Securosis Blog

I’m linking to Jim at DCS Security- he has the best SCADA background in the blog community and hopefully he’ll dig into this particular hack a little more:

The first flaw isn’t all that interesting (affecting older PowerBooks, and only under certain conditions) but methinks November will be pretty darn interesting:

One of the great things about the Internet is that it allows isolated assholes to connect and communicate like never before. Thus Rothman and I, mere professional acquaintances and friendly faces at a few industry events, can engage in deeper dialog, dragging any of our loyal readers down with us. (Mike and I are the assholes, not you guys. Except maybe for Will). I like it when smart guys like Mike push me, it makes for better analysis.

Evilsquirrel Enterprises Announces North American Expansion

Leaders in world domination to expand geographic services.

Undisclosed HQ, USA, Oct. 31, 2006 – Evilsquirrel Enterprises, the leading provider of world domination services, announced today that they are leveraging their best-in-class international infrastructure to expand into the North American market. As the preeminent world domination specialists, enterprises now have a truly global provider offering unmatched services and support.

There’s been a lot of hubbub the past couple of days over Christopher Soghoian posting a tool to let anyone print their own boarding pass. While I’m all for publicizing security silliness, I personally try and avoid things that might invite 2 a.m. non-social visits from the FBI.

Good security will almost always make you compliant (or pretty darn close, not counting all the documentation). Compliance alone will pretty much never make you secure.

The blogoshpere is kind of funny sometimes as we all run around referencing each other constantly, so you’ll have to excuse the “my sister’s best friend’s 2nd cousin twice removed’s boyfriends bookie” path for this post. (Actually, I really dig all our cross referencing, I think it creates a cool community of experts).

Jim over at DCS Security (a great new blog) just finished his last in a series of good posts on security layers.

Anton Chuvakin eviscerates me here for claiming there are very few 0days (what Shimel is starting to call Less than Zero Days).

Alan Shimel is reviving the zero day debate and coins a term “less than zero day” for vulnerabilities that are unknown from the public at large. Check out his series starting here, then here, and finally here. Rothman mostly agrees here, but (like me) isn’t enamored of the name.