May 18, 2012
May 16, 2012
- Last week the FBI launched a campaign to educate the public about the threat of corporate espionage. What is new about this initiative is that the FBI is talking directly to the public about espionage and providing a list of suspicious behaviors that employees of U.S. companies should be on the lookout for. The campaign will even extend beyond the Internet to billboards and messages on bus...
...
April 28, 2012
FreeBSD 9.0, released in January 2012, has experimental Capsicum support in the kernel, disabled by default. In FreeBSD 10, Capsicum will be enabled by default.
But unless code uses it, we get no benefit. So far, very little code uses Capsicum, mostly just experiments we did for our paper. I figured it was time to...
April 20, 2012
- As I wrote last December, I've been working on the Open Trusted Technology Forum (OTTF) with The Open Group. In March we published a "snapshot" of the Open Trusted Technology Provider Standard (O-TTPS) and it's getting quite a lot of visibility. Just a couple of weeks ago the CTO of The Open Group, Dave Lounsbury, testified before the House Energy and Commerce...
...
April 16, 2012
This is a big milestone for ForgeRock and the OpenAM project, an open source WebSSO, Authentication, Authorization, Federation and Entitlements solution. After months of development (a few more than we anticipated), we’ve finally...
April 9, 2012
The SCIM crew descended on Paris two weeks ago for the IETF 83 meeting. We kicked it off by testing the interoperability of our SCIM implementations for the second time. (...
April 5, 2012
- Several articles and blogs about the recent Global Payments data breach have mentioned that the culprits were able to exploit some weak authentication methods to access the cardholder data. There is something those working in the security industry can do about that. In recent years companies have made an enormous amount of data available online for remote employees, partners and even customers....
...
April 3, 2012
Six years after I first blogged about it, the EFF have decided that selling 0days may not be so great.
Maybe they should be reading my blog?
...
March 29, 2012
- The following is an excerpt from an article I just wrote for CSO Australia.
The head of security hastily leaves the meeting without excusing herself. Her body language indicates that it is an important call. As she walks back in, all eyes in the room subliminally pose the same question. Without further prompting, the head of security says: “The CEO wants to know why she can’t watch a YouTube video on her iPad....
March 28, 2012
- Last week, reputable security researcher The Ponemon Institute published the 2011 edition of its annual "US Cost of a Data Breach" study which found that the average organizational cost of a data breach in 2011 declined 24% to $5.5M v. 2010. This survey was based on results collected from 49 US companies that experienced a data breach in 2011. Before infosec professionals and...
...