By now you’ve probably noticed that we’re spending a lot of time discussing the non-technical issues of web application security. We felt we needed to start more on the business side of the problem since many organizations really struggle to get the support they need to build out a comprehensive program. We have many years invested in understanding network and host security issues, and have built nearly all of our security programs to focus on them. But as we’ve laid out, web application…
All right, people, here’s the deal.
I just published my take on the whole “Apple he said/she said you do/don’t need antivirus” thing over at TidBITS. Here’s my interpretation of what happened:
‘In our last post in this series we introduced some of the key reasons web application security is typically underfunded in most organizations. The reality is that it’s often difficult to convince management why they need additional protections for an application that seems to be up and running just fine. Or to change a development process the developers themselves are happy with. While building a full business justification model for web application security is beyond the scope of this post…
It’s just Martin and myself again this week as we discuss PCI, online identities, telecom immunity, and one wacky data breach.
‘Did you buy one of the deeply discounted Plasma Televisions this weekend? How about a new digital camera? How about eBay? No, not something being sold there, but the company itself. Chris O’Brien over at the San Jose Merc speculates on what it would take to buy the auction site as there have been some rumors floating around on this subject, and indirectly points out why cash is king. Meanwhile while the London times claims Microsoft was doing a little Black Friday shopping of it’s own, another…
‘This Sunday’s Arizona Republic picked up Brian Krebs article in the Washington Post about thieves tapping into home equity lines of credit. This is a very interesting, and just because their are people out there who actually still have home equity, but that this is a very simple con with potentially devastating affect. One of which is there was no data theft here, rather the information was mined legally. Second is that when the bank falls for the con, since they believe it was the borrower who…
‘It’s official- Arizona Governor Janet Napolitano is President-Elect Obama’s choice for Secretary of Homeland Security.
I’ve only been living in Arizona for about 5 years now and have been consistently impressed with Napolitano. She’s a Democratic gove or in a mostly-red state and well respected by everyone except the extreme end of the GOP. Very pragmatic, organized, and level headed. I realize most of you readers aren’t very familiar with her, but as a local constituent she’s a strong choice,…
Happy Monday everyone. This year I broke with tradition and actually ventured outside of the house of Black Friday. We didn’t see too many deals, but I did manage to grab a new rolling tool chest for the garage. That was before I heard about the disgusting hoard of lowlifes that killed some poor temp worker in Long Island because he had the gall to stand between them and a plasma TV at Wal-Mart. That incident represents everything that can go wrong with a capitalist society, and this is the last…
Hard to believe we’ve been around to post this yet a third time, but here you go. Our list of advice for shopping safely online this year; and we even updated it this time:
PayPal announced their Mobile PayPal offering this week. Really nothing new here from a technology standpoint as it leverages existing services and the Verisign/PayPal security key. Why I was interested in the release was the signal that they are putting more resources behind this market. I am still shocked that payment via cell phone did not catch on like wildfire in US. Look at adoption rates of cell phones, SMS, twitter and the like, and I would have bet that payment would have been right…