Archive for the ‘Information Security’ Category

Interesting Summary of Data Breaches

October 3rd 2008

Verizon’s security blog has published a summary report of data breaches investigated by their security team. The report covers 500 security breaches they investigated between 2004 and 2007. There are a lot of graphs and tables summarizing threats and impacts.

The authors sensibly point out that this is based on a limited sample, but it’s great to see this sort of report. Many experts are skeptical about the CSI/FBI Computer Crime Survey since it simply asks industry people what they think the threats, risks, and impacts are.

Posted under Information Security | No Comments »

Computers don’t work when you lie to them

September 22nd 2008

Here is a terrific (but depressing) article by Saul Hansell explaining how the Wall Street meltdown was fueled by feeding nonsense to the risk management systems in the big investment houses.

The systems did not have models of those weird derivative instruments being traded, so traders would say they were trading a generic (safe, well-understood) loan instrument. So the systems did not really model the risk.

I find this really heartbreaking. I have to believe some people behind the scenes knew what was going on, and I can imagine them losing the argument with their bosses when they tried to fix things. Continue Reading »

Posted under Information Security | No Comments »

Revising OpenID for WordPress

September 21st 2008

Will Norris is working on a revision to OpenID for WordPress. This is good, and I have some observations and suggestions. At the moment the OpenID plugin works pretty well - I have separate logins delegated through domains I own. I routinely log in through OpenID for both routine and administrative activities. Continue Reading »

Posted under Information Security & WordPress | 2 Comments »

SSL with WordPress 2.6

September 20th 2008

This is more of a reminder to myself - you can enable SSL on WordPress, but it’s essentially an undocumented feature. This afternoon all I could find was a forum posting on enabling SSL.

There doesn’t seem to be genuine documentation on it in the Codex, at least, not documentation that pops out when you do a search. Continue Reading »

Posted under Information Security & WordPress | No Comments »

Next »