Blog

Fox News, Information Warfare, and Public Perception

By Rich
Despite living in Boulder Colorado for 16 years I’m neither a hippie nor a conspiracy theorist. I don’t use patchouli oil, wear a beanie, or ingest any mood-altering substances you can’t buy in a grocery store. I don’t think the Masons control our destiny, black helicopters molest cattle, or the NSA monitors all our communications. Oh, really? Okay, but the cattle thing definitely isn’t real. Except maybe in Nebraska, but that’s not the CIA, not that there’s anything wrong with it… Anyway, what I’m saying is that I’m fairly skeptical, if a

How To: Clone a VeriChip

By Rich
For those that don’t know, VeriChips are implantable RFID tags “for people”. That way you can be tagged and tracked like cattle or Gillette razors. Convenient, I guess. Anyway, here’s a great article on the Make blog on cloning VeriChips. So much for using these to separate identical twins. I see this as one of those “good news/bad news” kind of things. The good news is the bad guys don’t have to chop your arm off to steal your identity. The bad news is VeriChips totally blow. Or is that the good news? I’m easily

A Unique Problem with Password Aging

By Rich
This is just too good. A friend who recently moved from the business side to the IT side just reported this. They work at a large hospital. A significant portion of the clinical staff never changed their default passwords, which just happened to be the same as their login. Convenient, eh? Nice to see HIPAA at work. But this is the best part. Someone in IT “made a configuration mistake” and everyone was forced to update their passwords. The help desk has been taking calls all week. Seems most of the users remember their new password, but still can’t

Maynor Pulled from ToorCon

By Rich
Statement from SecureWorks: SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC , that it is appropriate. I’ve been told Maynor is no longer speaking at ToorCon. I’m disappointed, but it’s obvious there’s now something going on with CERT. I stand by my statements that Maynor and Ellch are responsible security researchers that helped advance Mac security. At this point, I don’t have any other comments, this has

Bad Policy vs. Bad Decisions and the Role of Individual Judgement

By Rich
Pete Lindstrom just posted a missive in support of the TSA. Pete makes some good points about the limitations of policy- while you always need hard rules, you also always need exceptions and judgement. In the information security world, we talk about the difference between “policy decision points” and “policy enforcement points” to express the different functions. In most computing environments, the PDP and PEP start off combined in a small set of instances but then get separated as networks grow while some central authority still wants to coordinate security efforts. The good news for security folks is that systems

The Official Securosis

By Rich
I now know that $40 and a quick web search will let any doofus figure out most of my former addresses, neighbors, home values, roommates, birthday, etc. But what’s really out there on me? Like any egotistical analyst I run the occasional masturbatory Google search on myself, but I suspect there’s far more out there than I realize. I also think there’s value in seeing what a total stranger can find on me. Thus we officially open the Securosis “Invade My Privacy Challenge”. Here are the rules: Use any legal Internet tool at your disposal to dig up

Privacy’s Death Knell: My Life for $40

By Rich
I read an interesting article by Brian Krebs over at the Washington Post on ID theft. Brian did a little hunting on some underground IRC channels and witnessed a large amount of stolen personal data being exchanged, then went out and talked with around two dozen victims. One of his more interesting tidbits was that a bunch of the credit card numbers were being used to purchase background checks from Internet sites like USSearch.com. These sites purport themselves as “people finders” for such seemingly innocent needs as collections, finding that old college friend, making sure your nanny doesn’t

The ATM Hacks: Disclosure at Work

By Rich
Last week the guys over at Matasano did some seriously great work on ATM hacking. So many blogs were running with it at the time, and I was on the road dealing with a family emergency, that I didn’t cover it here, but I think this is such an excellent example of disclosure working that it deserves a mention. It’s also just a cool story. It all started with a small article in a local newspaper about a strange gas station ATM with a propensity for doling out a bit more cash than perhaps the account holders were

Do We Have A Right to Privacy in the Constitution?

By Rich
In a brief analysis/link to my privacy post Mike Rothman states we have a right to privacy in the Constitution, but the problem is enforcement. Thing is, I’m not sure the Constitution explicitly provides for any right to privacy. I’m not a Constitutional lawyer, but I’m going to toss this one to the comments. Anyone know for sure? And if we don’t have that right, what are the implications for society in a digital age? Without explicit constitutional protection lawmakers have incredible amounts of wiggle room to legislate away our privacy on any whim, perhaps

Amrit Loves Cowbell

By Rich
Amrit Williams is a coworker over at Gartner and he’s obsessed with cowbell and security tools that go to 11. Let’s just say this post isn’t the first time he’s brought it up. Seriously, Amrit is a great analyst and welcome addition to the security blogging world. Unlike many of us he worked his way through the trenches of the vendor world, including stints at McAfee and NCircle. And, in this case, he’s right. A dirty secret of security is that if you do your job too well, people stop buying new product. Remember when AV
Page 321 of 325 pages ‹ First  < 319 320 321 322 323 >  Last ›