Thanks, Risk I/O
by adam on September 27, 2011
Go read this excellent article by Ed Bellis.
The Diginotar Tautology Club
by adam on September 23, 2011
I often say that breaches don’t drive companies out of business. Some people are asking me to eat crow because Vasco is closing its subsidiary Diginotar after the subsidiary was severely breached, failed to notify their reliant parties, mislead people (…)
Book Reading in Seattle on Sunday
by adam on September 21, 2011
This Sunday I’ll be reading from the New School at 4PM on Sunday at Ada’s Technical Books in Capitol Hill. If you’re in the area, you should come!
Lean Startups & the New School
by adam on September 20, 2011
On Friday, I watched Eric Ries talk about his new Lean Startup book, and wanted to talk about how it might relate to security. Ries concieves as startups as businesses operating under conditions of high uncertainty, which includes things you (…)
Diginotar Quantitative Analysis (“Black Tulip”)
by adam on September 13, 2011
Following the Diginotar breach, FOX-IT has released analysis and a nifty video showing OCSP requests. As a result, lots of people are quoting a number of “300,000″. Cem Paya has a good analysis of what the OCSP numbers mean, what (…)
The Rules of Breach Disclosure
by adam on September 7, 2011
There’s an interesting article over at CIO Insight: The disclosure of an email-only data theft may have changed the rules of the game forever. A number of substantial companies may have inadvertently taken legislating out of the hands of the (…)