I just read a great article on the Heartland breach, which I’ll talk more about later. There is one quote in there that really stands out:
I spent a lot of time debating with myself if I should wade into this topic. Early in my analyst career I loved to talk about national cybersecurity issues, but I eventually realized that, as an outsider, all I was doing was expending ink and oxygen, and I wasn’t actually contributing anything. That’s why you’ve probably noticed we spend more time on this blog talking about pragmatic security issues and dispensing practical advice than waxing poetic about who should get the Presidential CISO job…
I managed to constrain my rants this week, staying focused on the issue as Martin and I covered our usual range of material. I think we were in top form in the first part of the show where we focus on the economics of breaches and discussed loss numbers, vs. breach notification statistics.
Man, nothing feels better than finishing off a few major projects. Yesterday we finalized the first draft of the Business Justification paper this series is based on, and I also squeezed out my presentation for IT Security World (in March) where I’m talking about major enterprise software security. Ah, the thrills and spills of SAP R/3 vs. Netweaver security!
In our last post, we mentioned that we’d be giving a few examples for data valuation. This is the part of the post where I try and say something pithy, but I’m totally distracted by the White House press briefing on MSNBC, so I’ll cut to the chase:
I’m consistently impressed with the stupidity of certain financial institutions. Take credit card companies and the issuing banks. We’re in the middle of a financial meltdown driven by failures in the credit system and easy credit, yet you still can’t check out at Target (or nearly anyplace else) without the annoying offer for your 10% discount if you just apply for a card on the spot.
Warning- today’s introduction includes my political views.
History
Whatever your political persuasion, there’s no denying the magnitude of this week. While we are far from eliminating racism and bias in this country, or the world at large, we passed an incredibly significant milestone in civil rights. My (pregnant) wife and I were sitting on the couch, watching a replay of President Obama’s speech, when she turned to me and said, “you know, our child will never know a world where we didn’t have…
I have found a unique way to keep anyone from using my iMac. While family & friends love the display, they do not use my machine. Many are awed that they can run Windows in parallel to the Mac OS, and the sleek appearance and minimal footprint has created many believers- but after a few seconds they step away from the keyboard. Why? Because they cannot browse the Internet. My copy of Firefox has NoScript, Flashblock, cookie acknowledgement, and a couple of other security related ad-ons. But…
You’ve probably noticed that we’ve been a little quieter than usual here on the blog. After blasting out our series on Building a Web Application Security Program, we haven’t been putting up much original content.
Brian Krebs of the Washington Post dropped me a line this morning on a new article he posted. Heartland Payment Systems, a credit card processor, announced today, January 20th, that up to 100 Million credit cards may have been disclosed in what is likely the largest data breach in history. From Brian’s article: