Law, Internet and Accountability

This statement from Judge White (Bank Julius Baer vs Wikileaks suit) exposed how difficult it is for the legal system to deal with Internet litigations.

WE live in an age when people can do some good things and people can do some terrible things without accountability necessarily in a court of law.

United States District Judge Jeffrey S. White

Mozilla Security Blog

In 2006, I posted the following request in bugzilla:

I'M an Information Security Professional and I try to maintain informed with the latest security news. But today Firefox surprise me when asked to install a security update (1.5.0.3) that I wasn't expect. I think it is necessary a communication channel between Mozilla security team and Security Community, like "Microsoft Security Response Center Blog" (http://blogs.technet.com/msrc/). So, we (security professionals) could get information to assess the security risks, define workaround strategies and prepare to update Firefox and others Mozilla's applications quickly and cleanly.

Mozilla folks probably didn't create their security blog inspired by me, anyway it is a nice initiative from them.

• Mozilla Security Blog

Four steps CSO

1. Find the top 3 business security threats;
2. Define controls to handle them;
3. Verify their effectiveness;
4. Go to step 1.

Where are the frauds from identity thefts?

This list is insightful. The author suggests the 19 worst security breaches in 2007, all of them related to identity theft. But only one is about a fraud committed using stolen data. With so many incidents, where are the impacts from these thefts?

• The Worst IT Security Breaches of 2007

ROSI marketing

Now, I am a ROSI guy, 'cause I am not like these terrible security groups.

And I wanna be like these pristine security groups.

Seven myths about information security metrics

A careless reader should not judge by its title, if he did, he wouldn't waste his precious time with an article "à la Digg" ("5 Myths of this", "Top 10 Reasons to that", "9 Tips to this & that"). The truth is, this is the best security metric article that I ever read, by far.

• Seven myths about information security metrics (by Dr Gary Hinson)

Blog ...

"IN which shall be made known my deeds of fame, worthy to be moulded in brass, carved in marble, limned in pictures, for a memorial for ever."

Security Bloggers Network

I discovered SBN in Augusto's blog.

• Security Bloggers Network