One of the easily recognized weaknesses in any system is the user. We want to be gentle, compassionate and nice about how we document this but it doesn’t change the reality that human designers, architects, engineers, developers and users bring with them some of the most exploited weaknesses. Security struggles with problems from this vector… Continue reading Scaling security
Author: Dude
Compliance ≠ risk management or security
Who hasn’t heard about the Target/Neiman Marcus/<unknown number of other retailers that got POS-hacked? The apparent method of capturing this data was to RAM-scrape the Point-of-Sale (POS) systems before the data was encrypted. Let’s not get into that; everyone and their brother will tell you about it. What I want to make a point… Continue reading Compliance ≠ risk management or security
Target Breached Multiple Ways – 20% Profit Loss for Holiday Qtr
According to a Wall Street Journal article, Target endured breeches to both its Point Of Sale (POS) systems and another system. The POS breech affects up to 40 million Target customers’ data, including the theft of credit or debit card and PIN numbers. This newly revealed breech increases the number of customers affected by… Continue reading Target Breached Multiple Ways – 20% Profit Loss for Holiday Qtr
Marketplace Analytics … When Knowing Data About You May Benefit You
While reading ComputerWorld’s Fueled by Analytics article in their December 2nd edition I was struck by the company’s use of data collection and analytics to deliver “… cars that most customers want most of the time.” The article immediately thereafter points out that Ford’s Smart Inventory Management System (SIMS) has profited the company thus far by… Continue reading Marketplace Analytics … When Knowing Data About You May Benefit You
Holy Poop! Mandiant. Sold?
NY Times reports ”… Mandiant is being acquired by another major player in the space .. FireEye, Inc. ….” for almost $1bn US dollars. Mandiant is a relatively small company that does HUGE sales to large corporations for security consultation.