Hoff on AWS

by adam on November 30, 2012

Hoff’s blog post “Why Amazon Web Services (AWS) Is the Best Thing To Happen To Security & Why I Desperately Want It To Succeed” is great on a whole bunch of levels. If you haven’t read it, go do that. (…)

Read the rest of this entry »

South Carolina

by adam on November 26, 2012

It’s easy to feel sympathy for the many folks impacted by the hacking of South Carolina’s Department of Revenue. With 3.6 million taxpayer social security numbers stolen, those people are the biggest victims, and I’ll come back to them. It’s (…)

Read the rest of this entry »

Control-Alt-Hack: Now available from Amazon!

by adam on November 22, 2012

Amazon now has copies of Control Alt Hack, the card game that I helped Tammy Denning and Yoshi Kohno create. Complimentary copies for academics and those who won copies at Blackhat are en route. From the website: Control-Alt-Hackā„¢ is a (…)

Read the rest of this entry »

Email Security Myths

by adam on November 17, 2012

My buddy Curt Hopkins is writing about the Patraeus case, and asked: I wonder, in addition to ‘it’s safe if it’s in the draft folder,’ how many additional technically- and legally-useless bits of sympathetic magic that people regularly use in (…)

Read the rest of this entry »

The “Human Action” argument is not even wrong

by adam on November 15, 2012

Several commenters on my post yesterday have put forth some form of the argument that hackers are humans, humans are unpredictable, and therefore, information security cannot have a Nate Silver. This is a distraction, as a moment’s reflection will show. (…)

Read the rest of this entry »

Where is Information Security’s Nate Silver?

by adam on November 14, 2012

So by now everyone knows that Nate Silver predicted 50 out of 50 states in the 2012 election. Michael Cosentino has a great picture: Actually, he was one of many quants who predicted what was going to happen via meta-analysis (…)

Read the rest of this entry »

Effective training: Wombat’s USBGuru

by adam on November 12, 2012

Many times when computers are compromised, the compromise is stealthy. Take a moment to compare that to being attacked by a lion. There, the failure to notice the lion is right there, in your face. Assuming you survive, you’re going (…)

Read the rest of this entry »

Published Data Empowers

by adam on November 2, 2012

There’s a story over at Bloomberg, “Experian Customers Unsafe as Hackers Steal Credit Report Data.” And much as I enjoy picking on the credit reporting agencies, what I really want to talk about is how the story came to light. (…)

Read the rest of this entry »