Recent Comments
Monthly Archives: January 2007
Kim Possible vs. The TSA
or the Mysterious Case of Kim and the Rights of Parking.Briefly put, a City Council member wants to meet and greet visiting dignitaries at the airport gate, not at baggage claim. The memo that came with her special airport free … Continue reading
Not All Lost Laptop Stories Are Bad
The lost laptop story has become tiresome. Some individual, proving themselves to be careless, or even just human, loses a laptop with some sort of confidential information. SB1386 has made this the most banal folk tale of the 2000s. Fortunately, … Continue reading
Posted in Uncategorized
1 Comment
Steve McQueen’s Credit Card
The Bonham & Butterfield auction of Steve McQueen’s motor related ephemera included his credit card. According to February’s Sports Car Market, the unsigned Wells Fargo MasterCharge (exp 07/80) was purchased for $9,945. (some coverage here of the auction). According to … Continue reading
Posted in Uncategorized
1 Comment
Shake Hands With Danger
or the Mysterious Case of the Substitute Teacher and the Depraved Pop Ups. Krebs has the details, more or less. And some comments. Lotsa comments.I am of several minds on this incident. The ForensicsNetwork Performance Daily has a couple of … Continue reading
There is no physical access control.
I was thinking about the difficulty of accurately testing physical controls and identity today. People let people in areas based on a system of signals that indicate they are safe/authorized: badge, biometric (face, voice), dress (uniform, hard hat, clipboard). Gradations … Continue reading
Buzzword Compliance or Compensating Controls
The most recent SANS e-mail letter, this article from Computerworld on pretty minor (all things considered) security incident at federal retirement fund agency.The voice of SANS (Pescatore in this case) remarked thusly: This and the Nordea incident, as well as … Continue reading
Comply, Submit, or Obey?
A post and response from computerworld.com and cogent commentary from Mike Rothman.My issues are primarily with Eric Ogren who cites “the only two effective regulations.”1. Executive accountability of SOX.Accountability is a good idea, and formalized some of the accountability that … Continue reading
Posted in Uncategorized
Leave a comment
Cooler than an iPhone
Immunity’s Silica. From Immunity’s page: Example Use Cases: Tell SILICA to scan every machine on every wireless network for file shares and download anything of interest to the SILICA device. Then just put it in your suit pocket and walk … Continue reading
Corporate Information as Reverse Spam
From the NYT – Firms Fret as Office E-Mail Jumps Security Walls. A growing number of Internet-literate workers are forwarding their office e-mail to free Web-accessible personal accounts offered by Google, Yahoo and other companies. Their employers, who envision corporate … Continue reading
Canadian Breach Notification
From Emergent Chaos, a link to the paper “Approaches to Breach Notification” from the Canadian Internet Policy and Public Interest Clinic. I’ve been spending this frosty MLK Day afternoon looking it over. I really dig this approach: Generally, the affected … Continue reading
The One In Five 