Blog

Privacy’s Death Knell: My Life for $40

By Rich
I read an interesting article by Brian Krebs over at the Washington Post on ID theft. Brian did a little hunting on some underground IRC channels and witnessed a large amount of stolen personal data being exchanged, then went out and talked with around two dozen victims. One of his more interesting tidbits was that a bunch of the credit card numbers were being used to purchase background checks from Internet sites like USSearch.com. These sites purport themselves as “people finders” for such seemingly innocent needs as collections, finding that old college friend, making sure your nanny doesn’t

The ATM Hacks: Disclosure at Work

By Rich
Last week the guys over at Matasano did some seriously great work on ATM hacking. So many blogs were running with it at the time, and I was on the road dealing with a family emergency, that I didn’t cover it here, but I think this is such an excellent example of disclosure working that it deserves a mention. It’s also just a cool story. It all started with a small article in a local newspaper about a strange gas station ATM with a propensity for doling out a bit more cash than perhaps the account holders were

Do We Have A Right to Privacy in the Constitution?

By Rich
In a brief analysis/link to my privacy post Mike Rothman states we have a right to privacy in the Constitution, but the problem is enforcement. Thing is, I’m not sure the Constitution explicitly provides for any right to privacy. I’m not a Constitutional lawyer, but I’m going to toss this one to the comments. Anyone know for sure? And if we don’t have that right, what are the implications for society in a digital age? Without explicit constitutional protection lawmakers have incredible amounts of wiggle room to legislate away our privacy on any whim, perhaps

Amrit Loves Cowbell

By Rich
Amrit Williams is a coworker over at Gartner and he’s obsessed with cowbell and security tools that go to 11. Let’s just say this post isn’t the first time he’s brought it up. Seriously, Amrit is a great analyst and welcome addition to the security blogging world. Unlike many of us he worked his way through the trenches of the vendor world, including stints at McAfee and NCircle. And, in this case, he’s right. A dirty secret of security is that if you do your job too well, people stop buying new product. Remember when AV

It Ain’t Over- Apple Responds to Ou/Toorcon Showdown?

By Rich
I swear, every time I think this thing is dead, its pale desiccated hand reaches from the grave, grabbing at our innocent ankles. Lynn Fox at Apple responded to some very direct questions from George Ou at ZDNet. At this point I’m surprised Apple is letting this drag on; all it does is bring the black spotlight of security on them which, as Microsoft and Oracle will attest to, isn’t necessarily a good thing. Fox’s response seems risky unless she is absolutely certain Maynor and Ellch have nothing, and are basically, you know, suicidal. That doesn’t

Why Someone Will Eventually Hack This Site (and Maybe Your Computer in the Process)

By Rich
I hate to admit it, but someone will probably hack this site at some point. And they may even use it to hack your computer. And there’s not a darn thing I can do about it. Security, and hacking, are kind of trendy. Both the good guys and the bad guys have a habit of focusing on certain attacks and defenses based on what’s “hot”. We’re kind of the fashion whores of the IT world. I mean I just can’t believe Johnny calls himself a 1337 hax0r for finding a buffer overflow in RPC. I mean

The NYT on the Increase in the Terrorist Threat

By Rich
An article just posted by the New York Times reveals that the latest National Intelligence Estimate on terrorism concludes that our involvement in Iraq has increased the global terror threat. Most of the time I make fun of security pundits that think because they stopped a few hackers they’re qualified to discuss issues of national security, but this time I just can’t help myself. I’ve become what I loathe. Edited- I take that back, and the rest of the post. There are people losing their lives over this; I deleted my initial comments. Just go read the

Sorry, Logging IS a Privacy Risk

By Rich
In a post titled “Access of Access + Audit” Dr. Anton Chuvakin discusses the importance of logging, well pretty much everything. When it comes to working in the enterprise environment I tend to agree- audit logs are some of the most useful security, troubleshooting, and performance management tools we have. Back when I was operational I had two kinds of bad log days- those hair pulling, neurotic-in-a-here’s-johnny-way days spent combing, manually, through massive logs, and (even worse) those really I’m-so-screwed days where we didn’t have the logs at all. Since, thanks to better search and analysis tools, those

The Non-Geeks Guide to Consumer DRM: Why Your New TV Might Not Work With Tomorrow’s DVD player

By Rich
There’s a lot going on in the world of Digital Rights Management (DRM) these days and I realized not everyone understands exactly what DRM is, how it works, and what the implications are. This has popped up a few times recently among friends and family as (being the alpha geek) I’ve been asked to explain why certain music or movie files don’t work on various players. Before digging into some of the security issues around DRM I thought it would be good to post a (relatively) brief overview. I’ll be honest – as objective as I try
Page 325 of 328 pages ‹ First  < 323 324 325 326 327 >  Last ›