Security Balancetrying to bring balance to the Force |
 |
I’m very happy that this year I’ll be able to attend to RSA Conference. Not only because of the first class content, but specially because of the Security Bloggers Meet-up that will happen there. I spend a lot of time every day reading the blogs from the people I’ll meet there. There is some interesting [...]
I really believe that information security is about the business and we need to bring the business together, specially when doing risk management. But doing risk management together with the business is not always pretty and easy. There are two factors that can make it a real nightmare: The “pointy-haired boss factor” and the Threat [...]
Everybody is talking about it. It’s really a very nice piece of work. However, I noticed that almost nobody is talking about mitigation strategies. It’s clear that the only way to “solve” the problem is to use a different hardware archtecture, something like “tamper proof” memory. However, there are thousands of organizations using disk encryption [...]
From yestarday’s edition of ISSA E-News: “2nd Winner of Free RSA Conference Passes Enter Now for February 29 DrawingAugusto Paes De Barros, a security consultant for Tempest Security Intelligence and Projects Director for the ISSA Brasil Chapter, is the second winner of a full conference pass for RSA Conference USA 2008. The drawing was held [...]
The Brazilian news are all talking about the report of data being stolen from Petrobras, the Brazilian Oil Company that is growing a lot based on recent oil reserves discoveries near the Brazilian coast. The problem is that the data stolen is technical information related to those discoveries, and it was under custody of Halliburton. [...]
Now it’s MayDay. Among the things we predicted in our BH presentation: – Using Proxy enabled HTTP – Using ICMP and P2P Almost all of our predictions came true during the last year. The most scary ones, however, still haven’t appeared. Let’s see what happens this year.
Daily Dilbert today has a good sample of the discussion of security by obscurity. It’s rather obvious that it doesn’t bring much protection when used alone, but some things seem to be useful, like the case on the strip. As a quick comment, an interesting Information Handling Policy I saw once instructed that sensitive info [...]
The SANS ISC mentioned that today there are patches available for Adobe Acrobat, Firefox and QuickTime. Next Tuesday there will be a bunch more from Microsoft. So what? Try to find a Windows box that doesn’t have one of them installed. That means that during these days almost all Windows boxes will be vullnerable to [...]
“Decision Gates define major control points that are used to move from one phase of the project to the next. A control gate is used to determine if the products for the current phase of work are completed based on the criteria set out at the beginning of the project and that the project is [...]
I was doing some research for references to include in an article that mentions “Mainframe insecurity”. One of the reviewers of the article challenged some of my comments on mainframe security. I finally stopped after googleing for some minutes at Cat Slave Diary. The most interesting thing, for me, is that the author mentioned some [...]
