May 04, 2007

Geer heads to Washington, Again

Dan Geer's testimony [mirror] from an April 23th hearing with the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology
is worth reading - especially if you want to understand how our security priories should stack up.

Dan recommends our government take steps to:

We need a system of security metrics, and it is a research grade problem.

The demand for security expertise outstrips the supply, and it is a training problem and a recruitment problem.

What you cannot see is more important than what you can, and so the Congress must never mistake the absence of evidence for the evidence of absence, especially when it comes to information security.

Information sharing that matters does not and will not happen without research into technical guarantees of non-traceability.

Accountability is the idea whose time has come, but it has a terrible beauty.

Posted by Abner at 10:19 AM

May 02, 2007

This Just In: DRM still doesn't work

DRM or Digital Rights Management is an uphill battle, the entertainment industry will never win.

The latest uproar is nicely outlined by the New York Times.

One hopes that the entertainment industry one day figures out the difference between access control and accountability.

Posted by Abner at 11:51 PM

L0pht

Ever wonder why every major technology vendor has a group of people dedicated to dealing with security vulnerabilities in their products? Because a group of guys were willing to stand up and expose the problems they found. CSO just posted a "Where are they now?" feature on the L0pht.

Posted by Abner at 04:35 PM

May 01, 2007

Phishing meets Internet Advertising

Don't forget, even the bad guys need a way to drive traffic to their malicous web sites!

Posted by Abner at 03:59 PM