Blog

The Official Securosis

By Rich
I now know that $40 and a quick web search will let any doofus figure out most of my former addresses, neighbors, home values, roommates, birthday, etc. But what’s really out there on me? Like any egotistical analyst I run the occasional masturbatory Google search on myself, but I suspect there’s far more out there than I realize. I also think there’s value in seeing what a total stranger can find on me. Thus we officially open the Securosis “Invade My Privacy Challenge”. Here are the rules: Use any legal Internet tool at your disposal to dig up

Privacy’s Death Knell: My Life for $40

By Rich
I read an interesting article by Brian Krebs over at the Washington Post on ID theft. Brian did a little hunting on some underground IRC channels and witnessed a large amount of stolen personal data being exchanged, then went out and talked with around two dozen victims. One of his more interesting tidbits was that a bunch of the credit card numbers were being used to purchase background checks from Internet sites like USSearch.com. These sites purport themselves as “people finders” for such seemingly innocent needs as collections, finding that old college friend, making sure your nanny doesn’t

The ATM Hacks: Disclosure at Work

By Rich
Last week the guys over at Matasano did some seriously great work on ATM hacking. So many blogs were running with it at the time, and I was on the road dealing with a family emergency, that I didn’t cover it here, but I think this is such an excellent example of disclosure working that it deserves a mention. It’s also just a cool story. It all started with a small article in a local newspaper about a strange gas station ATM with a propensity for doling out a bit more cash than perhaps the account holders were

Do We Have A Right to Privacy in the Constitution?

By Rich
In a brief analysis/link to my privacy post Mike Rothman states we have a right to privacy in the Constitution, but the problem is enforcement. Thing is, I’m not sure the Constitution explicitly provides for any right to privacy. I’m not a Constitutional lawyer, but I’m going to toss this one to the comments. Anyone know for sure? And if we don’t have that right, what are the implications for society in a digital age? Without explicit constitutional protection lawmakers have incredible amounts of wiggle room to legislate away our privacy on any whim, perhaps

Amrit Loves Cowbell

By Rich
Amrit Williams is a coworker over at Gartner and he’s obsessed with cowbell and security tools that go to 11. Let’s just say this post isn’t the first time he’s brought it up. Seriously, Amrit is a great analyst and welcome addition to the security blogging world. Unlike many of us he worked his way through the trenches of the vendor world, including stints at McAfee and NCircle. And, in this case, he’s right. A dirty secret of security is that if you do your job too well, people stop buying new product. Remember when AV

It Ain’t Over- Apple Responds to Ou/Toorcon Showdown?

By Rich
I swear, every time I think this thing is dead, its pale desiccated hand reaches from the grave, grabbing at our innocent ankles. Lynn Fox at Apple responded to some very direct questions from George Ou at ZDNet. At this point I’m surprised Apple is letting this drag on; all it does is bring the black spotlight of security on them which, as Microsoft and Oracle will attest to, isn’t necessarily a good thing. Fox’s response seems risky unless she is absolutely certain Maynor and Ellch have nothing, and are basically, you know, suicidal. That doesn’t

Why Someone Will Eventually Hack This Site (and Maybe Your Computer in the Process)

By Rich
I hate to admit it, but someone will probably hack this site at some point. And they may even use it to hack your computer. And there’s not a darn thing I can do about it. Security, and hacking, are kind of trendy. Both the good guys and the bad guys have a habit of focusing on certain attacks and defenses based on what’s “hot”. We’re kind of the fashion whores of the IT world. I mean I just can’t believe Johnny calls himself a 1337 hax0r for finding a buffer overflow in RPC. I mean

The NYT on the Increase in the Terrorist Threat

By Rich
An article just posted by the New York Times reveals that the latest National Intelligence Estimate on terrorism concludes that our involvement in Iraq has increased the global terror threat. Most of the time I make fun of security pundits that think because they stopped a few hackers they’re qualified to discuss issues of national security, but this time I just can’t help myself. I’ve become what I loathe. Edited- I take that back, and the rest of the post. There are people losing their lives over this; I deleted my initial comments. Just go read the

Sorry, Logging IS a Privacy Risk

By Rich
In a post titled “Access of Access + Audit” Dr. Anton Chuvakin discusses the importance of logging, well pretty much everything. When it comes to working in the enterprise environment I tend to agree- audit logs are some of the most useful security, troubleshooting, and performance management tools we have. Back when I was operational I had two kinds of bad log days- those hair pulling, neurotic-in-a-here’s-johnny-way days spent combing, manually, through massive logs, and (even worse) those really I’m-so-screwed days where we didn’t have the logs at all. Since, thanks to better search and analysis tools, those
Page 324 of 327 pages ‹ First  < 322 323 324 325 326 >  Last ›