I spent yesterday in a workshop learning about and practicing scenario planning. It’s a really great tool for planning for (as opposed to predicting) the future. It feels like it’s a great addition to the risk assessment/management process. Check it out.
Mini MetriCon 4.5 will be a one-day event, Monday, March 1, 2010, in San Francisco, California. Through the cooperation of RSA, the workshop will be held at the University of San Francisco, within walking distance of the Moscone Center, the location of the RSA Conference, to be held during the same week. Mini MetriCon attendees [...]
Josh Corman had an awesome post over on Fudsec on Friday. It’s so awesomely appropriate to this blog, that I’m sharing it with you. My only complaint is that I wish that I had written instead. Go read it right now.
Rob Lemos has a new article up on the MIT Technology Review, about some researchers from UC Santa Barbara who spent several months studying the Mebroot Botnet. They found some fascinating stuff and I’m looking forward to reading the paper when it’s finally published. While the vast majority of infected machines were Windows based (64% [...]
So awhile back, I posted the following to twitter: Thought of the Day: We don’t need to share raw data if we can share meta-data generated using uniform analytical methodologies. Adam, disagreed: @mortman You can’t test & refine models without raw data, & you can’t ask people with the same orientation to bring diverse perspectives. [...]
The Telegraph reports: More than half of all Britons have been injured by biscuits ranging from scalding from hot tea or coffee while dunking or breaking a tooth eating during a morning tea break, a survey has revealed. Who knew that cookies could be so dangerous? So forget worrying about AV or even seat belts, [...]
Todays New York Times has an interesting article “A Lawsuit Tries to Get at Hackers Through the Banks They Attack” about the folks over at Unspam who are suing under the Can-Spam Act in an attempt to get the names of miscreants who have been attacking banks. More interestingly, they are hoping to force the [...]
There’s been lots of discussion here and elsewhere about what’s wrong with GRC as a market and that discussion is pretty spot on. However, last week, I was chatting with Alex and it suddenly hit me that while GRC doesn’t work, the very concept is even more broken then we had previously thought. I briefly [...]
Following up on my previous post, here’s Part 2, “The Factors that Drive Probable Use”. This is the meat of our model. Follow up posts will dig deeper into Parts 1 and 2. At Black Hat we’ll be applying this model to the vulnerabilities that are going to be released at the show. But before [...]
I wanted to throw it out here as an example of how you would the model from my earlier post in real life. So let’s take the recently released Internet Explorer security vulnerability and see how it fits. Now this is a pretty brain-dead example and hardly requires a special tool, but I think it [...]