A while back I was engaged in a conversation on Twitter with @diami03 & @chriseng regarding (what I felt was) the need for someone to provide the perspective from within a medium-to-large enterprise, especially when there are so many folks in infosec who are fond of saying “why didn’t they just…?” in response to events… Continue reading
Post Category → Information Security
Mid/Northern New England Tweetup
Eventbrite site: http://www.eventbrite.com/s/5cnV It’s at Fort Foster. We thought about it a bit late in the season so no pavillion, but I’ll be there wicked-early and have a gazebo-like covering setup over some tables. I highly suggest bringing folding chairs. There is a nominal entrance fee (cash). Link to Fort Foster is in the Eventbrite… Continue reading
Your New Mega Security Program
Everyone who can read this blog should remember the Deepwater Horizon spill that occurred in the Spring of 2010; huge loss of life (any loss is huge from my persective) and still unknown impact to the environment. This event was a wake-up call to BP execs and other companies in that industry sector. You should… Continue reading
What Can We Learn From The @lulzsec senate.gov Hack Dump?
What can the @lulzsec senate.gov dump tell us about how the admins maintained their system/site? [code light=”true”]SunOS a-ess-wwwi 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise[/code] means they haven’t kept up with OS patches. [-1 patch management] [code light=”true”]celerra:/wwwdata 985G 609G 376G 62% /net/celerra/wwwdata[/code] tells us they use EMC NAS kit for web content. The ‘last‘ dump shows… Continue reading
WEIS 2011 :: Session 2 :: Identity :: Negative Information Looms Longer Than Positive Information
Laura Brandimarte Alessandro Acquisti Joachin Vosgerau Twitter transcript #weis2011 How does information related to past events and retrieved today get discounted? Why does neg valence receive more weight? #weis2011 how do we improve trustworthyness? #weis2011 “designers of modern tech do not understand human fallibility and design systems w/o taking them into account” < true #weis2011... Continue reading
WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management
Susan Landau Tyler Moore Presentation [PDF] Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done. Twitter transcript #weis2011 this looks to be a “must read” resource for anyone embarking on a federated… Continue reading
WEIS 2011 :: Session 2 :: Identity :: Social Networks, Personalized Advertising & Privacy Controls
Catherine Tucker Presentation [PDF] Catherine’s talk was really good. She handled questions well and is a very dynamic speaker. I’m looking forward to the paper. Twitter transcript #weis2011 Premise of the study was to see what impact privacy controls enablement/usage have on advertising. It’s an empirical study #data! #weis2011 click through rates DOUBLED for personalized… Continue reading
WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates
Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading