In my last post on the DLP side of information-centric security, Adrian rightfully dropped a comment criticizing my narrow view. Since this is something he’s been talking about himself, I feel I owe a little clarification. I only meant that post to reflect how a portion of information-centric security technology will evolve; the truth is it’s much broader than that.
Remember that cold boot encryption attack we talked about last week? Looks like someone went out and released a public tool that replicates part of the functionality of the Princeton tool. I thought it would take a little longer; guess I was wrong. Does this change my advice? Not really- your best bet is still to maintain physical control of your laptop, and the odds are still pretty low you’ll have to deal with this in the real world. But keep asking your vendors how you need to configure your…
Over the past couple of weeks Mike Rothman has been posting his Security Incites, a series of predictions for 2008. Prediction number 9 was titled, “Get the Jumper Cables for DLP”, and I, of course, have to disagree with at least some of it.
This week, our question is courtesy of Allen:
… As a long time Mac user and an inspiring security professional (i am in the process of completing my CISSP certification), I found this article on Macworld’s web site to be very fascinating. If you could please comment on this on your web site and/or on your podcast would be very grateful.
It seems that every time I write the next part of this multipart series I find myself apologizing for taking too long between posts. I swear I have a good excuse this time- with the whole doctor sticking cameras into my shoulder, shaving out bits, cutting tendons and tying them to new places, putting in plastic anchors, and sewing torn parts of muscles together thing. I’m 11 days into my recovery and while the days are fine, despite learning not to use my arm for the next three months, the…
Today, Mark Curphey posted about Tenets of Effective BPM. He lays out five high level principles for doing business process management. This is really great stuff. It’s so good, in fact, that I’m going to quote a huge chunk of his post here:
Boy- never get shoulder surgery if you can avoid it. Although I can type, the pain, lack of sleep, and other restrictions probably have me down to 50% productivity. No fun when you work for yourself. Trying to not use my right arm for any lifting, pulling, pushing, or reaching for the next 3 month swill be an interesting prospect.
Securosis is very pleased to announce that Debix is providing a year of free credit protection to three lucky readers.
Those of you who read this site and listen to the Network Security Podcast know that I’m a big fan of preventative credit protection instead of just passive monitoring. I’ve been using Debix for a few months now and am extremely pleased with the service. Normally I never pick one vendor over the other, but there are only two providers in this market, and LifeLock has a sordid…
I really don’t see the appeal of the whole drug thing. I’ve never been into recreational drugs other than alcohol, and even that I prefer in moderation. By “never been into” I mean never tried. Nope- didn’t hold it, didn’t inhale.
Even in my drug-addled state last week it was hard to miss the cold boot encryption attack released by Ed Felten and the Princeton Center for Information Technology Policy. This is some seriously impressive work with major implications, but despite all the articles I’ve seen there has been little information on how to evaluate and mitigate your personal or organizational risk.