Archive for the “argument” category
How to Ask Good Questions at RSA
by adam on February 26, 2013
So this week is RSA, and I wanted to offer up some advice on how to engage. I’ve already posted my “BlackHat Best Practices/Survival kit. First, if you want to ask great questions, pay attention. There are things more annoying (…)
Is there “Room for Debate?” in Breach Disclosure?
by adam on February 22, 2013
The New York Times has a “Room for Debate” on “Should Companies Tell Us When They Get Hacked?” It currently has 4 entries, 3 of which are dramatically in favor of more disclosure. I’m personally fond of Lee Tien’s “ (…)
The High Price of the Silence of Cyberwar
by adam on January 9, 2013
A little ways back, I was arguing [discussing cyberwar] with thegrugq, who said “[Cyberwar] by it’s very nature is defined by acts of espionage, where all sides are motivated to keep incidents secret.” I don’t agree that all sides are (…)
Infosec Lessons from Mario Batali’s Kitchen
by adam on December 3, 2012
There was a story recently on NPR about kitchen waste, “No Simple Recipe For Weighing Food Waste At Mario Batali’s Lupa.” Now, normally, you’d think that a story on kitchen waste has nothing to do with information security, and you’d (…)
The Boy Who Cried Cyber Pearl Harbor
by adam on October 12, 2012
There is, yet again, someone in the news talking about a cyber Pearl Harbor. I wanted to offer a few points of perspective. First, on December 6th, 1941, the United States was at peace. There were worries about the future, (…)
Your career is over after a breach? Another Myth, Busted!
by adam on August 6, 2012
I’m a big fan of learning from our experiences around breaches. Claims like “your stock will fall”, or “your customers will flee” are shown to be false by statistical analysis, and I expect we’d see the same if we looked (…)
Aitel on Social Engineering
by adam on July 19, 2012
Yesterday, Dave Aitel wrote a fascinating article “Why you shouldn’t train employees for security awareness,” arguing that money spent on training employees about awareness is wasted. While I don’t agree with everything he wrote, I submit that your opinion on (…)
Feynman on Cargo Cult Science
by adam on June 11, 2012
On Twitter, Phil Venables said “More new school thinking from the Feynman archives. Listen to this while thinking of InfoSec.” During the Middle Ages there were all kinds of crazy ideas, such as that a piece of rhinoceros horn would (…)
Lean Startups & the New School
by adam on September 20, 2011
On Friday, I watched Eric Ries talk about his new Lean Startup book, and wanted to talk about how it might relate to security. Ries concieves as startups as businesses operating under conditions of high uncertainty, which includes things you (…)
Are Lulz our best practice?
by adam on June 10, 2011
Over at Risky.biz, Patrick Grey has an entertaining and thought-provoking article, “Why we secretly love LulzSec:” LulzSec is running around pummelling some of the world’s most powerful organisations into the ground… for laughs! For lulz! For shits and giggles! Surely (…)