• On deceptive email I get from VeriSign

    by Ben Rothke on February 19, 2010

    VeriSign has long touted themselves as the company of trust. It is pervasive in their advertising, marketing literature, and in their corporate mission statements. Yet for years, VeriSign has been sending marketing emails that are deceptive. Note the email I just got with the subject: Give us 4 minutes, we'll give you a 4GB USB flash drive. That sounds like a pretty reasonable offer, and one would…

  • Security Warrior

    by Ben Rothke on February 17, 2010

    Security Warrior is an excellent security reference. As is the case in the physical world, when providing computer security the optimal approach is to be proactive. Security Warrior is about taking such a preventive approach to computer predators. Attackers are often highly skilled, and the authors have adopted the premise that the only way to defend a network is to understand the motives of a…

  • Forensic Discovery

    by Ben Rothke on February 16, 2010

    When most people think of forensics, television shows like Quincy and CSI come to mind. Where such shows deviate from reality is the unrealistic speed at which the actors are able to identify, apprehend and prosecute the perpetrators. In the real world, (unlike television, where the crime must be solved by the end of the family hour), crimes are solved with slow, deliberate and methodical steps. …

  • New Information Security Lawsuit -- Why Now?

    by Stephen Wu on February 16, 2010

    Over the years, many have doubted whether we will see substantial, real-dollar information security lawsuits. Some said that companies don't want to be embarrassed by filing suit and having to admit in their complaints that they've been hacked. Others said there's no money in it for potential plaintiffs (and plaintiffs' attorneys). In my opinion, I always thought we'd see plaintiffs filing cases…

  • Managing an Information Security and Privacy Awareness and Training Program

    by Ben Rothke on February 12, 2010

    Managing an Information Security and Privacy Awareness and Training Program is the definitive reference on creating an information security awareness campaign and program. Managing an Information Security and Privacy Awareness and Training Program is without a doubt the definitive reference on creating an information security awareness program Behind most information security problems are users…

  • Cryptography for Dummies

    by Ben Rothke on February 11, 2010

    Cryptography for Dummies is a really good introduction to cryptography. Cryptography is one of the most intimidating aspects of computer security, conjuring up, as it does, such concepts as hash functions and public-key infrastructures. For the average user who wants to know about cryptography without gaining the proficiency of a cryptographer, Cryptography for Dummies is the perfect…

  • Hacking For Dummies

    by Ben Rothke on February 10, 2010

    Hacking For Dummies is an excellent introduction to hacking for beginners. The media often mistakenly characterize hackers as bored technical geniuses. In truth, most hackers, as the media use the term, are not geniuses; they are simply adept at downloading hacking tools that do all of the dirty work for them. These so-called script kiddies often do not know what they are doing until the damage…

  • “Ten Commandments” of eDiscovery

    by Stephen Wu on February 9, 2010

    My colleague, Steven Teppler, recently spoke at the LegalTech New York trade show on eDiscovery and digital evidence topics. After attending the show, Steve posted a listserv mail concerning an interesting presentation at the show entitled "The Ten eDiscovery Commandments." The presenters were U.S. Magistrate Judges Frank Maas and Andrew Peck (both from the Southern District of New York). …

  • Outsourcing Information Security

    by Ben Rothke on February 9, 2010

    Outsourcing Information Security is required reading for anyone considering outsourcing information security functionality. When it comes to the outsourcing of information security functions specifically, the situation is even worse. Far too few organizations know the inherent risks involved with outsourcing security, and don't properly investigate what they are getting into. The same company…

  • The Many Shades of Project Grey Goose

    by Gib Sorebo on February 8, 2010

    As I noted in my previous post about a recent 60 Minutes segment, we often rely on rumor and innuendo as the basis for journalism in critical infrastructure. If a current or former high-ranking public official says he heard something, then it must be true. Unfortunately, Project Grey Goose, whose stated objective was “to answer the question of whether there has been any successful hacker attacks…

This document was retrieved from on Sun, 01 Feb 2015 14:40:33 -0500.
© 2015 EMC Corporation. All rights reserved.