Beth Chalecki asked me to give a talk on cyber security for her course at Boston College. While I won’t post the slide deck here, I will compile a reading list on the blog. I’d like to note that the blogroll at right includes several of the big names in the field: Bruce Schneier, C. … Continue reading
I call “bull.” African botnets are not WMD, and the solution to African botnets is not to prosecute the lucky few who have computers there. Franz-Stefan Gady is completely out of touch with the realities of IT in Africa. The last thing African governments need is shunt scarce resources into prosecuting cyber criminals, particularly within … Continue reading
Steve Kroft of 60 minutes covers cyberwar from the perspective of computer network operations and critical infrastructure. It is a welcome change from the usual fare of robotic weapons, web defacement, and online chat group flame wars. The video and transcript are available at 60 minutes. Well worth the watch.
Microsoft’s Security Intelligence Report seems to be the source of commonly quoted statistics about spam’s share of internet traffic. The ominous 97% figure is the fraction of email messages that are blocked by automated spam filters. The point of the statistic is not that spammers have overwhelmed the Internet’s fragile bandwidth; but rather that using … Continue reading
One question I find myself answering frequently is “How much data is stolen?” Put differently, friends and colleagues want to know how much data theft qualifies as a lot, or too much. Often people have the belief that they would already be aware of the problem if it was truly widespread. Thanks to legislation forcing … Continue reading
Supply chain penetration is a vulnerability that has been in the news a lot recently. Corporations and governments know that IT systems hold the keys to the kingdom, but so far they have not been able to batten down the hatches of the supply chain. Corporations don’t want information about these types of problems to … Continue reading