Breach Notification in France

by adam on June 22, 2012

Over at the Proskauer blog, Cecile Martin writes “Is data breach notification compulsory under French law?” On May 28th, the Commission nationale de l’informatique et des libertés (“CNIL”), the French authority responsible for data privacy, published guidance on breach notification (…)

Read the rest of this entry »

Active Defense: Show me the Money!

by adam on June 21, 2012

Over the last few days, there’s been a lot of folks in my twitter feed talking about “active defense.” Since I can’t compress this into 140 characters, I wanted to comment quickly: show me the money. And if you can’t (…)

Read the rest of this entry »

In the Spirit of Feynman

by adam on June 14, 2012

Did you notice exactly how much of my post on Cloudflare was confirmation bias? Here, let me walk you through it. In our continuing series of disclosure doesn’t hurt, Continuing series are always dangerous, doubly so on blogs. I wanted (…)

Read the rest of this entry »

Feynman on Cargo Cult Science

by adam on June 11, 2012

On Twitter, Phil Venables said “More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec.” During the Middle Ages there were all kinds of crazy ideas, such as that a piece of rhinoceros horn would (…)

Read the rest of this entry »

CloudFlare’s Post Mortem

by adam on June 5, 2012

In our continuing series of disclosure doesn’t hurt, I wanted to point out Cloudflare’s “Post Mortem: Today’s Attack; Apparent Google Apps/Gmail Vulnerability; and How to Protect Yourself.” Go take a look, it’s worth reading, especially the updates. I take three (…)

Read the rest of this entry »