My Postmodern Openings paper went live.

My paper on threats to emerging financial entities went live a couple of weeks ago. It's in volume VII, issue 1 of the journal Postmodern Openings and can be read in its entirity here as a downloadable PDF file. I've taken the liberty of uploading a second copy here for archival purposes.

The paper is published under a Creative Commons By Attribution/Noncommercial/No Derivatives license.

My paper about threats to emerging financial entities passed peer review and will be published.

As you may or may not remember, late last year I presented via telepresence at the Nigeria ICT Fest, where I gave a talk about security threats to emerging financial entities. Following the conference I was invited to turn my presentation into an academic paper for an open-access, peer-reviewed journal called Postmodern Openings which is published on a biannual basis. Postmodern Openings seems to publish a little bit about everything, from the ethics of advertising to children to lessons learned from studying the economic systems of entire countries to the anthropological ins and outs of caring for children with chronic …

Read more...

DefCon 22 presentation notes

Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.

One Man Shop: Building an Effective Security Program All By Yourself - Medic

  • Integrate with environment
  • Continuous monitoring
  • People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
  • Compliance, per usual, means dick in the final analysis
  • Roughly five year plan w/ deliverables
  • Needs organizational supprt. Still answers to the Business.
  • Supports, !replaces Business
  • Security will not mature past …
Read more...

The TSA is listening to the people, all right...

I was originally going to fold this into my follow-up post on the TSA's "get imaged by a pornoscanner or get felt up by a screener" policy but I think this deserves to be brought up by itself, lest it get lost in the noise.

The US TSA is most certainly listening to everyone pushing for them to stop degrading people and do something which actually increases security. They are paying attention. And they have decided to say that everyone kicking up a fuss is a threat. The high points of an internal TSA document were sent anonymously to a …

Read more...