Category: Dialogue

Why Some Merchants Should Not Worry About PCI

When I had my hair cut today, I got to thinking about what level of responsibility this small business should have to protect my credit card data. This is not some big chain. It’s one lady with a couple of

Posted in Dialogue, Risk Management, Standards Tagged with:

I Support George Hotz

For the past couple of weeks, I have been reading with great interest the coverage of Sony deciding to bring suit against George Hotz. George, or GeoHot, as he is known, and others like him, hacked the PS3 after Sony

Posted in Dialogue, Encryption, Ethics, Personal Liberty, Secure Design

The Security Diplomat

I have a dirty little secret. It doesn’t have anything to do with the NSA, a leaked memo or pink leotards. But it’s a secret just as earth-shattering, just as awe-inspiring and just as potentially devastating as any other well-hidden

Posted in Dialogue, Risk Management, Secure Administration, Secure Design

Where do You Draw the Line?

As a young infosec practitioner, I quickly learned that morals and ethics had to be intertwined with everything I did. Someone with the knowledge of how to defend systems usually has a pretty good grasp on how to attack them.

Posted in Dialogue, Ethics

The Ethics of Publicly Disclosing Breaches

In the security research community, it is commonly held that the ethical thing to do when discovering a vulnerability is to contact the software developer. Only after a lack of response, after the vulnerability has been fixed, or after the

Posted in Dialogue, Ethics, Incident Response Tagged with:

The Cost of Security

When I went searching for a better interest rate for my emergency fund, I ran across a bank that offered over 5%, with relatively few restrictions. I thought this might be a good bank to work with. So I set

Posted in Dialogue, Personal Liberty, Privacy, Risk Management

Daniel Cid Honored by the OSSEC Community

Today, we thank Daniel Cid for creating OSSEC. Daniel has been working on OSSEC for a long time now. He started on it long before being snatched up by Third Brigade, having already put thousands of hours into the project.

Posted in Dialogue

2WoO Day 1: Crowdsourcing Log Integrity & Non-repudiation

Since version 1.2, OSSEC has generated daily, chained MD5/SHA1 checksums of the alerts log, and if logall is enabled, the archives.log. As Daniel notes in his blog post, this can provide you with a mechanism to prove that a particular

Posted in Dialogue, Intrusion Detection, Log Analysis, Log Management, Secure Design Tagged with:

Second Annual Week of OSSEC

Last year I spoke at a conference on OSSEC and, in celebration, decided to create an entire week of blog posts about OSSEC. It was received pretty well. A few people were even inspired to contribute their own posts. Well, there are a

Posted in Dialogue, Intrusion Detection, Log Analysis Tagged with:

I’m Still Around

Yeah, I haven’t updated the blog in over two months.. When I started this up, I decided I didn’t want to make this a second job. I decided that if I didn’t update it in awhile, I would be OK

Posted in Dialogue