“Dude, you’re gettin’ a Dell.” And by Dell, I mean a pointy stick in the eye
Welcome our newest candidate for “dark lord of the pit”, Dell. According to court documents, they knowingly sold faulty computers and covered it up for years. Despicable. What bothers me the most about this is the callous attitude that Dell had for the security, safety, and livelihood of the folks they sold to; from betanews: Capacitors had been known to leak, and in some cases...
Read MoreUS Government: Serving up whale for over 100 years
Interesting… If you haven’t seen the coverage, the FTC forced Twitter to update its information security program after a slew of information security issues including password problems, breaches, and fraudulent claims about the security of the site (in other words, claimed protection measures that just weren’t implemented the way they said they were). Check it out: In one...
Read MoreRestaurateurs, SIs, and PCI
Dan Kaplan has a piece in SC Magazine on the lawsuit being filed against SI/resellers Radiant Systems and Computer World by some restaurants in Louisian and Mississippi. Dan interviewed me for the piece: Diana Kelley, founder of consultancy Security Curve, said she understands where the restaurants have a case, considering Visa alerted the two defendants in April 2007 that their systems were...
Read MoreReally CIS?
OK, so I saw in the industry press that CIS had put out configuration guidance for the iPhone. This seemed interesting to me, since I’m now an Android user (love it, by the way) – I think the Google phone is the best thing since sliced bread. Not that the iPhone and Android are the same thing – just because I feel a kinship with the iPhone users for some reason. Anyway, I...
Read MoreA higher standard for security pros?
So, today I came across a small reference (via HackInTheBox) about how one of the UK’s premier forensics experts committed perjury by claiming to have a degree that he didn’t, in point of fact, have. It barely made a blip in the press – after all, it wasn’t a huge sentence (he got a suspended sentence and a small fine), his colleagues say that there was no doubt as to his...
Read MoreMassachusetts – 6 Million People Can’t be Wrong
Hey, so have you been keeping up with all the awesomeness going on in Mass? In case you haven’t noticed, there’s a bunch of new stuff out there. There’s 201 CMR 17.00 which requires encryption of personal data of a commonwealth resident no matter where it is. That’s pretty awesome, and it’s going to blow a hole in traditional IT. After all, how do you know...
Read MoreTime to sue Bruce?
Remember the other day when I was talking about why assigning liablity for buggy code was a bad idea? Bruce had argued that we should sue companies for buggy software – which I argued was not a good idea because smaller companies that made freeware tools (e.g. Counterpane) wouldn’t release such a tool given the risk. Well, as if to prove my point, the folks over at Elcomsoft...
Read MoreCrank Yankers, Bill Clinton, and Digital Privacy
Everybody’s heard about the now-infamous Paris Hilton sidekick incident. It’s been the subject of numerous Internet parodies, television hijinkery, and entertainment gossip. Apparently, in a similar incident, Jimmy Buffet’s phone was stolen by a restaurant busboy and used to “crank yank” former president Bill Clinton. So where am I going with this? Who cares,...
Read MorePasswords not enough?
Typically, I come down on the side of “sufficient protection” when debating what type of authentication mechanism to employ in a given security scenario. Up until now, that meant that I felt that passwords were a fairy robust vehicle for protecting data. However, a recent ruling determined that passwords alone were insufficient protection to preserve trade secret information. In...
Read More“chaotic” and “a litigation bonanza”
Quotes from FCC Chairman Michael Powell on the FCC’s rules released on local telephone and broadband: “FCC Releases Rules on Local Phone, Broadband Competition.” Makes you wonder when the Chairman has such an uncomplimentary view of the rules. A lot of the rules pertain to discounts and sharing requirements of existing networks. If you’re interested in the full report,...
Read MoreIndustry Poised to Forestall Net Regulation">Industry Poised to Forestall Net Regulation
“Sounding a united alarm against intrusive federal regulation, industry officials cautioned that over-involvement on the part of the government could impede speedy disaster recovery operations by private companies. First and foremost, they agreed, Congress should keep its hands off when it comes to monitoring or controlling privately held networks.”
Read MoreCalifornia senate passes antispam bill">California senate passes antispam bill
ComputerWorld reports “the California State Senate passed a bill Thursday that would transform spam from a misdemeanor to a felony offense and cost spammers an estimated $500 per unsolicited e-mail sent.” The Bill is called SB12 and works on an opt-in model. Just think about the repercussions, lawyers can chase ‘spammers’ instead of ambulances now. More seriously,...
Read MoreClass Action Suit Against Major Credit Card Companies">Class Action Suit Against Major Credit Card Companies
Mark Ishman, a North Carolina lawyer, started a group called Triangle Law Center in February of this year. This month Ishman’s Triangle filed a class action lawsuit agains the major credit card firms for violating “Section 1962(c) and 1962(d) of the Racketeering Influence and Corrupt Organizations Act, Section 16 of the Clayton Act, Section 2(a) of the Robinson-Patman Act”...
Read MoreSecurity spending forecast: $6B">Security spending forecast: $6B
FCW quotes an Input report that predicts a 43% increase in the US Government’s security spending. As Sky Masterson would say, that’s a lotta lettuce. Vendors hoping to get some of it should look at FIPS compliance, especially 140 and the emerging 199 since most gov’t agencies do require adherence to these standards.
Read MoreSecurity research exemption to DMCA considered">Security research exemption to DMCA considered
Some sensible insights from Barbara Simons of the ACM in this article. The problem with this kind of legal protection is that it prohibits researchers and security professionals from being able to explore and publish/raise awareness about weaknesses. The cryptographic community has benefitted for a long time from independent researchers who try to crack published algorithms and expose ones...
Read MoreTuesday September 7, 2010
Diana Kelley's profile