July 2, 2016 Nobody wants to pay for security, including security companies https://www.linkedin.com/pulse/nobody-wants-pay-security-including-companies-beno%C3%AEt-h-dicaire In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that…
May 9, 2015 Tracking kids via microchip ‘can’t be far off,’ says expert http://www.kens5.com/story/news/2015/05/07/tracking-kids-via-microchip-cant-be-far-off-says-expert/70986060/ Dickerson said she though one day, “I microchip my dog, why couldn’t I microchip my son?” I think there’s something despicable about treating…
May 1, 2015 Can We Secure the ‘Internet of Other People’s Things’? http://www.eweek.com/security/can-we-secure-the-internet-of-other-peoples-things.html I think that title expresses the problem very well.
April 30, 2015 U.S. Defense Secretary Carter emphasizes culture change needed to http://www.scmagazine.com/ash-carter-spoke-at-stanford-university/article/411392/ Yes the government needs a culture change if it is to address its own and the national issues pertaining to security, technological, in…
August 4, 2014 14 antivirus apps found to have security problems http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…
April 21, 2014 Data on a Train http://www.informationsecuritybuzz.com/daily-commute-mean-data/ The latest intelligence on Al-Qaeda, a high profile Child Protection report and plans for policing the London 2012 Olympics; three very different documents…
January 25, 2014 Most CEOs clueless about cyberattacks http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21 Perhaps that’s cynical and pessimistic and a headline grabber, but then that’s what makes news. What I’m afraid of is that things like…
December 30, 2013 Former Head Of Airport Security: ‘The TSA Couldn’t Save You From http://www.businessinsider.com/problems-with-tsa-2013-12 Based on the demonstrated persistence of their enemies, I have a lot of respect for what Israeli security achieves. Back to Verb vs…
January 11, 2013 Another Java bug: Disable the java setting in your browser http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a…
August 8, 2012 A cautionary tale about the dangers of keeping everything in the Cloud http://www.brisbanetimes.com.au/digital-life/consumer-security/apple-cloud-burst-how-hacker-wiped-mats-life-20120806-23orv.html “Once the hacker gained access to Honan’s iCloud account, he or she was able to reset his password, before sending the confirmation email…
July 2, 2012 Tight budgets no excuse for SMBs’ poor security readiness http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies…
June 2, 2012 Escalation http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ At one level there’s the old argument about disclosure of security holes, but this is also an example of ‘driving’ security improvement. …
May 25, 2012 Why Info Sec Positions Go Unfilled http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look for Infosec….
May 17, 2012 How to get a job in security http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get a job…
April 1, 2012 Managing Software Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an answer to…
March 23, 2012 Social Engineering and sufficency of awareness training Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…
February 10, 2012 Please Realize That Piracy is a Service Problem. http://www.forbes.com/sites/insertcoin/2012/02/03/you-will-never-kill-piracy-and-piracy-will-never-kill-you/ The full article is a bit wordy, and manages to avoid lecturing about how the media industry failed at “service” when it came…
January 24, 2012 The Death of Antivirus Software http://www.infosecisland.com/blogview/19386-The-Death-of-Antivirus-Software.html The real issue here isn’t Ubuntu, or any other form of Linux. Its that AV software doesn’t work. PERIOD. There are over 50,000…
January 19, 2012 ”My dog knows you don’t look like me” http://www.zdnet.com/blog/identity/darpa-authentication-project-focuses-on-humans-as-secrets/157 So do my cats. But so what? Does this mean that DARPA/USGov will finance the supply of advanced biometrics with every PC from…
November 30, 2011 Doubts about “Defense in Depth” So to have great (subjective) protection your layered protection and controls have to be “bubbled” as opposed to linear (to slow down or impede…
