Wednesday, April 30, 2014
“What we've got here is failure to communicate” Strother Martin in Cool Hand Luke There are still many companies that do not consider IT a strategic tool and therefore don't give them a voice in the boardroom.
Company Leaders Misjudge Impact of Data Loss on Revenues: Research
According to a report from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company's leaders do not equate losing confidential data with a potential loss of revenue.
The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it. Forty-eight percent said their board-level executives have a subpar understanding of security issues.
“Tis a puzzlement” But, that's what makes it interesting!
Alan Butler of EPIC writes:
Today the U.S. Supreme Court heard oral argument in Riley v. California and United States v. Wurie, two cases involving the warrantless search of an individual’s cell phone incident to arrest. These cases present an important and fundamental Fourth Amendment question: whether the police can search the entire contents of an individual’s cell phone incident to any lawful arrest. As others have noted today, the Justices seemed to recognize that cell phones and other digital devices create a “new world” that justifies a modified search incident to arrest rule. But the Justices struggled throughout the arguments in both cases to identify a workable rule.
One important practical insight from Orin Kerr is that, given the short time frame for a decision (the case will be decided by mid-June), it is possible the Justices will seek a unified majority author for both the Riley and Wurie opinions. Given that consideration, and the facts and arguments in Wurie, it is possible that an unexpected “middle ground” compromise will emerge focused on the plain view doctrine. But regardless of the particular majority approach, it seems very unlikely that the Justices will endorse the broad categorical rule that all individuals’ cell phones are subject to limitless search incident to arrest. And if the Court can’t agree on a compromise solution, Justice Kagan might have enough votes for a categorical ban on warrantless cell phone searches.
Read more on EPIC.
America's Nuclear Arsenal Still Runs Off Floppy Disks
America just got a reminder that its nuclear arsenal is old and getting older. On last night's 60 Minutes, Lesley Stahl met two “missileers” charged with watching over and controlling Minuteman III intercontinental ballistic missiles in Wyoming, and the control room was not what Stahl—or I—expected: There's no “big button,” but there are floppy disks.
Like the old, big 8-inch floppy disks. Like the kind, pictured above, that are often featured in a computer history museum or found in your attic, beneath old DOS manuals. Like, not even the newer, 3.5-inch model of floppy disk. That's how they control our nuclear missiles. At 23 years old, the deputy missileer said she had never even seen a floppy disk before finding one that can help wreak untold carnage on planet Earth.
It amazes me when things like this seems to go “unnoticed.” More likely, someone did a crappy job of measuring China yet that became the “standard.”
China overtakes the US: your questions answered
The FT reported this morning that China will overtake the US as the world’s largest economy this year. This is a historic moment since the US has been the global economic powerhouse since about 1872. As Jamil Anderlini, the FT’s Beijing bureau chief explains, the news is an important geopolitical moment. Everyone has known the moment was coming (the IMF’s projections suggested 2019) but the report from the International Comparison Programme came as a shock, saying the Chinese economy was already 87 per cent of the US size in 2011. The figures are based on new estimates of Purchasing Power Parity (PPP) and inevitably raise a lot of questions. I will attempt to answer them here.
I'm trying to talk the “Security Club” into creating a wiki listing tools (free or not) along with “Best Practices” Stay tuned!
Six Essential (Free) Tools For Security Teams
Information security is a big topic with a lot of disciplines, and hardly anyone is an expert in all of them. The good news is that there are some truly remarkable free tools out there that not only can help you and your team get things done, but also provide a great way to learn new security skills quickly.
… if you don’t see your favorite tool, please add them in the comments at the bottom.
Network Tools: Wireshark
System Tools: Sysinternals
Web Application Testing Tools: OWASP - ZAP
Browser-based Pen Testing: BeEF