Episode 0x3A
We Can Do Better
Before we get too far into things this week, I want to draw special attention to Rich Mogull's $500 Cloud Security Screwup posting. Truly awe inspiring and an example of Doing Infosec Right - admitting that you screwed up and getting on with the solution rather than the very common response which would include hiding what happened and hoping no one finds out that it was you who were the screwup. We should all act more like this. Moving along...
Upcoming this week...
Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowedAnd if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out.
DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work.
ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good.
In this episode:
News and Commentary Five Product Security Questions Nobody At CES Wants You To Ask. Because, you know, internets. Mandiant gets bought by FireEye Infographic: New ISO 27001:2013 - What Has Changed? Find security flaw, go to jail? Breaches Former TIAA-CREF Worker Gets 6 Years for Selling IDs OpenSSL Defacement - Not a Hypervisor Thing Riverside Health System 4-year-long HIPAA Breach Thank Goodness for the NSA! - a fable Yahoo infects people with Malware and makes the bitcoin SCADA / Cyber, cyber... etc Several European manufacturers spawn NSA-proof Android “cryptophones” NSA denials DERP UK ‘Porn Filter’ Blocks Legitimate File-Sharing Services Mailbag We receive some of the most batcrap crazy emails here at LSD. What's the right response to people who don't just have a tinfoil hat, but are opting for the full ensemble? Dear MailbagCreative Commons license: BY-NC-SA