Blogs
Get flash to fully experience Pearltrees
Rafal Los
The most beautiful thing about the hacking or Information Security community is the diversity of opinion. If you ask 2 different people, you're likely to get 2 different answers. Nowhere is that more apparent than with the character I have for you folks today... one Andre "dre" Gironda. The first time I met Andre was on a mailing list and subsequent blog post where I was flamed for my views on Web App Sec... and while I tend not to take things personally this "encounter" was one of the things that's made me work harder to evangelize the realities of Web App Security, and security in general. Andre gave me a healthy dose of his logic... and while we've had our disagreements I think he's come a long way in the last year or so... and while I've not met the guy in person - I do aim to... to see if he really is a really, really, really nice guy. [For the record, using Jim Manico as a character reference?
Ben Tomhave
It's already mid-week at RSA 2012, and wow, it's really huge this year! For those who've never attended RSA, you need to understand that it's the biggest security conference (at least in the US), typically with attendance in the 12,000+ range. A couple years ago things were looking very bleak. The economy was down, the expo floor was dismal, attendance was sparse, limited mostly to vendors crying in the aisles.
A friend of mine recently complained in Twitter that, according to his count, nearly 80% of all talks given at the security conferences he’d looked at recently were now non-technical. It might be in part because he’s @ramblinpeck on twitter, aka Daniel Peck, Research Scientist or something like that at Barracuda Networks . Which is my way of saying his idea of a technical talk might be a little more technical than many peoples’. But whether you’re at his level of technical expertise or mine, I think he’s got a valid point in saying that at most security conferences, the majority of the talks are less about the technical aspects of security and more about the philosophy or generalities of security.
Network Security Blog
Every once in a while, a vulnerability disclosure incident occurs that significantly changes the game. Recently, Digital Bond released vulnerability information in conjunction with exploit code packaged in Metasploit for 6 different SCADA system devices. This time around, the stakes have been raised with much bigger consequences. With consequences this high, it is worth re-evaluating the impact of vulnerability disclosure on risk in the IT environment. First, a brief reminder about how risk works.
Verizon Business Security Blog
Chris Hoff
MAKING FRIENDS EVERYWHERE I GO… There’s no way to write this without making it seem like I’m attacking the person whose words I am about to stare rudely at, squint and poke out my tongue. No, it’s not @reillyusa, featured to the right. But that expression about sums up my motivation.
Guy Kawasaki
This is the third post in my Microsoft partnership, and it’s all about numbers. The topic is crafting your financial forecast to include in your pitch. Bill Reichert, my partner at Garage Technology Ventures, created an Excel model and wrote this blog post. There’s a lesson in this too: Get the best person for the job. His grasp of financial models and how to present them exceeds mine by two orders of magnitude.
Steve Blank
One of the confusing things to entrepreneurs, investors and educators is the relationship between customer development and business model design and business planning and execution. I was in Washington D.C. last week presenting at the ARPA-E conference. I spent the next day working with the National Science Foundation on the Innovation Corps , and talking to congressional staffs about how entrepreneurial educational programs can reshape our economy. (And I even found time to go to the Spy Museum .) One of the issues that came up is whether the new lexicon of entrepreneurial ideas – Customer Development, Business Model Design , Lean , Lean LaunchPad class, etc. – replace all the tools and classes that are currently being taught in entrepreneurship curriculums and business schools.
For the past 4 days Cambridge has been hosting Eurocrypt 2012. There were many talks, probably interesting, but I will only comment on 3 talks given by Adi Shamir, 1 during the official conference and 2 during the rump session. Among the other sessions I mention that the best paper was given to this paper by Antoine Joux and Vanessa Vitse for the enhancement of index calculus to break elliptic curves. Such scheme, some times referred to as key whitening, is used in the DESX construction and in the AES-XTS mode of operation (just a few examples).
Ross Anderson
By Rich There are a whole spectrum of options available for securing enterprise data on iOS, depending on how much you want to manage the device and the data. ‘Spectrum’ isn’t quite the right word, though, because these options aren’t on a linear continuum – instead they fall into three major buckets: Unmanaged devices are fully in the control of the end user. No enterprise polices are enforced, and the user can install anything and otherwise use the device as they please.
Securosis
Alan Shimmel has a post claiming If The Best Technology Won We Would All Be Using OS/2 . It’s not true, OS/2 wasn’t the best technology. And in any case, we are still using it. OS/2 was only a 16-bit operating system when it was released in 1987. Sure, it was better than MS-DOS, but it was already behind the Amiga and Xenix, a Unix variant that ran in a full 32-bits on the 80386. It wouldn’t be until 1992 that OS/2 would go a full 32-bits.
Robert Graham