FEAR AND LOATHING IN SAN FRANCISCO (RSA PRE-GAME)
by alex on February 26, 2012
So it’s early Sunday AM, and I’m getting my RSA Schedule together finally. So here’s what I’m looking forward to this week, leave us stuff in the comments if you’ve identified other cool stuff: =============== Monday: 8 freaking AM – (…)
Admitting Mistakes
by adam on February 24, 2012
Tripwire’s blog has “25 Infosec Gurus Admit to their Mistakes…and What They Learned from Them.” I’m glad to see attention paid to the simple reality that we all make mistakes. Extra points to Bill Brenner, Pete Lindstrom, Andrew Hay, Chris (…)
“Anonymized, of course”
by adam on February 21, 2012
I’ve noticed a couple of times lately that as people discuss talking about security incidents, they don’t only default to the idea of anonymization, they often insert an “of course” after it. But today I want to talk about the (…)
New Cyber Security Bill: Crowdsource Analysis?
by adam on February 15, 2012
A lot of people I trust are suggesting that the “Collins-Lieberman” bill has a substantial chance of passing. I have some really interesting (and time-consuming) work tasks right now, and so I’m even more curious than usual what you all (…)
Predictably Apathetic responses to Cyber Attack
by adam on February 13, 2012
Wh1t3Rabbit has a great post “Understanding the apathetic response to a cyber attack:” Look, Dana’s right. His business is the organizing and promotion of the UFC fights. Secondary to that business is the merchandising and other aspects of the UFC (…)
Why Breach Disclosures are Expensive
by adam on February 7, 2012
Mr. Tripathi went to work assembling a crisis team of lawyers and customers and a chief security officer. They hired a private investigator to scour local pawnshops and Craigslist for the stolen laptop. The biggest headache, he says, was deciphering (…)
Yet More On Threat Modeling: A Mini-Rant
by David Mortman on February 7, 2012
Yesterday Adam responded to Alex’s question on what people thought about IanG’s claim that threat modeling fails in practice and I wanted to reiterate what I said on twitter about it: It’s a tool! No one claimed it was a (…)
On Threat Modeling
by adam on February 6, 2012
Alex recently asked for thoughts on Ian Grigg’s “Why Threat Modeling Fails in Practice.” I’m having trouble responding to Ian, and have come to think that how Ian frames the problem is part of my problem in responding to him. (…)
Dear Verisign: Trust requires Transparency
by adam on February 3, 2012
On their blog, Verisign made the following statement, which I’ll quote in full: As disclosed in an SEC filing in October 2011, parts of Verisign’s non-production corporate network were penetrated. After a thorough analysis of the attacks, Verisign stated in (…)
Threat Modeling Fails In Practice
by alex on February 2, 2012
Would be interested in readers thoughts on Ian G’s post here: https://financialcryptography.com/mt/archives/001357.html