information security

This tag is associated with 6 posts

Current events for Beth’s class

Beth Chalecki asked me to give a talk on cyber security for her course at Boston College. While I won’t post the slide deck here, I will compile a reading list on the blog. I’d like to note that the blogroll at right includes several of the big names in the field: Bruce Schneier, C. … Continue reading

Fuzzy Thinking on African Botnets

I call “bull.” African botnets are not WMD, and the solution to African botnets is not to prosecute the lucky few who have computers there. Franz-Stefan Gady is completely out of touch with the realities of IT in Africa. The last thing African governments need is shunt scarce resources into prosecuting cyber criminals, particularly within … Continue reading

60 minutes covers cyberwar

Steve Kroft of 60 minutes covers cyberwar from the perspective of computer network operations and critical infrastructure. It is a welcome change from the usual fare of robotic weapons, web defacement, and online chat group flame wars. The video and transcript are available at 60 minutes. Well worth the watch.

Where do spam statistics come from?

Microsoft’s Security Intelligence Report seems to be the source of commonly quoted statistics about spam’s share of internet traffic. The ominous 97% figure is the fraction of email messages that are blocked by automated spam filters. The point of the statistic is not that spammers have overwhelmed the Internet’s fragile bandwidth; but rather that using … Continue reading

How much data theft is a lot?

One question I find myself answering frequently is “How much data is stolen?” Put differently, friends and colleagues want to know how much data theft qualifies as a lot, or too much. Often people have the belief that they would already be aware of the problem if it was truly widespread. Thanks to legislation forcing … Continue reading

Spy uses subcontractors for access

Supply chain penetration is a vulnerability that has been in the news a lot recently. Corporations and governments know that IT systems hold the keys to the kingdom, but so far they have not been able to batten down the hatches of the supply chain. Corporations don’t want information about these types of problems to … Continue reading


CC License

Bookmark and Share
October 2016
« Apr    


People mentioned in this blog are hereby invited to post a reply, on this blog, to any remarks, disparaging or otherwise, that I make here.

For that matter, if you're an interested reader and you'd like to share your thoughts, I would welcome proposals for cross-posting at your blog, guest blogging, and other creative ideas you may have.