Security Blog
-
Infosec – Failing or Succeeding?
Noam Eppel from Vivica contends that Information Security is a complete failure, citing alarming statistics on security breaches and cybercrime. While his article highlights the risks, many dissent from his conclusion, considering it a collection of gloomy statistics often seen in security vendor pitches.
-
False Positives
During my morning commute, I encountered an interesting flaw in an alerting system. My car’s weight sensor triggers an alarm if it detects a possible passenger without a seatbelt. However, this car’s system escalates from a dinging sound to a rapid alarm. My immediate thought was to disable the alarm, highlighting a common security system…
-
Sledgehammers
Achieving perfect data security involves elaborate measures such as encryption, one-time passwords, asymmetric identifiers, and physical access controls. However, the ultimate level of security must align with the data’s value and potential threats, avoiding the extreme sledgehammer argument while striking a balance in risk management.
-
Usenix Security Symposium
The upcoming USENIX security symposium in Vancouver during the first week of August promises an impressive lineup of invited talks. While I may not attend, I highly recommend catching Matt Blaze’s presentation on wiretapping, previously acclaimed as one of the most exceptional research talks at ICNS 2006.
-
Pseudonymity
Pseudonymity refers to adopting a semi-permanent, yet incomplete or false identity, commonly observed in online communities. It allows individuals to use distinctive pseudonyms to establish their unique presence while avoiding full anonymity. This practice fosters better community engagement by promoting courteous interactions. However, the challenge lies in identifying instances where a single person assumes multiple…
-
Disclosure Laws
During a recent conference, a panelist expressed their belief that the California Disclosure Law (SB-1386) was an exceedingly inadequate information security regulation. However, I hold a different perspective. In my view, SB-1386 stands as the epitome of information security regulations, surpassing even the esteemed GLBA. While most regulations focus on prescribing specific controls for safeguarding…
Leadership Newsletter
-
Get out of your team’s way
Leadership Moment: Lessons from Underdogs The NFL season has resumed, in case you’d managed to miss that. This weekend, from both college and professional leagues, two underdogs lead the way. On Saturday, fifth-ranked Notre Dame took on Northern Illinois University. If you’re not familiar with college football, this is what’s often known as a “cupcake… Read this …
-
Names are models
Leadership Moment: A Bedroom, or a Dorm Room? A weekend ago, I had the sad joy of dropping our eldest off at college. As we helped put together all of the furnishings and accessories to make it feel like home, the residence advisor (among many others!) kept checking in on us, making sure we were… Read this …
-
Bad Representation is worse than Under Representation
Leadership Moment: Throwing Shade at Representation At the recent Blackhat conference, Palo Alto Networks threw shade at women in the cybersecurity industry, as attendees at their party were greeted with this sight: It’s 2024, so you could be excused for wondering if that was an AI hallucination. Nope. Palo Alto was quick to apologize, and… Read this …
Fiction
-
Skeleton
A necromancer and an Olympic event [Read the story]
-
Albus Dumbledore and the Rituals of Immortality
The words that didn’t make the Harry Potter septology that fill in the blanks for what’s really going on. [Read the story]