Archive for the ‘Uncategorized’ Category
Sunday, November 1st, 2009
I just finished writing an article for the ISSA Journal on privacy. During the research I came to the conclusion that there is another shoe left to drop - corporate privacy. I consider corporate privacy the aggregate of the obvious things like intellectual property and private data, but I also ...
Posted in Uncategorized | No Comments »
Thursday, March 26th, 2009
I've been reading a lot of press recently about breaches and vulnerabilities. Nothing particularly new there - it happens all the time. But for some reason I am beginning to get annoyed at the now customary tone of surprise and fear. Surprise, I suppose, that the technology that we so ...
Posted in Uncategorized | No Comments »
Thursday, March 5th, 2009
There has been considerable excitement recently in the press, and amongst some of our customers, about the recent presentation at Black Hat DC 2009 Briefings by Moxie Marlinspike on "New Techniques for Defeating SSL/TLS".
What Moxie presents is a variety of variations on the classic man-in-the-middle (MITM) attack. Now MITM attacks ...
Posted in Uncategorized | No Comments »
Sunday, February 1st, 2009
So, you’re watching the Super Bowl. You have a houseful of kids and friends, all watching your brand-new 60” flat screen. It’s a tight game and everyone is glued to the set. With less than 3 minutes left, Arizona scores a touchdown. Suddenly the picture changes ...
Posted in Uncategorized | No Comments »
Sunday, January 18th, 2009
Just as we were recovering from the TJ Maxx breach, Heartland Payment Systems coughs up some 100m credit card numbers. I guess when that happens you have to tell someone, so why not while everyone is distracted, say by a presidential inauguration? The Heartland marketing machine is definitely ...
Posted in Uncategorized | No Comments »
Thursday, August 14th, 2008
Every year we have a huge accident somewhere in the US because a group of morons think that they can charge through the tulle fog at 85MPH. They’re genuinely surprised to discover that not everyone is a foolish as they are. Unfortunately, this discovery is made too late and people ...
Posted in Uncategorized | No Comments »
Tuesday, July 29th, 2008
Google reported today that their SSL certs had expired on their SMTP service. Although I guess this not a huge deal, and is more about image and user inconvenience than a real security issue, I think it does illustrate a continuing problem that the industry is well aware of.
No, not ...
Posted in Uncategorized | No Comments »
Thursday, July 10th, 2008
Sometimes it’s fun to listen to people speak about things that they obviously know nothing about. Yesterday I was trapped in my car and listening to NPR. I like the News Report with Jim Lehrer because they usually have very intelligent people speaking about subjects that they know a great ...
Posted in Uncategorized | No Comments »
Tuesday, July 8th, 2008
Information Security is still in its infancy as far as being its own entity inside of any corporation and even more so inside of any government organization. While there are many views on who and what makes a good Chief Security Officer (CSO) or even for that matter if you ...
Posted in Uncategorized | No Comments »
Tuesday, July 8th, 2008
I was one of the presenters for an ISSA e-Symposium, Risk and Compliance – Audit Fatigue, held on 8 July 2008. The e-Symposium was hosted by Mike Simons, Editor, ComputerWorld UK. George Kurtz, Senior Vice President & General Manager, Risk & Compliance Business Unit, McAfee Inc. gave the Opening Keynote - Audit Fatigue, followed by Dorian Cougias, CEO, Network ...
Posted in Uncategorized | No Comments »
