Monday, July 20, 2009

If you only read one article on Information Security...

[... this is it]

Actually, this is a bit unfair because after reading this one article, you'll be compelled to read more.

Richard Bejtlich's article sums this up nicely. He links to another blog post by Verizon Business.

I have some issues with Verizon Business's annual report but it is probably the most important document on Information Security to be published.

My one criticism of the Verizon Business Breach Report is that it shows credit card data to be more at risk than anything else. I was never sure if this is because it is easier to abuse than other data (such as Intellectual Property) or is just easier to detect when it is abused. According to the article, it is the latter. IP is leaving our companies, we just don't know it.

When a whole bunch of credit card information is stolen then the banks track which credit cards are abused. They are good at this and they slowly work out where all the credit cards were used together. So, if 5 credit cards were all used at a specific shop and then end up being abused that points to that shop having had an information breach. In the case of IP, there is no bank tracking abuse so you have to track it yourself... and companies are really bad at that.

The other point which I found quite amazing is that very few times when a PC is lost, is it used for fraud. End point encryption is cheap and easy to apply so it should be done, but most information is lost, not through assets being lost but through network attacks.

Tuesday, July 7, 2009

[OT] Men are chickens**t.

If you walk into (any) Exclusive Books book store and go to the counter you will be confronted by a whole bunch of gifts.

There are bookmarks, pens, little torches etc. And there are little gift-books. Some are small, some are sentimental, some are silly but they are all intended to be gifts.

So, on the counter at the EB in Cresta shopping centre are two boxes that hold books. One is called "Don'ts For Husbands" with a blue cover and one is called "Don'ts For Wives" with a pink cover.

Now remember, these are by the gift books, not on the shelves where you'd go to browse and buy a book for yourself. So, the intention of these books is for a husband to buy for his wife and vice-versa.

All the "Don't For Husbands" were snapped up by wives and given. The "Don'ts For Wives" were still on the shelf. The one copy that was purchased was apparently buried with the husband the next day.

You've got to love married bliss.

(This whole article is true - except for the bit about the one copy of "Don'ts For Wives" missing.)



(The pic above is not such great quality but take my word for it - there are no copies in the left box and the box on the right is almost full.)