Illustrations, etc.

Here are some of the news items that caught my eye because they're interesting but also you can glean good points from them:

Does this woman look contrite to you? This article from the SF Chronicle explains how a victim of ID theft chased down the thief (pictured here) herself. Crazy. Turns out she had done this before - a lot, yet she got off with a pretty light punishment so she's likely to continue. Bottom line: Deterrence only works when the criminals perceive a reasonable likelihood of getting caught AND of being punished when they are AND the punishment is painful enough to be motivational. Since the first two are pretty low, the last one, needs to be significant if you want to affect desired behavior.

Love this article from the SF Chronicle about digital picture frames that were infected out of the box! People bought them, gave them as gifts for Christmas, etc. and as soon as they connected them, malware was loaded onto their computers. This is a great example of a unique vector (channel for spreading malware).

    __________________________


    Here are a couple of great infoSec comics I've run across:

    Funny but also illustrates the crazy password games we play

    and from "Monty":

    Illustrates the point about the defense being only as strong as the weakest link, literally in this case

    __________________________

    Here's a remarkable video - an episode of "Welcome to the Scene", one of the earliest Internet-based series. "The Scene" is slang for the underworld black market, trafficking unlicensed digital content, eg. boot-legged music & video. This episode depicts a frenzied hacking session by the main character trying to cover up evidence of his participation in illegal trafficking. It's surprisingly gripping and suspenseful, despite being 90% texting rather than speaking, and it sheds some light on how hacking works, as well as the illegal content trafficking world. You might even want to watch the whole series. Note: You have to use the VLC player which you can download at the site if you don't already have it.

    __________________________



    So a few years ago there was this CourtTV series called Tiger Team but it lasted only two episodes. Too bad because it's really fascinating and fun to watch - it's reality TV, showing these guys doing penetration testing.
    In this first episode, they're hired by an exotic car dealership. The manager has just installed some fancy security equipment and doubts they can get in, let alone steal a car. 


    In the second one their client is a super high-end jewelry store. Each about 22 min, these are entertaining but also instructive, illustrating the management perspective, eg. employees getting "social engineered", management overly confident in high-end technology rendered ineffective due to sloppy installation, etc. They definitely make the points about layering your defenses, identifying the weakest link, and security being more about management than technology. In addition they're convincing evidence of the value of hiring pen-testers!

    __________________________








      Subscribe to: Posts (Atom)