Shostack + Friends Blog Archive

 

Turning off the lights: Chaos Emerges.

See what happened when Portishead, England turned off their traffic lights in September 2009 in this video. And don’t miss “Portishead traffic lights set to stay out after trial” in the Bristol Evening Post.

 
 

TSA: Let us Take Nekkid Pics of You Or You Get "Bad Touch"

Apparently, the TSA is now protecting us so well that they make women cry by touching them inappropriately. According to (CNN Employee Rosemary) Fitzpatrick, a female screener ran her hands around her breasts, over her stomach, buttocks and her inner thighs, and briefly touched her crotch. “I felt helpless, I felt violated, and I felt […]

 

"My little piece of privacy"

Very entertaining video: I love it because curtains are privacy people will pay for, but even more, because, ironically for a privacy-enhancing technology, it generates more attention than not using it.

 

It's not TSA's fault

October 18th’s bad news for the TSA includes a pilot declining the choice between aggressive frisking and a nudatron. He blogs about it in “Well, today was the day:” On the other side I was stopped by another agent and informed that because I had “opted out” of AIT screening, I would have to go […]

 

Collective Smarts: Diversity Emerges

Researchers in the United States have found that putting individual geniuses together into a team doesn’t add up to one intelligent whole. Instead, they found, group intelligence is linked to social skills, taking turns, and the proportion of women in the group. […] “We didn’t expect that the proportion of women would be a significant […]

 

A Letter from Sid CRISC – ious

In the comments to “Why I Don’t Like CRISC” where I challenge ISACA to show us in valid scale and in publicly available models, the risk reduction of COBIT adoption, reader Sid starts to get it, but then kinda devolves into a defense of COBIT or something.  But it’s a great comment, and I wanted […]

 

Seriously? Are We Still Doing this Crap? (RANT MODE = 1)

These days I’m giving a DBIR presentation that highlights the fact that SQLi is 10 years old, and yet is still one of the favorite vectors for data breaches. And while CISO’s love it when I bring this fact up in front of their dev. teams, in all deference to software developers and any ignorance […]

 

Re-architecting the internet?

Information Security.com reports that: [Richard Clarke] controversially declared “that spending more money on technology like anti-virus and IPS is not going to stop us losing cyber-command. Instead, we need to re-architect our networks to create a fortress. Let’s spend money on research to create a whole new architecture, which will cost just a fraction of […]

 

Another personal data invariant that varies

Just about anything a database might store about a person can change. People’s birthdays change (often because they’re incorrectly reported or recorded). People’s gender can change. One thing I thought didn’t change was blood type, but David Molnar pointed out to me that I’m wrong: Donors for allogeneic stem-cell transplantation are selected based on their […]

 

Money is information coined

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily […]

 

Call for Questions: 451 & Verizon DBIR Webinar

Hey everyone. I wanted to mention that Josh Corman of the 451 Group has graciously decided to make a webinar with me on the Data Breach Investigations Report , and has even made the webinar open to the public. So as such, Josh is collecting questions ahead of time.  If you want to submit some […]

 

Java Security & Criminals

Brian Krebs has an interesting article on “Java: A Gift to Exploit Pack Makers.” What makes it interesting is that since information security professionals share data so well, Brian was able to go to the top IDS makers and get practical advice on what really works to secure a system. Sorry, dreaming there for a […]

 

Society Of Information Risk Analysts (SIRA) Meeting Thursday!

HEY! SIRA Meeting on Thursday – click here for a calendar invite/reminder thingy/.ics file -> http://bit.ly/b5RKl9 In long format: Topic: SIRA RISK OCT – SANS! Date: Thursday, October 14, 2010 Time: 10:30 am, Eastern Daylight Time (New York, GMT-04:00) Meeting Number: 745 433 825 Meeting Password: sira ——————————————————- To join the online meeting (Now from […]

 

Lessons from HHS Breach Data

PHIPrivacy asks “do the HHS breach reports offer any surprises?” It’s now been a full year since the new breach reporting requirements went into effect for HIPAA-covered entities. Although I’ve regularly updated this blog with new incidents revealed on HHS’s web site, it might be useful to look at some statistics for the first year’s […]

 
 
 

AT&T, Voice Encryption and Trust

Yesterday, AT&T announced an Encrypted Mobile Voice. As CNet summarizes: AT&T is using One Vault Voice to provide users with an application to control their security. The app integrates into a device’s address book and “standard operation” to give users the option to encrypt any call. AT&T said that when encryption is used, the call […]

 

Free Hossein Derakhshan

Apparently, the Iranian Government has sentenced Hossein “Hoder” Derakhshan to 19.5 years in jail for “collaborating with enemy states, creating propaganda against the Islamic regime, insulting religious sanctity, and creating propaganda for anti-revolutionary groups.” If you think putting bloggers or journalists in jail is wrong, please, please take a moment to sign the petition to […]

 

Wrong bra, no bra: Jail bars lawyer

Via the Miami Herald: An underwire bra stopped a Miami attorney from seeing her client held at the Miami Federal Detention Center, setting off controversy over the inmate facility’s dress code. The issue here isn’t so much the dress code (though it is problematic) but inconsistent enforcement of previously agreed upon rules. It’s hard to […]

 

Saturn's Moon Enceladus

NASA claims that: At least four distinct plumes of water ice spew out from the south polar region of Saturn’s moon Enceladus in this dramatically illuminated image. Light reflected off Saturn is illuminating the surface of the moon while the sun, almost directly behind Enceladus, is backlighting the plumes. See Bursting at the Seams to […]

 

Fines or Reporting?

Over at the Office of Inadequate Security, Dissent does excellent work digging into several perspectives on Discover Card breaches: Discover’s reports, and the (apparent) silence of breached entities. I’m concerned that for many of the breaches they report, we have never seen breach reports filed by the entities themselves nor media reports on the incidents. […]