September 2007
124 posts
alexhutton: my macbook battery is dying. Health at 65% now (via Twitter / alexhutton)
alexhutton: hanging with Mr. Jones, talking Statement of Work (via Twitter / alexhutton)
alexhutton: I cannot get motivated! (via Twitter / alexhutton)
Interesting Post on Threat/Vulnerability Pairing
From Cigital’s corporate blog. Quoting Sammy Migues:
In my recent reviews of what’s going on in the world, risk modeling exercises related to application security seem to stretch on for two primary reasons:
1. An obsession with knowing every “threat”
2. Not having a good rule for deciding when a threat-vulnerability-control coupling deserves no more scrutiny
What I’ve evolved over the past...
alexhutton: going to get a hair cut (via Twitter / alexhutton)
NERC Infosec Standards and Hollywood
About a year ago there was some good SCADA noise on the SBN & in the IRM blogger world. I’m sure real world issues (like NERC’s InfoSec standards) have kind of quieted that.
Hopefully, with “simulated hack” videos showing impact more graphically than probable dollars amounts on a spreadsheet, those who learn by movie plot line will re-evaluate their risk tolerance.
“It’s equivalent to 40 to...
Happy Petrov Day!
I’m reminded that today would be an appropriate day to honor world-hero Stanislav Yevgrafovich Petrovtoday by Overcoming Bias:
“Petrov decided that, all else being equal, he would prefer not to destroy the world. He sent messages declaring the launch detection a false alarm, based solely on his personal belief that the US did not seem likely to start an attack using only five missiles.”
...
alexhutton: @jonrobinson: Security Certification & Accreditation (via Twitter / alexhutton)
alexhutton: @mcwresearch: Well, I used to have to get VPN products overseas back in the day… (via Twitter / alexhutton)
alexhutton: @mcwresearch: Maybe it’s “munitions” (via Twitter / alexhutton)
You Know, There Aren’t A Lot Of Songs With...
This morning brings talk of Pareto, Ruby (Tuesday) on Rails, and Risk to my RSS reader and our blog.
“SECURE” VS. ACCEPTABLE RISK
First, I thought we might have fun discussing the nature of security, risk and compliance. Lots of praise for Marcus Ranum when he says,
Will the future be more secure? It’ll be just as insecure as it possibly can, while still continuing to function. Just like it...
alexhutton: @mcwresearch: I will make an effort to read it, but I think I may already agree with the premise… (via Twitter / alexhutton)
alexhutton: @mcwresearch: I will make an effort to read it, but I think I probably already agree with the premise, as repugnant as the alternative … (via Twitter / alexhutton)
alexhutton: @mcwresearch: Why? (via Twitter / alexhutton)
alexhutton: @jonrobinson: Mac - To be fair, neither claimed to be “1.0” - it’s also faster than Java was (is?) (via Twitter / alexhutton)
alexhutton: Used Two Adobe AIR apps today. It feels like Java Circa 1998…. (via Twitter / alexhutton)
alexhutton: @jonrobinson: yes it is.. It is pretty hot, think it has a good future… (via Twitter / alexhutton)
alexhutton: mmmm…. Staufs (via Twitter / alexhutton)
alexhutton: more work on biz plan for investors (via Twitter / alexhutton)
alexhutton: corporate vision just became a lot clearer (via Twitter / alexhutton)
Congrats To Mark Curphey
Mark Curphey’s tunred blue?!
Mark, who among the things he does, has the http://www.securitybuddha.com weblog, has joined Microsoft to commercialize his vision. So a quick note today to congratulate Mark Curphey on his transition to Microsoft, and here’s hoping that they provide him the resources he needs to achieve success not only for himself, but for us, IRM professionals, too.
(via...
alexhutton: tweetr is a fun Adobe AIR application for Twitter! (via Twitter / alexhutton)
alexhutton: hates Internet Explorer, we does (via Twitter / alexhutton)
alexhutton: trouble shooting css (via Twitter / alexhutton)
alexhutton: I WON ON BLINGO! AGAIN!!! (http://www.blingo.com) Ok, so it’s just a $5 gift cert to Amazon, but it’s more than Google ever gave me! (via Twitter / alexhutton)
alexhutton: ikea’s windows server is too busy to server me. It said so (via Twitter / alexhutton)
alexhutton: How can a journalist start a new paragraph with the word, “Plus…” http://tinyurl.com/2nhamk (via Twitter / alexhutton)
alexhutton: My 9 year old sun using Word: “Why does it go green?” (via Twitter / alexhutton)
alexhutton: I’m going minimalist on my laptop. All non-RMI applications, email accounts, etc. now go on the old g4 (via Twitter / alexhutton)
alexhutton: @jonrobinson: thanks, it would feel that way if we didn’t have clients, but interest in us is pretty strong (via Twitter / alexhutton)
alexhutton: @jonrobinson: Yeah, I know the feeling (via Twitter / alexhutton)
alexhutton: @jonrobinson: bet mine is tougher (via Twitter / alexhutton)
alexhutton: @jack_daniel: I’m going through the same thing…. I am the exception, I am the educated consumer. Just give me price. (via Twitter / alexhutton)
Call Me Fishmeal.: iPhone & iPod: contain or... →
Will Shipley shares my views on Apple
Who Has More Vulnerabilities != Who Is More...
It’s that time of year again, I guess. The time of year when people take the nice empirical #of vulnerabilities reported for the top technologies and offer them as data. From the eWeek article, Report: MS, Apple, Oracle Are Top Vulnerable Vendors:
”IBM’s X-Force released its 2007 report on cyber attacks on Sept. 17, revealing that the top five vulnerable vendors accounted for 12.6 of all...
alexhutton: @jonrobinson: That was the most culturally offensive, ridiculous website I’ve seen in a long, long time (via Twitter / alexhutton)
alexhutton: http://michaelisrael.com/ - AHAHAHAHAHAHAHA (via Twitter / alexhutton)
alexhutton: Chris Hoff Said: “endpoint oligopolies” and everyone at Panera looked at me funny as I laughed at my computer…. (via Twitter / alexhutton)
alexhutton: @Beaker: I like the way you write (via Twitter / alexhutton)
alexhutton: @jonrobinson: It is (via Twitter / alexhutton)
alexhutton: Man I hate Financial Projections for gathering investment dollars (via Twitter / alexhutton)
alexhutton: I need a software escrow service that’s reasonable (via Twitter / alexhutton)
Jericho In Pictures
A couple of weeks ago in New York there was a Jericho Forum meeting. I have other obligations, or else I would be there in person. I think that Jericho is interesting, and from a Risk Managment standpoint, not at all something to casually dismiss. But the forum meeting is the reason for all the recent press and discussion.
Jericho, for those unfamiliar with the Biblical story of old, was a...
alexhutton: Chax : http://www.ksuther.com/chax/ is critical for using iChat (via Twitter / alexhutton)
alexhutton: in fact, it’s a better chat environ. than adium (imho) (via Twitter / alexhutton)
alexhutton: Man, I gotta get an office (via Twitter / alexhutton)
alexhutton: helps with the ADD (via Twitter / alexhutton)
alexhutton: Fortunately there’s my ipod and the thought of little 30 second chunks (via Twitter / alexhutton)
alexhutton: @ BW3 feeling swamped by everything I have to do (via Twitter / alexhutton)
alexhutton: @jonrobinson: so yeah, why doesn’t everybody “get” this? (via Twitter / alexhutton)