If ever there was a time when I absolutely wished I was more an expert in cryptography, this is it: http://www.nytimes.com/2012/11/24/world/europe/code-found-on-pigeon-baffles-british-cryptographers.html?hp Continue reading
Author Archives: David Sheidlower
Reflections on certification, part 1
In his essay, “Disabling Professions”, Ivan Illich writes, “Let us first face the fact that the bodies of specialists that now dominate the creation, adjudication and implementation of needs are a new kind of cartel….Professionals assert secret knowledge about human nature, knowledge only they have the right to dispense.” When he wrote the essay, certifications … Continue reading
Most e-mailed article
This morning’s most e-mailed article in the on-line version of the New York Times is Nicole Perlroth’s “how to devise passwords that drive hackers away”. It is a somewhat apocalyptic piece that assures you you will get hacked and provides some standard advice (“forget the dictionary”) on constructing and managing strong passwords. http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?src=me&ref=general It leaves … Continue reading
Be the change you want to see in your password
Widespread skepticism about the strength of single factor authentication increased dramatically as it actually became single factor. One of the things about authentication is that it is often described in a vacuum, as if the user was in a lab. Even in popular culture, this is known/shown to be unrealistic. There are scores of movies … Continue reading
Originally posted on {Cyber Security}:
An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this does not…
Reflections on certification part 1.5
Looking forward to December 8, 2012. I’m going to take the Certified Information Security Manager exam from ISACA (I’m already a CISSP and thought I’d expand the letters to the right of the comma after my name). I know COBIT pretty well and so I know what I expect from ISACA. In general, they structure … Continue reading
Hack on South Carolina data: criminal; act of international cyber terrorism: huh?
[note: the links are no longer active, apologies] In this example, the press takes advantage of recent comments about a “cyber Pearl Harbor” and implies that what looks like a case of identity theft for the purposes of tax and credit card fraud is an international cyber attack on the U.S. by our enemies. The press release … Continue reading
Tellers of tales and Debunkers of myths
An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this does not mean they need to be … Continue reading
US Privacy Law chaos
Dr. Solove illulstrates the core of the problem. http://www.linkedin.com/today/post/article/20121024165918-2259773-the-chaos-of-us-privacy-law Continue reading
SWAT Teams, Power Rangers and Nerds with an edge
As you work in the Information Security field, you realize you can classify your peers into three groups. I guess the title gives away what they are. But it is true. You have the mil-intel-nation-state-attack-vector types. They think of Information Security as an extension of warfare in virtual space. They are often very strong on … Continue reading
{Cyber Security} 