We’re using the fantastic kNeu icon set in the application, and we’ve expanded on a couple of them. In the spirit of the original set, these are also available under the GPL:
Archive for the ‘Uncategorized’ Category
(more) kNeu Icons
Monday, June 8th, 2009
Data breach risk
Friday, May 8th, 2009According to Verizon the average insider-sponsored data breach nets the attacker 100,000 records. This is considerably more than attacks from other vectors (outsiders & partners), which makes sense if only from a bandwidth perspective.
Interesting though it is to read about, Spire Security makes the point that multiplying %of attacks by #of records stolen to calculate pseudo-risk (likelihood x impact) isn’t especially useful. (Unlike him, I’m more inclined to forgive the base rate fallacy problem since the solution shouldn’t be to change the structure of a business’ affairs.)
I think the major flaw in calculating risk is that there is so much variety in how you can calculate the impact. If stealing 100,000 records means taking the company directory, it’s relatively benign: in fact taking so many records might be a symptom of not knowing what they want to take.
And copying 8 million prescriptions is less bad than deleting them, which is itself less bad than altering some of them to be fatal.
TSA: “really stupid”?
Friday, May 8th, 2009Representative Peter DeFazio: “I helped create the TSA.”
Rep. Peter DeFazio actually dealing with the TSA: “This is really stupid.”
Source: Washington Post
Authentication: expensive, difficult and rare
Friday, April 24th, 2009Another reminder that authentication is expensive, difficult and rare.
Expensive: Review of grants costs more than the grants themselves
the $40,000 (Canadian) cost of preparation for a grant application and rejection by peer review in 2007 exceeded that of giving every qualified investigator a direct baseline discovery grant of $30,000 (average grant)
Difficult: Baseball Fights Fakery With an Army of Authenticators
“No one touch it until the authenticator gets there,” a Yankees official instructed.
Authenticators carry rolls of high-tech hologram stickers. A bullet-shaped one is placed on the object. Removing it leaves polka dots of the decal attached and renders the removed sticker unusable. A second sticker, with a matching number and a bar code, is scanned by a hand-held unit, instantly recording the item into M.L.B. computers. The authenticator types in details — who hit the ball and when, for example.
Rare: Ebay leads to more fake antiques:
Our greatest fear was that the Internet would democratize antiquities trafficking and lead to widespread looting… It appears that electronic buying and selling has actually hurt the antiquities trade.
risk of arrest–is also removed by eBay fakes, since you can’t be arrested for importing forgeries. Should you import what you think is an illegal antiquity but it turns out to be a fake, you run little risk of prosecution
those dealers that provide private sales are some of the forgers’ best customers, knowingly or otherwise. In fact, the workshops reserve their “finest” pieces for collectors using the same backdoor channels
In poor economy, more IT pros could turn to e-crime
Monday, March 30th, 2009KPMG weighs in to remind us that employees do commit fraud
The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations, and law enforcement agencies.
In the survey, KPMG said that fraud committed by managers, employees and customers tripled compared to 2007, which indicates that the recession will likely only exacerbate those problems.
Blowfish on 24
Thursday, March 19th, 2009I spend a lot of my time polishing my explanation of why the algorithms we use are secure (namely that you can’t figure out the file that generated a specific hash from the hash) and it’s always a little saddening when I get responses along the lines of “Can’t you hack it?”
Apparently on this week’s episode of 24, there was a particularly bad example of this problem:
JG: Mr. O’Brian, a short time ago one of our agents was in touch with Jack Bauer. She sent a name and address that we assume is his next destination. Unfortunately, it’s encrypted with Blowfish 148 and no one here knows how to crack that. Therefore, we need your help, please.
…
MO: The designer of this algorithm built a backdoor into his code. Decryption’s a piece of cake if you know the override codes.
LM: And you do?
MO: Yeah.
LM: Will this take long?
MO: Course not.
The dialogue is ridiculous on so many levels (as it tends to be on 24 for anything technical) but Blowfish is a real algorithm. But what is especially egregious (once you get past the slanderous claim that Bruce Schneier left a back door in the algorithm & that nobody found it) is that 24 frequently uses torture to get information and the only serious threat to modern cryptography is Rubber-Hose Cryptanalysis.
Re: Experts question fallout from new Monster hack
Saturday, February 7th, 2009“For the second time in less than 18 months, the job-search Web site Monster.com was breached“, Money quote from Bruce Schneier:
“All the public events tell you are, these are attacks that were successful enough to steal data, but were unsuccessful in covering their tracks.”
SWAT Record Keeping
Friday, February 6th, 2009According to Radly Balko, apparently SWAT Teams keep poor records:
“In cases where a raid resulted in no charges, the warrants are actually often thrown out. Of course, those are the very cases we want to know about.”
It seems strange that organizations with guns (he’s refering to armed raids) are held to laxer records keeping standards than businesses.
pChart is Gorgeous
Saturday, January 24th, 2009
It looks like we’ll be using pChart for reporting in the Enterprise versions.