Security Balancetrying to bring balance to the Force |
 |
I was browsing Martin McKeay blog when I found some stuff he wrote. I have special interest on talking about security to non-technical people, and I found in his site a document with some tips to these people. The last one is so good that I immediately put that on my quote list:
“Use common sense [...]
Vulnerability researchers have the right weapon in their hands to push vendors on faster response times for security issues. I think that the best sample of how this should be done is David Litchfield. He does responsible disclosure, and uses gradually public advisories to push vendors (in his case, Oracle) to a more responsible attitude. [...]
Another great step by MS in its quest for more secure products. Winternals and Sysinternals have just been bought by Microsoft. I hope to see things like the excellent PSTOOLS package as part of Windows now. And it’s not only about products, but about people too. Mark Russinovich is the guy that discovered that famous [...]
Schneier posted in his blog a report about phishers being able to defeat two-factor authentication by using a Man in the Middle attack. They are basically proxying the user credentials to the original site.
What really impresses me is that almost everybody that is suggesting solutions for this are thinking about the problem as “how [...]
I usually stay out of USA internal matters, like the VA lost laptop and NSA spying stories. But Bruce Schneier today posted in his blog a very good argument about why the NSA plots to identify terrorists are flawed. The Base Rate Fallacy is a very interesting problem that applies to a lot of detection [...]
The draft fot the new British Standard BS25999 about Business Continuity Management has been published. It’s important to take a look (and provide comments), as we know that this is the kind of document that tends to become a ISO standard in a few years. It’s available for download here.
