New School: New Book by Adam Shostack
Adam Shostack, whose group blog Emergent Chaos I quote frequently in this blog, has a new book coming out with co-author Andrew Stewart: New School of Information Security. We think there’s an...
View ArticleAuditing Georgia Government Security
Georgia’s governor wants to standardize information security reporting across the entire state government: The Executive Order calls for a single set of information security reporting standards for...
View ArticleOK Leaks Tens of Thousands of SSNs for Years
You’d think they’d know better: One of the cardinal rules of computer programming is to never trust your input. This holds especially true when your input comes from users, and even more so when it...
View ArticleAPWG Atlanta Buckhead
Five years of the Anti-Phishing Working Group! Dave Jevans gave a retrospective, followed by country reports: Japan: Pretending to be grandchild to get bank account transfer is popular. ATM scams are...
View ArticleSEC moving towards breach disclosure requirement?
The 13 October 2011 SEC guidance, CF Disclosure Guidance: Topic No. 2: Cybersecurity, leaves most of the decision of what sort of breaches are significant enough to disclose up to the affected...
View ArticleDavos discovers cyber attacks
Cyber attacks made the Davos Top 5 Global Risks in Terms of Likelihood. Davos, the annual conclave of the hyper-rich and famously elected, has also discovered Severe income disparity and Water supply...
View ArticleMicrosoft, world leader in Internet security: and spamming?
Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing...
View ArticleSyria and Yemen: 29 November 2012
At 10:30 AM GMT yesterday, 29 November 2012, routing to Yemen suddenly changed from London to Dubai through FLAG to New York to Dubai through ETISALAT, as shown in the animation here and detailed in...
View ArticleSIRA Security Event in VERIS Community Database of breaches
I’ve provoked an example breach report in the VERIS Community Database by the Verizon Risk Team, recorded in this JSON file, with this summary: A secondary domain hosted by Bluehost was defaced by an...
View ArticleSpam and Botnet Reputation Randomized Control Trials and Policy @ TPRC 41
How to do a ranking when you can’t present a rank list: use a distribution graph. Also how to do a randomized control trial when there are active enemy agents: five ways to find out if and how much...
View Article
More Pages to Explore .....