Securosis Blog

Due to popular demand, there’s now an OpenOffice format (.ods) file for the Mozilla security metrics project.

You can pick up the file here…

This is a non-security post… I did not get a lot of work done Thursday afternoon. I was shopping. Specifically, I am shopping for a new laptop. I have a four year old Fujitsu running XP. The MTBF on this machine is about 20 months, so I am a little beyond laptop shelf life. A friend lent me a nice laptop with Vista for a week, and I must say, I really do not like it. Don’t like the performance. Don’t like the DRM. Don’t like the new arrangement of the UI. Don’t like the lowest-common-denominator…

Ryan Naraine just posted an article over at ZDNet about a project I’m extremely excited to be involved with.

Just before RSA I was invited by Window Snyder over at Mozilla to work with them on a project to take a new look at software security metrics. Window has posted the details of the project over on the Mozilla security blog, and here’s an excerpt:

Reading Wired this morning (and a bunch of other blogs), I learned that a judge ordered Google/YouTube to turn over ALL records of who watched what on YouTube. To Viacom of all organizations, as part of their lawsuit against Google for hosting copyrighted content. The data transfered over includes IP address and what was watched.

In Part 1 I talked about the definition of endpoint DLP, the business drivers, and how it integrates with full-suite solutions. Today (and over the next few days) we’re going to start digging into the technology itself.

My posts today on SecurityRatty inspired a bit more debate than I expected. A number of commenters asked if someone still links back to my site, how can I consider it theft? What makes it different than other content aggregators?

Guess they don’t bother to review the content they steal…

Update- I think I’ll call this attack “Rat Phucking”.

I’ve talked to some of the local crew, and we’ve decided to hold a special pre-BH/DefCon SunSec on July 31st (location TBD).

Like most other security blogs in the world, my content is regularly abused by a particular site that just shovels out my posts as if it was theirs. This is an experiment to see if they bother reading what they steal.

The theft of Citibank ATM PINs is in the news again as it appears that indictments have been handed down on the three suspects. This case will be interesting to watch, to see what the fallout will be. It is not still really clear if the PINs were leaked in transit, or if the clearing house servers were breached.