Because it is the weekend and I am lazy
Chris’s beach reading recommendations John Maynard Smith, Evolution and the Theory of Games James S. Coleman, Foundations of Social Theory Ken Binmore, Natural Justice
Chris’s beach reading recommendations John Maynard Smith, Evolution and the Theory of Games James S. Coleman, Foundations of Social Theory Ken Binmore, Natural Justice
I was on a business commuter flight the other day, which was also the maiden voyage of my MacBook Air. I had it out before takeoff. This was an international flight and I was in bulkhead. On international flights, they’re not as strict about not having your laptop on your lap during takeoff. This flight […]
“Introducing FUD Watch:” Most mornings, I start the work day with an inbox full of emails from security vendors or their PR reps about some new malware attack, software flaw or data breach. After some digging, about half turn out to be legitimate issues while the rest – usually the most alarming in tone – […]
El Reg writes that the India Times writes that RIM has “blackballed” (El Reg’s words) the Indian Government’s requests to get BB keys, saying what we suspected, that there are no keys to give. The India times says: BlackBerry vendor Research-In-Motion (RIM) said it cannot hand over the message encryption key to the government as […]
Chris Pounder has an article on the subject: In summary, most of the important features of USA-style, security breach notification law are now embedded into the guiding Principles of the Data Protection Act. Organisations risk being fined if they carelessly loose personal data or fail to encrypt personal data when they should have done. Individuals […]
I really like this picture from Jack Jones, “Communicating about risk – part 2:” Using frequency, we can account for events that occur many times within the defined timeframe as well as those that occur fewer than once in the timeframe (e.g., .01 times per year, or once in one hundred years). Of course, this […]
Walkscore.com. Calculates a location’s “walkability” by using Google Maps to figure out how close various amenities (such as grocery stores, public transit, parks, etc.) are. Not a perfect service, but a great idea.
A paper by Sasha Romanosky, Rahul Telang, and Alessandro Acquisti to be presented at the upcoming WEIS workshop examines the impact of breach disclosure laws on identity theft. The authors find no statistically [significant] evidence that laws reduce identity theft, even after considering income, urbanization, strictness of law and interstate commerce The folks at Bank […]
Over at Layer8, shrdlu lays it out there and tells us what it takes to appear to be effective: In all the initiatives I’ve rolled out in my (checkered) career, the ones that have gotten the most acclaim from my management have always been the ones that were most visible to the users. They turned […]
You may have seen this article from the India Times, “Govt may get keys to your BlackBerry mailbox soon.” Many people have been commenting on it, and the hand-wringing should build up to a good storm in a few days. The gist of the article is that the Indian Government has told RIM that if […]
I was struck by this quote in the Economist special report on international banking: There were navigational aids to help investors but they often gave false comfort. FICO scores, the most widely used credit score in America, were designed to assess the creditworthiness of individual borrowers, not the quality of pools of mortgages. “’Know your […]
Don Morrill, IT Toolbox: If you want to read a book that will have an influence on your information security career, or if you just want to read something that points out that we do need to do information security differently, then you need to go pick up a copy of “The new school of […]
A number of people have sent me links to “Black Hat Tariffs – The Black Hat Taxes on consumer Internet companies are on the rise:” In May 2006, I made mention of the Black Hat Tax, in which most consumer Internet sites have an inherent time, resource, and mindshare tax of roughly 25% due to […]
In name only, but NASA will be sending a database of names to the moon on the forthcoming Lunar Reconnaissance Orbiter. You can add yours. Oh, the name? seemed right when I wanted one with a quote in it. [Update: Securology posted “ Sending Bobby Tables to the Moon,” which is funnier, if more likely […]
The Washington Times reports that the State Department is going to be producing “passport cards” for people who regular travel by car or boat to/from Canada, Mexico and Carribean. About the size of a credit card, the electronic-passport card displays a photo of the user and a radio frequency identification (RFID) chip containing data about […]
The 26th episode of The Silver Bullet Security Podcast features Adam Shostack, a security expert on Microsoft’s Secure Development Lifecycle team who has also worked for Zero Knowledge and Reflective. Gary and Adam discuss how Adam got started in computer security, how art/literature informs Adam’s current work, and the main ideas behind Adam’s new book […]
Delightful!
