F-Secure has an additional blog that launched today. It’s called Safe and Savvy . You’ll notice that the name is pink. That’s part of our new brand but it also reflects the authorship. Safe and Savvy’s contributors are the female employees of F-Secure (mostly). Hetta, Marja, Annika, Alia, Melody-Jane, (and Jason) have already gotten started. Read more of Hetta’s

My appearance on OWASP Podcast 61 is available. The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate. We recorded the podcast in late January. Jim asked me the following questions: Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days? What’s the difference between focusing on threats vs focusing on vulnerabilities? What is your problem with the “protect the data” mindset? What do you mean by “building visibility in”? What is your take on the Aurora/Google hack? You just tweeted that “Network Security Monitoring ideology is …

Good legal paper on the limits of identity cards: Stephen Mason and Nick Bohm, “Identity and its Verification,” in Computer Law & Security Review, Volume 26, Number 1, Jan 2010. Those faced with the problem of how to verify a person’s identity would be well advised to ask themselves the question, ‘Identity with what?’ An enquirer equipped with the answer…

While many are disappointed American turncoat Adam Gadahn was not the al-Qaeda operative arrested in Pakistan, as erroneously reported on Monday, there is still good cause to celebrate: Al Qaeda is on the run. And it is a fitting irony that Gadahn’s latest propaganda video, released last Sunday, serves as an indicator al-Qaeda’s time in Pakistan This story comes to us via Homeland Security – National Terror Alert. National Terror Alert is America’s trusted

The alleged mastermind behind the 2002 Bali bombings is believed to have been killed in a shoot-out with Indonesian police on the outskirts of Jakarta today. Dulmatin, nicknamed “the Genius”, was an explosives expert who was believed to have set off one of the Bali bombs with a mobile phone, as well as helping to This story comes to us via Homeland Security – National Terror Alert. National Terror Alert is America’s trusted source for homeland security news and information. Bali Bomber Mastermind Dulmatin Kiilled in Shoot-out

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird. Network Security Podcast, Episode 188, March 9, 2010 Time:

The U.S. Supreme Court is agreeing to decide how much personal information the federal bureaucracy may acquire on its workers. The justices, without comment, decided Monday to review a lower-court decision surrounding the concept of so-called “ informational privacy .” The 9th U.S. Circuit Court of Appeals in San Francisco struck down intrusive background checks last year on nearly three dozen National Aeronautics and Space Administration contractors as being too invasive — calling them an unconstitutional, “ broad inquisition .” The checks sought information from any source surrounding their sex lives, finances and even drug use. The contractors being investigated were not privy to classified information. The Obama administration, in …

The CEO of Lifelock, Todd Davis, became famous for advertising his Social Security number on television ads and billboards promising his $10 monthly service would protect consumers from identity theft. The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim of identity theft after signing up for the service. But the Federal Trade Commission said Tuesday that the claims were bogus (.pdf) and accused Lifelock, based in Arizona, of operating a scam and con operation. The commission announced, along…

Interesting commentary: I don’t think this is really a case about ISP liability at all. It is a case about the use of a person’s image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established…

Microsoft schedules its security updates on the second Tuesday of the month. Adobe recently began following this schedule as well, and while there are no Adobe updates today, there was an out-of-cycle security update two weeks ago. That update should now be applied if you haven’t already done so. Why? Because we’re now seeing the vulnerability (CVE-2010-0188) being exploited in targeted attacks ( Microsoft also ). Our sample was submitted by a European financial organization and the file name includes a reference to the G20 . The exploit drops …

A gunman shot three university employees early Tuesday morning on the Columbus campus of Ohio State University, killing one, Ohio State University Police told NBC News. University police said a suspect was taken into custody after heavily armed campus officers searched the area, just east of Ohio Stadium. via Source. This story comes to us via Homeland Security This story comes to us via Homeland Security – National Terror Alert. National Terror Alert is America’s trusted source for homeland security news and information. Gunman Kills One, Injures Two at Ohio State

The “Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)” (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here’s a good summary of what’s in it: The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft’s stored user information. It also…

Snort was one of the first security tools I ever used.

Western leaders are often at odds over how to take on the threat of Islamic terrorism. Al Qaeda, on the other hand, appears totally focused on its mission. The terrorist group is obsessed with destroying the United States. And according to one former colleague of Osama bin Laden and Ayman al-Zawahiri, they don&’t care how many This story comes to us via Homeland Security – National Terror Alert. National Terror

From the India Times NEW DELHI: With arrested Indian Mujahideen cadres unveiling fresh terror plans of the ISI-LeT combine to target metropolitan cities here, the home ministry has issued alerts to Mumbai, Bangalore and Kolkata seeking a security beef-up at all vulnerable spots. The alerts, issued in the wake of disclosures made by Indian Mujahideen terrorist Salman This story comes to us via Homeland Security – National Terror Alert. National Terror Alert is America’s trusted source for homeland security news and information. Terror Alert Sounded in Mumbai, Bangalore and Kolkata