Archive
AES-256 and Reputational Risk
I came across this excellent article while looking for something different. Dr O’Connor succinctly sums up the idea of impossible, and more impossible when talking about the relative key lengths of encryption algorithms.
Reputational risk is something that everyone understands, particularly businesses who regard their brand as one of their most critical assets. There is considerable trust in the security of AES-256, both in the public and commercial sectors. Reputational risk to AES-256 has a very high impact, and we therefore hope, a very low likelihood of occurrence.
Evesdropping in airports…
I was flying this week between offices, and being travel-bored and a nosy so-and-so I zeroed in on an extremely loud conversation taking place between a fellow traveler and what must had been his Bangalore helpdesk.
A typical situation, middle aged gent in a sports jacket and slacks, reasonable shoes though needing cleaning, expensive watch etc. Blackberry glued to the side of his face, Glass of airport Merlot on the table. Read more…
Google ChromeOS – Browser wars spill over into the OS world..
By now you’d have to be living in a cave not to have heard the press from Google re their new Chrome OS. First mentioned by Sundar Pichai on the GoogleBlog, news has been spreading like wildfire with even sites like BBC News picking up the story.
Why is this so important? Well, it’s one of those rare occasions when someone releases or announces something which could really change the way we use computers, and of course it’s also something that could really compete with Microsoft. Whether you accept Chrome OS will be a completely new OS, or whether you’re one who believes that Chrome OS is just going to be a user friendly redistribution of a *nix platform with a cool UI and application load, it’s still very interesting news. Read more…
Changes to PII and PCI regulations in Nevada
This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.
The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…
Founder and CEO of EBank steals 200bn to fund a downpayment on a house.
Ok, if you’re worried this is another Madoff story calm down – the likelihood is that your greens are still safe.
Following on from my recent post on Gold Farming, I thought I’d mention the case in early June of the CEO of the on line bank EBank in the game “Eve Online” – now, before you hit back in frustration about another irrelevant “game” article, think about this – CEO Ricdic cashed out some 200 billion credits of stolen virtual money from the bank he founded, and used the resulting US$6000 hard cash to pay medical bills and put a down payment on a house – yes, a REAL house, in the REAL world. Read more…
China takes steps to criminalize “Gold Farming”
Gold Farmers (apparently)
This week the Ministry of Commerce for The Peoples Republic Of China joins Korea in announcing a new initiative to implement controls on the conversion of virtual to physical currency. The press release on the MOFCOM site highlights the scope of the problem:
According to media reports, the virtual money trade topped several billion yuan (¥1B=US$146M) last year after rising around 20 percent annually.
Though this move seems to be targeted towards individuals bypassing tax payments by transacting online money for real goods and services, it also touches on the greater problems of CyberLaudering and Gold Farming. Read more…
Are we really too dumb to handle protected data?
Following on from my posts on how identitiy / personal data theft protection should be considerd a personal goal of everyone carrying around such information, I thought I’d solicit your opinions – Are we really too dumb to handle password protected information?
UK “has cyber attack capability”…
Last week in England Lord West (Parliamentary Under-Secretary for Security and Counter-terrorism) indicated that the UK has the ability to launch cyber-attacks. Though his interview was very thin on facts and details, he made some interesting comments that GCHQ (The British Government’s communications and information systems arm in Cheltenham, UK) have former “naughty boys” in its employ, and that:
“It would be silly to say that we don’t have any capability to do offensive work from Cheltenham, and I don’t think I should say any more than that”
Interesting indeed, but I’d liked him to at least tell me something about what the government could do that the average hacker could not. Do they have more resources than the average bot net for example? Read more…
Cornell University looses 45,000 records..
datalossdb.org entry / Cornell University Entry
Another typical notification of data loss by an educational establishment. In summary, the personal details of around 45,000 current and former students and staff were lost when the laptop containing them was stolen.
Cornell have been very open with the facts of the matter, their site talks about what they have, and will do about it, and the help they are offering people affected. They also mentioned that their policy is that such data should be either encrypted, or in a secure location. Two things they admit this particular member of staff violated. Read more…
Something is Rotten in the State of Data…
To encrypt, or not to encrypt: that is the question.
Whether ’tis nobler in the mind to suffer
The slings and arrows of user nonacceptance,
Or to take arms against a sea of exploits,
And by opposing end them? To encrypt: to authenticate;
No more; and by authenticate to say we end Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments