August 2007

Ryan Singel has a long article in Wired: “Point, Click … Eavesdrop: How the FBI Wiretap Net Operates.” I was pretty stunned at some of the numbers: FBI endpoints on DCSNet have swelled over the years, from 20 “central monitoring plants” at the program’s inception, to 57 in 2005, according to undated pages in the…

Read More Inside Carnivore

…airport police Sgt. Dave Karsnia, who was investigating allegations of sexual conduct in airport restrooms, went into a stall shortly after noon on June 11 and closed the door. Minutes later, the officer said he saw Craig gazing into his stall through the crack between the door and the frame. After a man in the…

Read More Senator Craig and the Behavior Detection Officers

Or at least become more vulnerable. I’ve recently been helping a client with their secure coding initiative and as a result I’ve been reading Mike Howard and Dave LeBlanc’s Writing Secure Code which reminded me of an important aspect of maintaining a secure code base which often gets overlooked: That is that as code ages…

Read More Evolve or Die

Via Chris Hoff, “Harvard Business Review: Excellent Data Breach Case Study…” we learn that the Harvard Business Review has a case study, “Boss, I think Someone Stole Out Customer Data.” The fictitious company profiled is Flayton Electronics, a regional electronics chain with 32 stores across six states. The premise of the fictitious data breach focuses…

Read More Harvard Business Review on Breaches

As quoted in Ken Belva’s blog, Larry Gordon writes: However, the above is not the end of the information security story from an economics perspective. If an organization can distinguish itself as having much better information security than its competitors, then that organization may well derive a “competitive advantage” (at least in short-run, until competing…

Read More Security Advantage? I Don’t Buy It.

Over at Dark Reading, there’s a story about First Advantage Membership Services launching a breach notification service. Andrew Conry-Murray starts out: You know data security breaches are way too common when a company builds a business around customer notification of stolen information. and he ends: I applaud companies that comply with notification requirements. It’s the…

Read More No, Breach Notification Service is a Good Sign