatPost goes New School
by adam on June 1, 2011
In “It’s Time to Start Sharing Attack Details,” Dennis Fisher says: With not even half of the year gone, 2011 is becoming perhaps the ugliest year on record for major attacks, breaches and incidents. Lockheed Martin, one of the larger (…)