How to Ask Good Questions at RSA

by adam on February 26, 2013

So this week is RSA, and I wanted to offer up some advice on how to engage. I’ve already posted my “BlackHat Best Practices/Survival kit. First, if you want to ask great questions, pay attention. There are things more annoying (…)

Read the rest of this entry »

Is there “Room for Debate?” in Breach Disclosure?

by adam on February 22, 2013

The New York Times has a “Room for Debate” on “Should Companies Tell Us When They Get Hacked?” It currently has 4 entries, 3 of which are dramatically in favor of more disclosure. I’m personally fond of Lee Tien’s “ (…)

Read the rest of this entry »

HIPAA’s New Breach Rules

by adam on February 21, 2013

Law firm Proskauer has published a client alert that “HHS Issues HIPAA/HITECH Omnibus Final Rule Ushering in Significant Changes to Existing Regulations.” Most interesting to me was the breach notice section: Section 13402 of the HITECH Act requires covered entities (…)

Read the rest of this entry »

New School Blog Attacked with 0day

by adam on February 18, 2013

We were hacked again. The vuln used was 0day, and has now been patched, thanks to David Mortman and Matt Johansen, and the theme has also been updated, thanks to Rodrigo Galindez. Since we believe in practicing the transparency we (…)

Read the rest of this entry »

HHS & Breach Disclosure

by adam on February 6, 2013

There’s good analysis at “HHS breach investigations badly backlogged, leaving us in the dark” To say that I am frequently frustrated by HHS’s “breach tool” would be an understatement. Their reporting form and coding often makes it impossible to know (…)

Read the rest of this entry »