Some Random Security Thoughts

lulz! Pirate iz d4 b0mbz!

If you need a good chuckle, please go read my friend Pirate's blog. He has a "1337" AIM SN that draws all sorts of interesting random babble. A good way to laugh your day away. :) There is, incidentally, some security tidbits to glean from here... in particular, some first-hand observations of (weakly) attempted social engineering...

This quote reminds me of the security programs for many large orgs... :

Putt's Law: "Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand."

Security Focus has an article up, "Man-in-the-middle attack sidesteps SSL", talking about how changes in default browser behavior have resulted in a less secure posture that facilitates MITM attacks.

In an homage to resourcefulness, this reformed felon is looking to apply his high-end skills, including in security and computers, in his post-confinement life/career.

In a tribute to more shoddy Science... it turns out that the National Snow and Ice Data Center (NSIDC) has botched their measurements by using an obsoleted method in estimating Arctic ice/snow coverage... from a security perspective, this really highlights the importance of good data... look at the current financial meltdown on Wall Street... by most accounts, the crisis was largely due to very poor risk management decisions thanks to poor risk evaluations... this is very much a case of "garbage in, garbage out"... we must all learn to put a critical eye on numbers - particularly statistics...

Speaking of getting things right... it seems that the tide is turning a bit on the notion that we should live in fear of terrorists... The Bruce has a post up this week titled "Terrorism Common Sense from MI6" where a former big wig from Britain's MI6 spy agency talks about how there are far worse things to be concerned with than the random terrorist attack.

About this Entry

This page contains a single entry by Ben Tomhave published on February 19, 2009 3:49 PM.

PCI DSS v1.2 in a Nutshell was the previous entry in this blog.

Survived a Class with Rodrigo Gracie is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7