Today's Bits consists of more risk assessment talk, biometrics and passports, secure code by demand, compliance vs security, builders and breakers in software security, DEFCON CTF, how SSL works, PCI and security, a good way to quantify risk and an argument that one pass data wipe is enough. Details below.

  1. Part 3 is up of Chris's assessment.
    Risk Scenario - Hidden Field / Sensitive Information (Part 3 of 4) << Risktical Ramblings
    Tags: ( risk assessment fair )
  2. Get ready to get your fingers inked when you apply for a passport in the E.U. (Okay, there are inkless methods bow. Not near as much fun to write scanned though.)
    Biometric passports agreed to in EU - Network World
    Tags: ( privacy )
  3. Folks, it just isn't this easy. Unlike Picard, we can't just "make it so."
    New York drafts language demanding secure code
    Tags: ( general )
  4. Compliance does not equal security. Never has and never will. Good thought in here.
    Using The Compliance Stick Actually Weakens You | RiskAnalys.is
    Tags: ( risk compliance )
  5. An interesting argument, which I happen to agree with, by Jeremiah about the need to both builders and breakers when it comes to software security.
    Jeremiah Grossman: Builders, Breakers, and Malicious Hackers
    Tags: ( general opinion )
  6. Ever wanted to run a CTF? Defcon needs to talk to you. Be warned, we are talking about a granddaddy of a CTF.
    DEFCON 17 CTF Call for new Organizers! - Defcon Forums
    Tags: ( defcon ctf )
  7. A real nice basic introduction to how SSL works.
    Security Workshop: How HTTPS/SSL works Part 1 - Basics
    Tags: ( ssl )
  8. A nice post by Anton that I found via Alex over at riskanal.is. Repeat "Security First."
    Anton Chuvakin Blog - "Security Warrior": Tales From the "Compliance First!" World
    Tags: ( pci compliance )
  9. Adam has a great post up on the Security Catalyst blog. The KISS principle in action.
    The Breach-Stamp Metric : The Security Catalyst
    Tags: ( risk communication )
  10. A nice article with some hard data on the effective of data retrieval off of a drive which has been effectively wiped. Effectively here meaning with only one pass.
    Overwriting Hard Drive Data << SANS Computer Forensics, Investigation, and Response
    Tags: ( data disposal )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.


Reblog this post [with Zemanta]