Secret Questions

by adam on May 19, 2009

Congratulations to Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University). Their paper, “It’s No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions” has been Slashdotted. It’s really good research, which Rob Lemos (…)

Read the rest of this entry »

Definitions: cloudenfreude

by Chandler on May 15, 2009

cloudenfreude — Feeling of happiness at watching the discomfort of others, especially senior management, as they accept in aggregate for *aaS the same risks which were easily accepted piecemeal over time for the analgous service internally.

First International Alternative Workshop on Aggressive Computing and Security

by adam on May 15, 2009

Thinking security can not be done without adopting a preferential mode of thought of the attacker. A system cannot be defended if we do not know how to attack it. If the theory is still an interesting approach to formalize (…)

Read the rest of this entry »

PCI Data Available

by alex on May 15, 2009

Interesting information was made available today from VISA about PCI Compliance status for Level 1, 2, and 3 merchants.  Find it as a .pdf >>here<< (thanks to Mike Dahn for bringing it to our notice). **UPDATE** You may want to (…)

Read the rest of this entry »

Richard Bejtlich’s Quantum State

by alex on May 14, 2009

Is Statistically Mixed? Richard Bejtlich (whom I do admire greatly in most all of his work) just dug up a dead horse and started beating it with the shovel, and I just happen to have this baseball bat in my (…)

Read the rest of this entry »

European View on Breaches

by adam on May 13, 2009

I hadn’t seen this article by Peter Hustinix when it came out, but it’s important. He says that “All data breaches must be made public:” The good news is that Europe’s lawmakers want to make it obligatory to disclose data (…)

Read the rest of this entry »

The Eyes of Texas Are on Baseboard Management Controllers? WHAT??!!!

by alex on May 7, 2009

OR TEXAS HB1830S IS SWINEFLU LEGISLATION, IT’S BEEN INFECTED BY PORK! **UPDATE:  It looks like the “vendor language” around Section Six has been struck! Given Bejtlich’s recent promises, I thought we’d take a quick but pragmatic look at why risk (…)

Read the rest of this entry »

Time To Patch, Patch Significance, & Types of Cloud Computing

by alex on May 5, 2009

Recently, a quote from Qualys CTO Wolfgang Kandek struck me kind of weird when I was reading Chris Hoff yet again push our hot buttons on cloud definitions and the concepts of information security survivability.  Wolfgang says (and IIRC, this (…)

Read the rest of this entry »

Cybersecurity Review Turf Battle

by adam on May 3, 2009

Many at RSA commented on the lack of content in Melissa Hathaway’s RSA keynote. The Wall St Journal has an interesting article which may explain why, “Cybersecurity Review Sets Turf Battle:” President Barack Obama’s cybersecurity review has ignited turf battles (…)

Read the rest of this entry »