Why Didn’t They Just…?

A while back I was engaged in a conversation on Twitter with @diami03 & @chriseng regarding (what I felt was) the need for someone to provide the perspective from within a medium-to-large enterprise, especially when there are so many folks in infosec who are fond of saying “why didn’t they just…?” in response to events… Continue reading →

Mid/Northern New England Tweetup

Eventbrite site: http://www.eventbrite.com/s/5cnV It’s at Fort Foster. We thought about it a bit late in the season so no pavillion, but I’ll be there wicked-early and have a gazebo-like covering setup over some tables. I highly suggest bringing folding chairs. There is a nominal entrance fee (cash). Link to Fort Foster is in the Eventbrite… Continue reading →

Your New Mega Security Program

Everyone who can read this blog should remember the Deepwater Horizon spill that occurred in the Spring of 2010; huge loss of life (any loss is huge from my persective) and still unknown impact to the environment. This event was a wake-up call to BP execs and other companies in that industry sector. You should… Continue reading →

What Can We Learn From The @lulzsec senate.gov Hack Dump?

What can the @lulzsec senate.gov dump tell us about how the admins maintained their system/site? [code light=”true”]SunOS a-ess-wwwi 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise[/code] means they haven’t kept up with OS patches. [-1 patch management] [code light=”true”]celerra:/wwwdata 985G 609G 376G 62% /net/celerra/wwwdata[/code] tells us they use EMC NAS kit for web content. The ‘last‘ dump shows… Continue reading →

WEIS 2011 :: Session 2 :: Identity :: Negative Information Looms Longer Than Positive Information

Laura Brandimarte Alessandro Acquisti Joachin Vosgerau Twitter transcript #weis2011 How does information related to past events and retrieved today get discounted? Why does neg valence receive more weight? #weis2011 how do we improve trustworthyness? #weis2011 “designers of modern tech do not understand human fallibility and design systems w/o taking them into account” < true #weis2011... Continue reading →

WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management

Susan Landau Tyler Moore Presentation [PDF] Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done. Twitter transcript #weis2011 this looks to be a “must read” resource for anyone embarking on a federated… Continue reading →

WEIS 2011 :: Session 2 :: Identity :: Social Networks, Personalized Advertising & Privacy Controls

Catherine Tucker Presentation [PDF] Catherine’s talk was really good. She handled questions well and is a very dynamic speaker. I’m looking forward to the paper. Twitter transcript #weis2011 Premise of the study was to see what impact privacy controls enablement/usage have on advertising. It’s an empirical study #data! #weis2011 click through rates DOUBLED for personalized… Continue reading →

WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates

Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading →

rud.is

"In God we trust. All others must bring data"

Post Category → Information Security