Security Balancetrying to bring balance to the Force |
 |
This is a security blog, and I rarely go off-topic here, as I maintain an “other stuff blog” too. However, I wrote the stuff below to someone who is in Sao Paulo (Brazil, for those who failed in Geography and are not aware of an almost 20 million people city in South America) and asked [...]
I’m always delighted to read new “doghouse” cases from Bruce Schneier. This one is unbeliveable. I don’t know if I’m reading a product description or a Star Trek episode script: “Each of these instances of the prime number based RSA algorithm can now be deciphered using Neutronic analysis. Unlike RSA, Neutronic Encryption is not based [...]
Rothman pointed to a nice discussion on how to prevent the extrusion (borrowing the term from Bejtlich) of stolen data in cases like Heartland, where credit card data was sent to Russia over clear text connections. Rothman post references a nice post from Richard Mogull on the subject. Well, I’m an old advocate of analyzing [...]
Hoff wrote a nice post about some noise being generated about “The Cloud” being more secure than running things at home. He briefly pointed to one reason, the cloud is not just SaaS. Remember there are several different offers from different layers (from applications to virtualized OS environments) considered as “The Cloud”, so you’ll have to “fill [...]
Don’t you hate when you are reading what should be an independent article and suddenly the author starts to describe a solution to a problem with a list of stuff that “happens to be” just like the features of his company’s product? The guy is writing about processes and suddenly you find stuff like “a [...]
Today I want to mention the security videos made by Stiennon and company. They shot these four nice pieces below: Data Leak Prevention Firewalls & IPS ESM & SEM Messaging Security I’m extremely late on this and I also believe that most of the readers of this blog also follow the blogs of the participants, [...]
Lawrence Pingree, from McAffee, was kind to comment my post about his post on McAffee’s blog on “security not being a cost”. Well, I must say that what he expressed on that comment didn’t change my mind at all. As he said, security can be an enabler. I understand this statement as saying that it [...]
I was glad to be one of the contributors of the “unsecured economies report”, sponsored by McAfee. It’s certainly a very good report and it’s nice to see my name in the same list as Ross Anderson and Gene Spafford. However, McAfee is saying since the Economic Forum in Davos that the losses due to [...]
Mike Rothman made me LOL very very hard today with this post about McAfee’s attempt to say that compliance is not a cost center. Mike is completely right in saying that many had tried to do that and it didn’t work. Mostly because yes, it is essentially cost. Most of the demonstrations of security as a [...]
Today I went to the CFI-CIRT Professional Development Day, organizad by the Canadian Financial Institutions to provide content to their employees. It was awesome as it brought several good speakers to a single day conference, concentrating a lot of good content. I had the opportunity to hear Marcus Ranum, Dan Geer and Stephen Northcutt, something [...]