Can Sips at Home Prevent Binges? is a fascinating article in the New York Times. It turns out there’s very solid evidence about this: “The best evidence shows that teaching kids to drink responsibly is better than shutting them off entirely from it,” he told me. “You want to introduce your kids to it, and […]
Uncle Harold (not his real name, not our real relationship, and I never even called him “Uncle”) was a cool guy who always fixed his own cars. Most of my life, Uncle Harold has been complaining. It used to be you could actually fix a car. You could put things in, take them out, adjust […]
I’m excited and grateful to the Industry Standard for including us in their “Top 25 B-to-Z list blogs.” There’s some great stuff in there which I read, like “Information Aesthetics
If you haven’t heard about this, you need to. All Debian-based Linux systems, including Ubuntu, have a horrible problem in their crypto. This is so important that if you have a Debian-based system, stop reading this and go fix it, then come back to finish reading. In fact, unless you know you’re safe, I’d take […]
A hacker in Chile calling himself the ‘Anonymous Coward’ published confidential data belonging to six million people on the internet. Authorities are investigating the theft of the leaked data, which includes identity card numbers, addresses, telephone numbers, emails and academic records. Chile has a population of about 16 million, so that’s 3/8ths of the country. […]
From the article: The Criminal Justice and Immigration Act has received Royal Assent creating tough new sanctions for the privacy watchdog, the Information Commissioner’s Office (ICO). This new legislation gives the ICO the power to impose substantial fines on organisations that deliberately or recklessly commit serious breaches of the Data Protection Act. It’s about time […]
I really enjoyed watching the podcast version of a talk that Jack Jones gave at Purdue, “Shifting focus: Aligning security with risk management.” I liked the opener, about what it’s like for executives to talk to security professionals, and the difference between what might happen and what’s likely to happen. The screenshot is from a […]
There’s an article in the New York Times, “‘Mad Pride’ Fights a Stigma” “It used to be you were labeled with your diagnosis and that was it; you were marginalized,” said Molly Sprengelmeyer, an organizer for the Asheville Radical Mental Health Collective, a mad pride group in North Carolina. “If people found out, it was […]
The “I’ve Been Mugged” blog has a great three part series on outsourcing by credit bureaus: “Is It Wise For Credit Bureaus To Outsource To Foreign Call Center Firms? (Part 1),” “part 2” and “part 3.” He digs deep into how extensively TransUnion outsources, and where. I went looking, and was surprised to see that […]
Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. “CCTV was originally seen as a preventative measure,” Neville told the Security Document World Conference in London. “Billions of pounds has been spent on kit, but […]
PARIS — Jérôme Kerviel, the Société Générale trader who used his knowledge of the French bank’s electronic risk controls to conceal billions in unauthorized bets, has a new job — at a computer consulting firm. Mr. Kerviel, who was given a provisional release from prison on March 18, started work last week as a trainee […]
There’s a story in the New York Times about a bike rental program in Washington DC. It’s targeted at residents, not tourists, and has a subscription-based model. Improved technology allows programs to better protect bicycles. In Washington, SmartBike subscribers who keep bicycles longer than the three-hour maximum will receive demerits and could eventually lose renting […]
Various estimates have been made regarding the quantity of personal identifying information which has been exposed by various mechanisms. Obviously, though, we only know about what we can see, so seeing more would make such estimates better. One way to see more would be to look in more places, for example on peer-to-peer file sharing […]
Dear Mr. Banks, Much as I enjoy your work, it is entirely dis-congruous to your readers to insert words known to neither the Oxford English Dictionary or the internet (as indexed here, here or here) whose meanings are not rapidly comprehensible. Thank you for your future attention to this matter. I remain, etc, etc.
I would estimate that 2/3 of the calls I get are from people trying to sell me things I neither need nor want. Of those, over half are outsourcing services. Of the remainder, recruiters are over half. There are also people who call me for their services once a week. There’s one particular outsourcing firm […]
How much do you make? How surprised would you be to learn that your magic number had been posted on the Internet by the government? And that it was not by mistake, as in other recent breaches of privacy. How Much Do You Make? The Nation Already Knows. The data has already been removed from […]