Another #spiffy tip from @MetricsHulk: Evan Applegate put together a great & simple infographic for Businessweek that illustrates the number and size of 2011 data breaches pretty well. (Click for larger version) The summary data (below the timeline bubble chart) shows there was a 37.4% increase in reported incidents and over 260 million records exposed/stolen… Continue reading
Post Category → Information Security
Improve Your Security Metrics For $14.00USD
IT Security Metrics : A Practical Framework for Measuring Security & Protecting Data has has solid reviews by Richard Bejtlich (@TaoSecurity), David J. Elfering (@icxc) & Dr. Anton Chuvakin (@anton_chuvakin), amongst others. You can get it (for a short time) for just about fourteen Washingtons by doing the following. First, go to this Amazon link… Continue reading
NEISTU 3.0 : Rise of the Tweetup
It’s that time again! Coming to Nashua, NH on 2012-01-21 : The New England Information Security Tweetup 3.0! You can use the handy graphic below to promote the tweetup or just give folks this handy link.
Three Resolutions For Web Developers
I’m on a “three things” motif for 2012, as it’s really difficult for most folks to focus on more than three core elements well. This is especially true for web developers as they have so much to contend with on a daily basis, whether it be new features, bug reports, user help requests or just… Continue reading
An Open Letter to IT Vendors For 2012
Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take this list back to the… Continue reading
Predictions? Humbug! Resolve Is Where It’s At
This is the time of year when pundits and armchair/amateur analysts make predictions for the coming year. Given that only a tiny fraction of them predicted the Sonage of 2011 (not Sony specifically or the level of pwnage) or the RSA/Lockeed [↑, ↑, ↓, ↓, ←, →, ←, →, B, A] multi-faceted “supply chain” attack… Continue reading
You’re The Mayor of FUDville!
Rik Ferguson, Director Security Research at Trend Micro, had a great tweet early last Tueday morning calling out potential FUD in an article over at The Metro: Given the plethora of FUD-dropping in the article, I could only think of one way to do it justice, and that was a paragraph-by-paragraph check-in via: Every FUD-check… Continue reading
DNSChanger Detector
The FBI made a tool to help you determine if you were a victim of the DNSChanger malware. If you’re like many casual Internet users, you have no idea how to get the information to plug into the input box. Unfortunately, the security model of most modern browsers makes it impossible to easily retrieve this… Continue reading