Hoff’s blog post “Why Amazon Web Services (AWS) Is the Best Thing To Happen To Security & Why I Desperately Want It To Succeed” is great on a whole bunch of levels. If you haven’t read it, go do that. The first thing I appreciated is that he directly confronts the possibility of his own…Read More Hoff on AWS
The Telegraph reports that the Gavle Goat for 2012 is up, and surrounded by guards, cameras, flame retardants, and arsonists. Emergent Chaos has reporters on the ground internet, ready to report on this holiday story of a town, a goat, and an international conspiracy of drunken arsonists. Stay tuned! This years goat is shown in…Read More The Gavle Goat is Getting Ready to Burn!
It’s easy to feel sympathy for the many folks impacted by the hacking of South Carolina’s Department of Revenue. With 3.6 million taxpayer social security numbers stolen, those people are the biggest victims, and I’ll come back to them. It’s also easy to feel sympathy for the folks in IT and IT management, all the…Read More South Carolina
Amazon now has copies of Control Alt Hack, the card game that I helped Tammy Denning and Yoshi Kohno create. Complimentary copies for academics and those who won copies at Blackhat are en route. From the website: Control-Alt-Hack™ is a tabletop card game about white hat hacking, based on game mechanics by gaming powerhouse Steve…Read More Control-Alt-Hack: Now available from Amazon!
Amazon now has copies of Control Alt Hack, the card game that I helped Tammy Denning and Yoshi Kohno create. Complimentary copies for academics and those who won copies at Blackhat are en route. From the website: Control-Alt-Hack™ is a tabletop card game about white hat hacking, based on game mechanics by gaming powerhouse Steve…Read More Now Available: Control Alt Hack!
My buddy Curt Hopkins is writing about the Patraeus case, and asked: I wonder, in addition to ‘it’s safe if it’s in the draft folder,’ how many additional technically- and legally-useless bits of sympathetic magic that people regularly use in the belief that it will save them from intrusion or discovery, either based on the…Read More Email Security Myths
So there’s a pair of stories on choosing good passwords on the New York Times. The first is (as I write this) the most emailed story on the site, “How to Devise Passwords That Drive Hackers Away.” It quotes both Paul Kocher and Jeremiah Grossman, both of whom I respect. There’s also a follow-on story,…Read More The Questions Not Asked on Passwords
Several commenters on my post yesterday have put forth some form of the argument that hackers are humans, humans are unpredictable, and therefore, information security cannot have a Nate Silver. This is a distraction, as a moment’s reflection will show. Muggings, rapes and murders all depend on the actions of unpredictable humans, and we can,…Read More The "Human Action" argument is not even wrong
So by now everyone knows that Nate Silver predicted 50 out of 50 states in the 2012 election. Michael Cosentino has a great picture: Actually, he was one of many quants who predicted what was going to happen via meta-analysis of the data that was available. So here’s my question. Who’s making testable predictions of…Read More Where is Information Security's Nate Silver?
Many times when computers are compromised, the compromise is stealthy. Take a moment to compare that to being attacked by a lion. There, the failure to notice the lion is right there, in your face. Assuming you survive, you’re going to relive that experience, and think about what you can learn from it. But in…Read More Effective training: Wombat's USBGuru