“We used to talk about the intent of a tank,” Colonel Thomas explained in an interview. “If you saw one, you knew what it was for. But the intent of electrons – to deliver a message, deliver a virus, or pass covert information – is much harder to figure.” Ian Grigg points out an interesting…Read More The Intent of a Tank
Rob Lemos has an article in CNET about NGSSoftware. On Thursday, they released a slew of advisories about Oracle products with flaws NGS had discovered 3 months ago. Now, it turns out that the problems may be more risky than thought. Alternately, the release of the exploit code may have cause SecurityFocus to raise its…Read More Database Flaws More Risky Than Discussed
I was just playing with Keynote, working on some slides for Shmoocon, when I realized that I couldn’t get my slides onto the web! Now, I’ve griped about how Powerpoint makes its slides for the web, but at least it makes them. It seem that Tim Bray figured this out a while ago, but I…Read More Keynote can't Export to Web?!?
I hope that your elections go smoothly, fairly, and peacefully, and that when they’re done, the people’s will is respected.Read More Good Luck To Ukraine!
A historian, Isaiah (Ike) Wilson III, Ph.D, gave a talk a few months ago at Cornell, entitled “Thinking Beyond War: Civil-Military Operational Planning in Northern Iraq.” His basic thesis seems to be that, in contrast to a carefully planned and executed war campaign, there were no definitive plans for what to do after the Iraqi…Read More Winning the Battles, Losing the War
There’s a story in today’s CNET about banks issuing authentication tokens (like SecurID cards) to customers to address customer authentication issues. While these are useful, insofar as they will make phishing harder, they won’t stop it. Phishing will transform into an online, at the moment crime, which will be easier to catch, but work by…Read More Banks issue 2 factor auth
In writing about Delta Blood Bank earlier today, one of the issues I was thinking about was the unnecessary use of social security numbers, and how it’s an industry standard. One area where this is particularly evident is in the bifurcated market for cell phones. At one end are providers like Virgin and MetroPCS, who…Read More More on SSNs and Risk
Delta Blood Bank sent a letter Friday to donors, warning them a computer that held their personal information had been stolen and advising them to take steps against identity theft and credit card fraud. … In addition to the letter…The blood bank will no longer require Social Security numbers from its donors… No longer require…Read More Delta Blood bank
Starting today, the federal Transportation Security Administration is telling its screeners to keep their hands to the “chest perimeters” of women unless handheld metal detectors beep when waved over their breasts. I’ve mentioned outrage at TSA intrusiveness in the past. (From Boston.com, via CSOOline.)Read More TSA Backs Down
Over at TaoSecurity, Richard Bejtlich writes: ‘ROI is no longer effective terminology to use in most security justifications,’ says Paul Proctor, Vp of security and risk strategies for META Group… Executives, he says, interpret ROI as ‘quantifiable financial return following investment.’ Security professionals view it more like an insurance premium. The C-suite is also wary…Read More Ripping into ROI