Shostack + Friends Blog Archive

 

30 vs 150,000

For your consideration, two articles in today’s New York Times. First, “How to Remind a Parent of the Baby in the Car?:” INFANTS or young children left inside a vehicle can die of hyperthermia in a few hours, even when the temperature outside is not especially hot. It is a tragedy that kills about 30 […]

 

B-Sides Las Vegas Call For Papers

Friend of the blog and TV’s own <grin> Chris Nickerson has firmed up B-Sides for Las Vegas and is looking for a few good people to submit a few good presos. I spoke last year with David Mortman and it was awesome.  Chris put on some real good event/space for us all. I encourage you […]

 

ANNOUNCEMENT: The Society of Information Risk Analysts

I was talking with (the now nationally famous) Rich Mogull at Secure360 last week in St. Paul (fabulous security gathering, btw, I highly recommend it), and he reiterated his position that we had too much “echo chamber” and not enough engagement with everyone – especially our peers who are down in the trenches and too […]

 

Life

Today will be remembered along with the landing on the moon and the creation of the internet: Researchers at the J. Craig Venter Institute (JCVI), a not-for-profit genomic research organization, published results today describing the successful construction of the first self-replicating, synthetic bacterial cell. The team synthesized the 1.08 million base pair chromosome of a […]

 

We'll always have Facebook…

Waitress Is Fired for Her Complaint on Facebook: Lesson Learned for Employers?. From [German Consumer Protection] Minister Aigner to Mark Zuckerberg: the importance of privacy Farewell, Facebook “Why one super-connected internet enthusiast decided it was time to pull the plug” 5 WTFs: I quit Facebook Today Quit Facebook Day versus 10 Reasons You’ll Never Quit […]

 

Facebook, Here’s Looking at You Kid

The last week and a bit has been bad to Facebook. It’s hard to recall what it was that triggered the avalanche of stories. Maybe it was the flower diagram we mentioned. Maybe it was the New York Times interactive graphic of just how complex it is to set privacy settings on Facebook: Maybe it […]

 

This is what science is for

In “The Quest for French Fry Supremacy 2: Blanching Armageddon,” Dave Arnold of the French Culinary Institute writes: Blanching fries does a lot for you – such as: killing the enzymes that make the potatoes turn purpley-brown. Blanching is always necessary if the potatoes will be air-dried before frying. gelatinizing the starch. During frying, pre-cooked […]

 

Where's the Checks and Balances, Mr. Cameron?

[Update: See Barry’s comments, I seem to misunderstand the proposal.] The New York Times headlines “ Britain’s New Leaders Aim to Set Parliament Term at 5 Years.” Unlike the US, where we have an executive branch of government, the UK’s executive is the Prime Minister, selected by and from Parliament. As I understand things, the […]

 

Malware reports? (A bleg)

I’m doing some work that involves seeing what people are saying about the state of malware in 2010, and search terms like “malware report” get a lot of results, they don’t always help me find thinks like the Symantec ISTR, the McAfee threats report or the Microsoft SIR. To date, I’ve found reports from Cisco, […]

 

Welcome to the club!

As EC readers may know, I’ve been sort of a collector of breach notices, and an enthusiastic supporter of the Open Security Foundation’s DataLossDB project. Recently, I had an opportunity to further support DataLossDB, by making an additional contribution to their Primary Sources archive – a resource I find particularly valuable. Unfortunately, that contribution was […]

 

Facebook Privacy

If you haven’t seen http://mattmckeon.com/facebook-privacy/‘s graphic of how Facebook’s default privacy settings have evolved, it’s worth a look:

 

Getting the time dimension right

If you are developing or using security metrics, it’s inevitable that you’ll have to deal with the dimension of time. “Data” tells you about the past. “Security” is a judgement about the present. “Risk” is a cost of the future, brought to the present. The way to marry these three is through social learning processes.

 

Word!

We show that malicious TeX, BibTeX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TeX’s Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. […]

 

Taxman

Let me tell you how it will be There’s one for you, nineteen for me Chorus: If privacy appear too small Be grateful I don’t take it all Thanks to Jim Harper for the link.

 

"Cyber Economic Incentives" is one of three themes at Federal Cybersecurity R&D Kickoff Event

This event will be the first discussion of these Federal cybersecurity R&D objectives and will provide insights into the priorities that are shaping the direction of Federal research activities. One of the three themes is “Cyber economic incentives — foundations for cyber security markets, to establish meaningful metrics, and to promote economically sound secure practices.”

 

Showing ID In Washington State

Back in October, I endorsed Pete Holmes for Seattle City Attorney, because of slimy conduct by his opponent. It turns out that his opponent was not the only one mis-conducting themselves. The Seattle PD hid evidence from him, and then claimed it was destroyed. They have since changed their story to (apparent) lies about “computer […]