You can't secure what you don't acknowledge.SM

Thursday, June 10, 2010

iPad "breach" - another sensationalistic Web flaw

NewsFactor has a nice piece on the recent AT&T iPad "breach" that tells the story of how a code on AT&T's site was cracked exposing email addresses of iPad users. So, some criminals gleaned some email addresses from a telecom provider...In the grand scheme of things: big deal.

I agree with Sophos' Paul Ducklin - I think this is being overblown...just like the sensationalism brought forth by my recent bit on CSRF.

Sure, it's an exploit and shame on AT&T for not finding it before someone else did. But, in the end, it's about priorities and level of exposure - you know, all that boring behind the scenes stuff that no one bothers to mention.

Monday, June 7, 2010

Oil and infosec, a marriage made in heaven?

Here's a funny - and ironic - pic a friend of mine just forwarded me.


























Need I say more?

Also, I have on my desk the March 8, 2010 edition of InformationWeek (great mag by the way) that has BP as its cover story. A call out quote says:

"Two years ago, BP CEO Tony Hayward laid some very tough love on his 500 top managers. Despite revenue of about $300 billion, the energy company had become "a serial underperformer" that had "promised a lot but not delivered very much." Here's how CIO Dana Deasy responded."

Promise a lot a not deliver very much - the security mantra of all too many businesses!

I'm sure Obama and his government minions will be able to fix it all. Seriously, I hope someone does. This oil mess is a pretty big blow to Newt Gingrich's Drill Here Drill Now Pay Less that I was so pumped up about. Really a cruddy situation all around.