Shostack + Friends Blog Archive

 

New York Times gets Pwned, Responds all New School

So there’s a New York Times front page story on how “Hackers in China Attacked The Times for Last 4 Months.” I just listened to the NPR story with Nicole Perlroth, who closed out saying: “Of course, no company wants to come forward and voluntarily say `hey we were hacked by China, here’s how it […]

 

Breach Analysis: Data Source biases

Bob Rudis has an fascinating and important post “Once More Into The [PRC Aggregated] Breaches.” In it, he delves into the various data sources that the Privacy Rights Clearinghouse is tracking. In doing so, he makes a strong case that data source matters, or as Obi-Wan said, “Luke, you’re going to find that many of […]

 

Happy Data Privacy Day! Go check out PrivacyFix

It’s Data Privacy Day, and there may be a profusion of platitudes. But I think what we need on data privacy day are more tools to let people take control of their privacy. One way to do that is to check your privacy settings. Of course, the way settings are arranged changes over time, and […]

 

Why the Star Wars Prequels Sucked

It is a truism that the Star Wars prequels sucked. (Elsewhere, I’ve commented that the franchise being sold to Disney means someone can finally tell the tragic story of Anakin Skywalker’s seduction by the dark side.) But the issue of exactly why they sucked is complex and layered, and most of us prefer not to […]

 

Privacy and Health Care

In my post on gun control and schools, I asserted that “I worry that reducing privacy around mental health care is going to deter people who need health care from getting it.” However, I didn’t offer up any evidence for that claim. So I’d like to follow up with some details from a report that […]

 

"Cyber" Insurance and an Opportunity

There’s a fascinating article on PropertyCasualty360 “ As Cyber Coverage Soars, Opportunity Clicks” (thanks to Jake Kouns and Chris Walsh for the pointer). I don’t have a huge amount to add, but wanted to draw attention to some excerpts that drew my attention: Parisi observes that pricing has also become more consistent over the past […]

 

Thoughts on the Tragedies of December 14th

I started this post on December 14th, and couldn’t finish it. I’m going to leave the opening as I wrote it then: By now, everyone has heard of the tragic school shooting in Connecticut. My heart goes out to everyone touched by the events. But this isn’t the first school shooting on a December 14th. […]

 

“The Phoenix Project” may be uncomfortable

The Phoenix Project as an important new novel, and it’s worth reading if you work in technology. As I read it, I was awfully uncomfortable with one of the characters, John. John is the information security officer in the company, and, to be frank, John does not come off well at the start of the […]

 

On Disclosure of Intrusion Events in a Cyberwar

[This guest article is by thegruq. I’ve taken the liberty of HTML-ifying it from his original, http://pastie.org/5673568.] On Disclosure of Intrusion Events in a Cyberwar The Nation State’s guide to STFU In a cyberwar (such as the ongoing events on the Internet), all actors are motivated to remain silent about incidents that they detect. However, […]

 

Giant Rubber Ducks

There’s a giant rubber duck in Sydney Harbor right now: It’s apparently by Florentijn Hofman, who does this sort of thing. My only other comment? Seattle, you’re doing it wrong. Where’s our rubber duckie? Via “Sydney Festival Launches Giant Rubber Duck in the Harbor“, Pedestrian TV. (I believe there’s a typo, and the duck is […]

 

The High Price of the Silence of Cyberwar

A little ways back, I was arguing [discussing cyberwar] with thegrugq, who said “[Cyberwar] by it’s very nature is defined by acts of espionage, where all sides are motivated to keep incidents secret.” I don’t agree that all sides are obviously motivated to keep incidents secret, and I think that it’s worth asking, is there […]

 

Negative temperatures?

Absolute zero is often thought to be the coldest temperature possible. But now researchers show they can achieve even lower temperatures for a strange realm of “negative temperatures.” Oddly, another way to look at these negative temperatures is to consider them hotter than infinity, researchers added. (“Atoms Reach Record Temperature, Colder than Absolute Zero“, Charles […]

 

New School Thinking at the European Union

I was pretty excited to see this: An EU official said the aim of the report was to get companies to be more open about cyber attacks and help them fend off such disruption. “We want to change the culture around cyber security from one where people are sometimes afraid or ashamed to admit a […]