Instead of my usual "blogging frenzy" machine gun blast of short posts, I will just combine them into my new blog series "Fun Reading on Security." Here is an issue #6, dated August 7th, 2008.
- DNS + Karma = Boom! Enuf said. Also, hear Pete Linstrom squeal.
- Fun essay on "blocking" and risk. Is it our job to stop'em from using Facebook?
- MS Exploitability Index. Smart ... or misguidedly focused on "vulnerability release" (and not creation)
- Chip-n-PIN, a PCI killer? I don't think so!
- Mike R revisits "good enough security" - read it, then review your IR plans (...for you will be 0wned)
- Very fun RSA survey here; data leakage beats malware again, people still not report incidents (to whom???)
- More and more and more people point at idiocies of academic security research... Read the whole w00t 08 thread here. Weep. Laugh.
- Neosploit has a bad quarter... breaks support "contracts" ... shuts down? Ah, the economy :-)
- Awesome stuff from Richard Bejtlich: CAER.
- "The Network Firewall is a Consensual Hallucination" :-)
- More GRC-ball-kicking: here, here ("IT-GRC "vendors" are not IT-GRC vendors") - both are pretty insightful for GRC-lovers and GRC-haters)
- More SIEM-ball-kicking: here ("underwhelming","ridiculous", "missing the point"), here ("dead ...unless","cripple")
- Fun DLP portal launches.
- Final word (?) on TerryChilds-gate here. "When management starts controlling the actions of admins, things start to fall apart." Huh? When management loses control of the business, it dies. Folks, IT vs IT security gap IS real. I never quite believed it, but this taught me a lesson. Some common security sense for a change (also here).