I’m on episode 14 of the Risk Hose podcast, with co-blogger Alex. Chris, Jay and Alex are joined by Adam Shostack and we dig into the topic of feedback loops within Information Security. You should check it out! Episode 14: Feedback Loops
First, good on AT&T for telling people that there’s been an attempt to hack their account. (My copy of the letter that was sent is after the break.) I’m curious what we can learn by discussing the attack. An AT&T spokesperson told Fox News that “Fewer than 1 percent of customers were targeted.” I’m currently [...]
But in the last year and a half, at least 50 diners at restaurants like the Capital Grille, Smith & Wollensky, JoJo and Wolfgang’s Steakhouse ended up paying for more than just a fine piece of meat. Their card information — and, in effect, their identities [sic] — had been stolen by waiters in a [...]
Wade Baker has a quick response to my “Thoughts on the 2011 DBIR and APT,” including the data that I was unable to extract. Thanks!
At least, that’s the conclusion of a study from Telus and Rotman. (You might need this link instead) A report in IT security issued jointly by Telus and the Rotman School of Management surveyed 649 firms and found companies that ban employees from using social media suffer 30 percent more computer security breaches than ones [...]
Two weeks ago I finally got a chance to see Moxie’s Convergence/Trust Agility talk in person. (Since this was at work, let me just re-iterate that this blog is my personal opinions about what I saw.) It’s very good stuff, and Moxie and I had a good side chat about enhancing the usability of Convergence [...]
So Verizon has recently released their 2011 DBIR. Or perhaps more accurately, I’ve managed to pop enough documents off my stack that my scribbled-on notes are at the top, and I wanted to share some with you. A lot have gone to the authors, in the spirit of questions only they can answer. Here, I [...]
I talk a lot about the importance of data in enabling us to bring the scientific method to bear on information security. There’s a reason for that: more data will let us know the falsehoods, and knowing the falsehoods will set us free. But discovering what claims don’t stand up to scrutiny is a matter [...]
Last Sunday, I did a book reading at Ada’s Technical Books. As I say in the video, I was excited because while I’ve talked about the New School, and I’ve given talks about the New School, I hadn’t done a book reading, in part because of the nature of the book, and my personal comfort [...]
Go read this excellent article by Ed Bellis.