Shostack + Friends Blog Archive

 

Small Bits of Chaos

  • Los Angeles Consumers File Class Action Lawsuit Against Used-Car Dealer Drive Time For Allegedly Leaking Their Private Financial Information to Unauthorized Third Parties.”
  • Down To Business: Time To Get Tough On Security Slackers” Rob Preston in Information Week, “Perhaps if the VA secretary faced personal fines or jail time for that foot dragging, those security measures would have been put into practice long ago.”
  • Speaking of those clowns at the VA, they’re trying to convince 12% of adult Americans that they’re safe because “Stolen VA Data in Unusual Format.” [link to http://www2.csoonline.com/blog_view.html?CID=21657 no longer works] (At CSO Online.) Oooh, unusual formats. What is it, SAS or SPSS?
  • Tom Maddox’s analysis (“Identity Theft, in Arizona & Elsewhere“ - link to http://blog.opinity.com/2006/05/identity_theft_.html no longer works) of the numbers in “Technology and Easy Credit Give Identity Thieves an Edge” is worth reading. Don’t miss the money snark:

    “Well, hell, folks, no wonder you’re leading the country in identity (or credentials) theft.”

  • Crashing the Wiretapper’s Ball” [link to http://www.wired.com/news/technology/1,71022-0.html no longer works] by Thomas Greene is about how Greene showed up at a wiretappers conference, and was confronted by someone who said his engineers were just following orders just doing their jobs: “Now leave these guys alone; they make a product, that’s all. It’s nothing to them what happens afterward.” Maybe they should read the ACM code of ethics. Now leave these guys alone; they make a product, that's all. It's nothing to them what happens afterward.
  • Bruce Schneier argues again that we should “Make Vendors Liable for Bugs.” [link to http://www.wired.com/news/columns/0,71032-0.html?tw=wn_index_3 no longer works] I’d like to know which bugs, without enriching the lawyers. We’ve had the general suggestion for a while, let’s get some specifics out there. (I’ve talked about this before in “Following Up ‘Liability For Bugs’.”)

Originally published by adam on 3 Jun 2006
Last modified on 26 Apr 2018
Categories:   breach analysis   Legal   NSA Wiretaps  

One comment on "Small Bits of Chaos"

  • Phill says:
    4 Jun 2006 at 3:57 pm

    I read the Bruce article, its the same old stuff. I really don’t think the argument is thought out at all. Its net populism, a simplistic pseudo-solution to a complex problem. The software vendors are not the people who are dragging their feet on security. I did a longer piece on my own blog

Comments are closed.