Clik here to view.
New School: New Book by Adam Shostack
Adam Shostack, whose group blog Emergent Chaos I quote frequently in this blog, has a new book coming out with co-author Andrew Stewart: New School of Information Security. We think there’s an...
View ArticleClik here to view.
Auditing Georgia Government Security
Georgia’s governor wants to standardize information security reporting across the entire state government: The Executive Order calls for a single set of information security reporting standards for...
View ArticleClik here to view.
OK Leaks Tens of Thousands of SSNs for Years
You’d think they’d know better: One of the cardinal rules of computer programming is to never trust your input. This holds especially true when your input comes from users, and even more so when it...
View ArticleClik here to view.
APWG Atlanta Buckhead
Five years of the Anti-Phishing Working Group! Dave Jevans gave a retrospective, followed by country reports: Japan: Pretending to be grandchild to get bank account transfer is popular. ATM scams are...
View ArticleClik here to view.
SEC moving towards breach disclosure requirement?
The 13 October 2011 SEC guidance, CF Disclosure Guidance: Topic No. 2: Cybersecurity, leaves most of the decision of what sort of breaches are significant enough to disclose up to the affected...
View ArticleClik here to view.
Davos discovers cyber attacks
Cyber attacks made the Davos Top 5 Global Risks in Terms of Likelihood. Davos, the annual conclave of the hyper-rich and famously elected, has also discovered Severe income disparity and Water supply...
View ArticleClik here to view.
Microsoft, world leader in Internet security: and spamming?
Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing...
View ArticleClik here to view.
Syria and Yemen: 29 November 2012
At 10:30 AM GMT yesterday, 29 November 2012, routing to Yemen suddenly changed from London to Dubai through FLAG to New York to Dubai through ETISALAT, as shown in the animation here and detailed in...
View ArticleClik here to view.
SIRA Security Event in VERIS Community Database of breaches
I’ve provoked an example breach report in the VERIS Community Database by the Verizon Risk Team, recorded in this JSON file, with this summary: A secondary domain hosted by Bluehost was defaced by an...
View ArticleClik here to view.
Spam and Botnet Reputation Randomized Control Trials and Policy @ TPRC 41
How to do a ranking when you can’t present a rank list: use a distribution graph. Also how to do a randomized control trial when there are active enemy agents: five ways to find out if and how much...
View Article
