In business models that depend on getting people to expose information in order to sell advertising around it, it seems like mistakes always seem to fall on the accidentally collecting too much information, versus mistakenly ever collecting too little. -- John Pescatore, VP at Gartner, Inc.Src: SANS NewsBites Vol 12 Num 41
QOTD - Pescatore on Google Wi-Fi Snafu
QOTD - Ranum on Online Privacy
If you don't want to make something public don't blog, facebook, tweet, or otherwise publicly announce it! Three people can keep a secret if two of them are dead and nobody has published it on the Internet for all their 'friends' to see. -- Marcus Ranum, CSO of Tenable Network SecuritySrc: SANS NewsBites Vol 12 Num 42
QOTD - Pescatore on Facebook & Privacy
There is a big difference between making user privacy controls "simpler" and making user privacy a core feature in all Facebook software development. Especially in a business model in which all revenue depends on getting people to expose information so you can sell advertising around it. -- John Pescatore, VP at Gartner, Inc.Src: SANS NewsBites Vol 12 Num 41
QOTD - Baker on Risk Models
Wade Baker, of Verizon Risk Intelligence, replying to a post on the Security Metrics mailing list about whether risk models are useful for non-tangible assets (human life or infosec assets that can't easily be quantified):
Having an impact that is extremely high (ie, human life) doesn’t invalidate the use of a risk model. If the probable impact is so high as to be intolerable, that simply means that risk level is intolerable regardless of threat frequency (which means keep spending money). Of course, the question is whether the impact of something (even human life) is truly intolerably high. The government enters wars knowing that life will be lost. I drive my family around in a car knowing there’s a chance of a fatal accident.Reprinted with permission of the author.
As to [whether] the financial models don’t work because governments don’t have profit – governments spend the money of the people. I’d be quite happy if the government spent my money as though they had to be mindful of operating in the black.
QOTD - Online privacy is like a Tattoo
Posting something online is almost as bad as getting a tattoo. The act of pulling it off or making it disappear ultimately is expensive, and it's never complete. No matter what you do about it, it leaves a little scar. -- Paco Underhill, author of "What Women Want" and "Why We Buy."Src: In shoppers' online networks, privacy has no price tag
QOTD - Shostack on Infosec & Oil Platform Engineering
Replying to a series of posts on the Security Metrics mailing list about whether information security is (or can aspire to become) an art, a science, or an engineering discipline, Adam Shostack, author of The New School of Information Security, wrote:
I think we're more like oil platform engineers than bridge engineers. Our mistakes are hidden, hard to estimate, and residue is turning up in unexpected places.Note: posted with author's permission
QOTD on Home Users
Home users remain the most susceptible to infected malware and socially engineered threats, such as advertisements and personal assistance sites. -- Official Microsoft BlogSrc: The Official Microsoft Blog – News and Perspectives from Microsoft : Microsoft’s SIR v8 Offers Insight and Guidance on Cyber Defense
QOTD on PowerPoint
"PowerPoint makes us stupid, " said Gen. James N. Mattis of the Marine Corps.
Brig. Gen. H. R. McMaster, in a telephone interview said about PowerPoint: "It’s dangerous because it can create the illusion of understanding and the illusion of control. Some problems in the world are not bullet-izable."
One slide in particular, packed with minute details, has made the news recently when General McChrystal was reported as saying: "When we understand that slide, we’ll have won the war."
Src: Enemy Lurks in Briefings on Afghan War - PowerPoint - NYTimes.com
Brig. Gen. H. R. McMaster, in a telephone interview said about PowerPoint: "It’s dangerous because it can create the illusion of understanding and the illusion of control. Some problems in the world are not bullet-izable."
One slide in particular, packed with minute details, has made the news recently when General McChrystal was reported as saying: "When we understand that slide, we’ll have won the war."
Src: Enemy Lurks in Briefings on Afghan War - PowerPoint - NYTimes.com
QOTD on Malware Kits
Malware kits are developed, released, and updated just like legitimate products – complete with advanced features and minor releases to improve kit effectiveness. -- Official Microsoft BlogSrc: The Official Microsoft Blog – News and Perspectives from Microsoft : Microsoft’s SIR v8 Offers Insight and Guidance on Cyber Defense
QOTD on ATM fraud
Crooks can steal every dime you own in seconds, and you won't even know it. -- Jody Barr, for WIStv.comSrc: ATM skimmers steal your info in seconds, becoming more popular - WIS News 10 - Columbia, South Carolina
QOTD on Malware Kits
People can launch attacks without even knowing a line of code, and the infrastructure now exists to pay the attacker per exploit achieved.Src: Russia dominating automated malware kit market - V3.co.uk - formerly vnunet.com
With an attack kit there is literally 'an app for that' and it is driving the explosive growth in internet-borne threats such as spam and zero-day attacks with new kits popping up every day. -- Bradley Anstis, VP of Technology Strategy at M86 Security.
Subscribe to:
Posts (Atom)