What we're reading, week of 10/27

From Schneier on Security… Barack Obama Discusses Security Trade-Offs Bruce Schneier uses a remark from Obama to illustrate his philosophy on security systems and how to manage them: “the person in charge of the security system can’t be the person who decides what resources to devote to that security system.” From Zero Day… “Joe the Plumber”’s data compromised by government insider Adam O’Donnell writes about the latest in political data leakage incidents – test accounts have been used to access motor vehicle and record data for Joe Wurzelbacher. From Security Fix… Microsoft to Issue Emergency Security Update Today Brian Krebs comments on Microsoft’s out-of-cycle patch release, giving updates on the particular vulnerabilities (and rumors of vulnerabilities) that have motivated this immediate...

What we’re reading, week of 10/27

From Schneier on Security… Barack Obama Discusses Security Trade-Offs Bruce Schneier uses a remark from Obama to illustrate his philosophy on security systems and how to manage them: “the person in charge of the security system can’t be the person who decides what resources to devote to that security system.” From Zero Day… “Joe the Plumber”’s data compromised by government insider Adam O’Donnell writes about the latest in political data leakage incidents – test accounts have been used to access motor vehicle and record data for Joe Wurzelbacher. From Security Fix… Microsoft to Issue Emergency Security Update Today Brian Krebs comments on Microsoft’s out-of-cycle patch release, giving updates on the particular vulnerabilities (and rumors of vulnerabilities) that have motivated this immediate...

Biometrics for VPNs

Last week, NCP announced biometric security support for VPNs. We’re interested in hearing stories of how organizations have integrated biometric security technology with their VPNs, and how it has gone. Were there any major obstacles to implementation? Measurable improvements? New challenges this technology has created? Best practices you’d like to...

Security versus compliance

In Massachusetts, legislation has just passed on an “Order Regarding the Secuirty and Confidentialty of Personal Information.” The measures contained within are intended to hold the state’s government bodies accountable for adhering to practices that protect against consumer identity theft. Especially of interest is Section 4, which calls for the Commonwealth’s CIO to oversee the guidelines, plans, reporting and auditing of each agency. The order calls, in particular, for a lot of auditing. This brings to mind Martin McKeay’s excellent discussion of compliance through security. Are these compliance regulations the right approach to preventing ID theft? Is there any realistic...

What we're reading, week of 10/20

From WindowSecurity.com… Security in the Mobile Device Era Deb Shinder discusses the security considerations and solutions for Windows Mobile devices, as well as the challenges that arise when using non-Windows devices in a corporate mobile network. From IT Security… Vulnerability Blog Roll IT Security compiles a list of today’s most newsworthy security vulnerabilities. From Emergent Chaos… Discipline and Art Adam Shostack writes about the particular paradoxes that plague the mindset of a security...