The InfoSec Blog

The InfoSec Blog

System Integrity: Context Is Everything

  • About The Author
  • Master Index
  • Presentations
  • System Integrity

Category: Failures

July 2, 2016

Nobody wants to pay for security, including security companies

https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…

May 9, 2015

Tracking kids via microchip ‘can’t be far off,’ says expert

http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…

May 1, 2015

Can We Secure the ‘Internet of Other People’s Things’?

http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well.

April 30, 2015

U.S. Defense Secretary Carter emphasizes culture change needed to

http://www.scmagazine.com/ash-carter-spoke-at-stanford-university/article/411392/ Yes the government needs a culture change if it is to address its own and the national issues pertaining to security, technological, in…

August 4, 2014

14 antivirus apps found to have security problems

http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…

April 21, 2014

Data on a Train

http://www.informationsecuritybuzz.com/daily-commute-mean-data/ The latest intelligence on Al-Qaeda, a high profile Child Protection report and plans for policing the London 2012 Olympics; three very different documents…

January 25, 2014

Most CEOs clueless about cyberattacks

http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…

December 30, 2013

Former Head Of Airport Security: ‘The TSA Couldn’t Save You From

http://www.businessinsider.com/problems-with-tsa-2013-12 Based on the demonstrated persistence of their enemies, I have a lot of respect for what Israeli security achieves. Back to Verb vs…

January 11, 2013

Another Java bug: Disable the java setting in your browser

http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a…

August 8, 2012

A cautionary tale about the dangers of keeping everything in the Cloud

http://www.brisbanetimes.com.au/digital-life/consumer-security/apple-cloud-burst-how-hacker-wiped-mats-life-20120806-23orv.html “Once the hacker gained access to Honan’s iCloud account, he or she was able to reset his password, before sending the confirmation email…

July 2, 2012

Tight budgets no excuse for SMBs’ poor security readiness

http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…

June 2, 2012

Escalation

http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ At one level there’s the old argument about disclosure of security holes, but this is also an example of ‘driving’ security improvement.  …

May 25, 2012

Why Info Sec Positions Go Unfilled

http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look for Infosec….

May 17, 2012

How to get a job in security

http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get a job…

April 1, 2012

Managing Software

Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an answer to…

March 23, 2012

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…

February 10, 2012

Please Realize That Piracy is a Service Problem.

http://www.forbes.com/sites/insertcoin/2012/02/03/you-will-never-kill-piracy-and-piracy-will-never-kill-you/ The full article is a bit wordy, and manages to avoid lecturing about how the media industry failed at “service” when it came…

January 24, 2012

The Death of Antivirus Software

http://www.infosecisland.com/blogview/19386-The-Death-of-Antivirus-Software.html The real issue here isn’t Ubuntu, or any other form of Linux. Its that AV software doesn’t work. PERIOD. There are over 50,000…

January 19, 2012

”My dog knows you don’t look like me”

http://www.zdnet.com/blog/identity/darpa-authentication-project-focuses-on-humans-as-secrets/157 So do my cats. But so what? Does this mean that DARPA/USGov will finance the supply of advanced biometrics with every PC from…

November 30, 2011

Doubts about “Defense in Depth”

 So to have great (subjective) protection your layered protection and controls have to be “bubbled” as opposed to linear (to slow down or impede…

Posts navigation

1 2 … 5 Next

Availability

I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk
  • ISO27K
  • Rants and Raves

Categories

Archives

Calendar of Posts

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Sep    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Security Links

  • Schneier on Security
  • Gary Hinson
  • Martin McKeay
  • The Security Team
  • DHS Daily Report
  • SANS Security Alerts
  • Bruce Schneier
  • CERT-CC
  • MSDN- Security
  • Microsoft TechNet – Security
Copyright The InfoSec Blog. All rights reserved. | Powered by WordPress & Writers Blogily Theme