Archive for the “Doing it Differently” category

What can we learn from the social engineering contest?

by adam on September 20, 2012

I was struck by the lead of Kelly Jackson Higgins’ article on the Defcon Social Engineering Contest: Walmart was the toughest nut to crack in last year’s social engineering competition at the DefCon hacker conference in Las Vegas, but what (…)

Read the rest of this entry »

Smashing the Future for Fun and Profit

by adam on September 10, 2012

I’d meant to post this at BlackHat. I think it’s worth sharing, even a bit later on: I’m excited to have be a part of a discussion with others who spoke at the first Blackhat: Bruce Schneier, Marcus Ranum, Jeff (…)

Read the rest of this entry »

Don’t Share, Publish

by adam on August 29, 2012

I’d like to offer up a thought with regards to the latest swirl of discussion around ‘information sharing’ in security: Don’t share, publish. I want to talk about this because more and more folks are starting to question the value (…)

Read the rest of this entry »

Aitel on Social Engineering

by adam on July 19, 2012

Yesterday, Dave Aitel wrote a fascinating article “Why you shouldn’t train employees for security awareness,” arguing that money spent on training employees about awareness is wasted. While I don’t agree with everything he wrote, I submit that your opinion on (…)

Read the rest of this entry »

The Evolution of Information Security

by adam on July 9, 2012

A little while back, a colleague at the NSA reached out to me for an article for their “Next Wave” journal, with a special topic of the science of information security. I’m pleased with the way the article and the (…)

Read the rest of this entry »

Active Defense: Show me the Money!

by adam on June 21, 2012

Over the last few days, there’s been a lot of folks in my twitter feed talking about “active defense.” Since I can’t compress this into 140 characters, I wanted to comment quickly: show me the money. And if you can’t (…)

Read the rest of this entry »

In the Spirit of Feynman

by adam on June 14, 2012

Did you notice exactly how much of my post on Cloudflare was confirmation bias? Here, let me walk you through it. In our continuing series of disclosure doesn’t hurt, Continuing series are always dangerous, doubly so on blogs. I wanted (…)

Read the rest of this entry »

How to mess up your breach disclosure

by adam on March 30, 2012

Congratulations to Visa and Mastercard, the latest companies to not notify consumers in a prompt and clear manner, thus inspiring a shrug and a sigh from consumers. No, wait, there isn’t a clear statement, but there is rampant speculation and (…)

Read the rest of this entry »

Doctors Make Mistakes. Can we talk about that?

by adam on March 26, 2012

That’s the title of this TED Talk, “Doctors Make Mistakes. Can we talk about that?” When was the last time you heard somebody talk about failure after failure after failure? Oh yeah, you go to a cocktail party and you (…)

Read the rest of this entry »

Feelings! Nothing but feelings!

by adam on March 15, 2012

At BSides San Francisco, I met David Sparks, whose blog post on 25 security professionals admit their mistakes I commented on here. And in the department of putting my money where my mouth is, I talked him through the story (…)

Read the rest of this entry »