1 Raindrop
 
Showing 1-10 of 258 records
 
Expand article

Beyond the opening: a priori is a problem

2010-01-13 14:38:56 by Gunnar Peterson in 1 Raindrop
 
Two related points from areas nominally outside infosec 1. Bruce Schneier on Rachel Maddow show talking about Underwear bomber, in response to the question "will any of these new TSA measures will prevent the next attack Of course not, the attacks are designed to get through whatever we're doing. The liquid bombers used liquid so now we screen...
 
 
 
 
 
Expand article

2010 Goal #1: No more "general risk"

2009-12-18 11:20:37 by Gunnar Peterson in 1 Raindrop
 
Goal 1. Exorcise the word "risk" from the infosec profession, unless its qualified with an adjective, for example Marty Whitman in " Distress Investing ": 'Risk is not a meaningful concept unless modified by an adjective. There exist market risk, investment risk, Chapter 11 reorganization risk, credit risk, failure to match maturities risk,...
 
 
 
 
 
Expand article

Wine Made Simple

2009-12-16 16:12:12 by Gunnar Peterson in 1 Raindrop
 
One of the best things about living in the Twin Cities is that Dara Moskowitz Grumdahl will find all kinds of great restaurants and places for you to go (I mean Bruce Schneier can't find them all by himself). The bad news for the rest of the world is that, unlike Schneier, her advice was pretty localized. Until now, that is. Just in time for the...
 
 
 
 
 
Expand article

FT Books of the Year

2009-12-08 09:08:58 by Gunnar Peterson in 1 Raindrop
 
...information systems that mainly have indirect impacts on the physical world (credit card fraud and so on), but because they occur in the meta layer they can often (not always) be addressed after the fact. But in robotics, we have the same software issues *plus* we are now running actual physical actions, meaning software problems can cascade...
 
 
 
 
 
Expand article

The Third Wave in Security

2009-12-07 07:02:38 by Gunnar Peterson in 1 Raindrop
 
...security on a bank's Website, is dead, made untenable by the massive fraud now draining hundreds of millions from corporate accounts Rebecca Sausner, Editor-in-Chief, Bank Technology News The post is by Phill Mellinger who was formerly CISO at First Data, he looks at the trends from lower value attacks to the current style of much larger...
 
 
 
 
 
Expand article

From the metastructure to the infostructure

The Article has images
2009-11-30 11:30:21 by Gunnar Peterson in 1 Raindrop
...security token services in the Metastructure, and 2) for a number of reasons like consistency it you might like to perform some level of authN and authZ in the metastructure, but 3) the Infostructure must have some authZ at the last mile - all trust is local Why is this important? Its because to meet requirements 1&2, consistent token types...
 
 
 
 
 
Expand article

Ongoing Robotic Revolution

2009-11-25 11:27:07 by Gunnar Peterson in 1 Raindrop
 
If you work in the White House and need a Christmas gift for Obama, you could get him the book How To Survive a Robot Uprising . Here is a story from a Washington DC school Barack Obama joined Sally Ride and the Mythbusters to check out a robot named the Cougar Cannon, designed by students from Oakton High School to gather and toss moon rocks...
 
 
 
 
 
Expand article

FT: Goldmine of black market in Russian data

2009-11-25 09:34:10 by Gunnar Peterson in 1 Raindrop
 
...information gathered by Russian law enforcement or government agencies: anything from arrest records, personal addresses, passport numbers, phone records or address books to bank account details, known associates, tax data and flight records are on offer. Read the whole thing, its going to be an interesting century
 
 
 
 
 
Expand article

Anton Chuvakin on Smart vs Stupid Security

2009-11-22 20:40:36 by Gunnar Peterson in 1 Raindrop
 
Anton Chuvakin has a thought provoking post and a dood list of rare and typical security postures, my favorite one is People (Smart), Boxes (Stupid
 
 
 
 
 
Expand article

Secure Audit Logging Class

2009-11-20 06:26:17 by Gunnar Peterson in 1 Raindrop
 
...security training class on Secure Audit Logging, this is a class aimed developers, architects and security people. There are a lot of products out there that help enterprises manage logs for PCI compliance and such, but there is very little to tell developers and architects how to design interfaces to logging APIs, where to hook them into the...
 
 
 
 
 
 
Showing 1-10 of 258 records