Thanks for the kind introduction Adam. This has been an interesting summer as I reach out to various security bloggers. I hope my “Meet The Bloggers” podcast series will help people to get to know the various “personalities” out there. We are an interesting bunch. The one question I have for everyone, bloggers and blog…Read More More thoughts on blogging
Brad Stone has a great article in Wired about his car being stolen and the insurance company insisting that he must be lying because he still had all of his fancy RFID enabled keys. This assumption that the security system is perfect is going to continue to bite consumers especially as banks move to two-factor…Read More The Down Side of "Strong" Authentication
So this week I’m off to Metricon and Usenix Security. Many of my co-workers are off (to present an entire track) at Blackhat. What I find really interesting is that there are these two separate streams of security research, one academic and one hacker, in the most positive sense of the word. Both have produced…Read More Don’t Cross the Streams?
I’m pleased to introduce the Jazz Combo’s first actual rocket scientist guest blogger, Richard Stiennon. Before founding IT Harvest, a startup dedicated to re-inventing IT research, Richard worked at Gartner and PriceWaterHouseCoopers. He usually blogs at Threat Chaos, and was kind enough to feature Chris and I as his first podcast, in Meet The Security…Read More Introducing Richard Stiennon
In “Access controlled by a password,” Phillip Hallam-Baker writes: It probably makes sense to have an exception of this type in the first instance when the law is enacted. Otherwise we may well drown in privacy disclosure notices. I must say, I don’t get this objection. Does it apply to any other bit of information…Read More Drowing in Notices?
Over at Matasano, Tom Ptacek skewers the new CERT Secure Programming Standard by asking: Do We Need an ISO Secure Coding Standard?. The entire article is well worth reading, but it sums up nicely with this: There are already a myriad of good sources of information about secure programming, including books targeted specifically to developers…Read More Yet Another Coding Standard?
Indiana’s breach notification law went into effect on July 1, 2006. An excerpt relevant the “lost laptop” phenomenon: Sec. 2. (a) As used in this chapter, “breach of the security of the system” means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a state or local…Read More Indiana's Breach Law
A federal Department of Homeland Security agent passed along information about student protests against military recruiters at UC Berkeley and UC Santa Cruz, landing the demonstrations on a database tracking foreign terrorism, according to government documents released Tuesday. From San Francisco Chronicle, “Terror database tracks UC protests U.S. agent reported on ’05 rallies against military…Read More DHS Has Nothing Better To Do, Apparently
‘The Australian’ has a great story on “Focus key to crack money-laundering.” Its focused on the testimony of a British expert on “money laundering” and includes: Last year, British banks, accountants and lawyers made some 200,000 reports to the authorities. But in the three years since Britain’s law was implemented, there had been only one…Read More Return on (Other People’s) Investment
So there’s a post over at F-Secure’s blog: There’s a growing trend here. We’ve been saying for some time that the lack of large virus outbreaks is evidence that the malware environment could be getting worse, not better. The bad guys want to make money – not make attention. So as a malware author, if…Read More It's Getting Worse All The Time?