As many EC readers realize, press reports about data breaches involving lost or stolen computers often contain statements something like “The actual risk is thought to be minimal, since a password is required to login to the missing computer”. Such statements are sufficiently numerous that the pre-eminent source of breach data, Attrition.org, have issued a…Read More Do you feel like we do?
[via DocBug]Read More Unclear On The Concept
Yesterday Hoff blogged about McGovern’s “Ten Mistakes That CIOs Consistently Make That Weaken Enterprise Security” and added ten more of his own. I’m particularly annoyed at him for #4: Awareness initiatives are good for sexual harassment and copier training, not security. Why? Because, damn that really sums it up. I wish that I had thought…Read More Damn You, Beaker!
As I’ve mentioned in the past my wife is a linguistics professor. Yesterday she came home from work with the following poster. A little research revealed that it and several others were originally commissioned in 2005 by Indiana University as part of their security awareness program that they assembled for national cyber security awareness month.…Read More Invasion Of The Password Snatchers
[Via FIRST’s Global Security News Feed]Read More While you were out….
El Reg reports that “Pipex invites customer to get ‘c**ted’” in which the generated passwords that the Pipex system suggested contained a rude word. A screenshot is available on the Register article. There is, however, a second obscenity here that is far more subtle. That obscenity is in the password selection advice and suggestions. The…Read More Obscenities in Passwords
Last Friday, Amrit again said that no wars are won through awareness and although he repeatedly claims that he’s not against user awareness training, he doesn’t really tell us where he thinks it should fit in. Instead he shows his bias as a former product manager and Gartner analyst and focuses purely on tools by…Read More Awareness