Thanks, Risk I/O

by adam on September 27, 2011

Go read this excellent article by Ed Bellis.

The Diginotar Tautology Club

by adam on September 23, 2011

I often say that breaches don’t drive companies out of business. Some people are asking me to eat crow because Vasco is closing its subsidiary Diginotar after the subsidiary was severely breached, failed to notify their reliant parties, mislead people (…)

Read the rest of this entry »

Book Reading in Seattle on Sunday

by adam on September 21, 2011

This Sunday I’ll be reading from the New School at 4PM on Sunday at Ada’s Technical Books in Capitol Hill. If you’re in the area, you should come!

Lean Startups & the New School

by adam on September 20, 2011

On Friday, I watched Eric Ries talk about his new Lean Startup book, and wanted to talk about how it might relate to security. Ries concieves as startups as businesses operating under conditions of high uncertainty, which includes things you (…)

Read the rest of this entry »

Diginotar Quantitative Analysis (“Black Tulip”)

by adam on September 13, 2011

Following the Diginotar breach, FOX-IT has released analysis and a nifty video showing OCSP requests. As a result, lots of people are quoting a number of “300,000”. Cem Paya has a good analysis of what the OCSP numbers mean, what (…)

Read the rest of this entry »

The Rules of Breach Disclosure

by adam on September 7, 2011

There’s an interesting article over at CIO Insight: The disclosure of an email-only data theft may have changed the rules of the game forever. A number of substantial companies may have inadvertently taken legislating out of the hands of the (…)

Read the rest of this entry »