jump to navigation

UPDATE: “Fast & Furious”; Remember Brian Terry – Killed December 15, 2010 April 27, 2012

Posted by Chris Mark in Industry News.
Tags: , , , , , , ,
add a comment

UPDATE: Fox news is reporting that “House GOP leaders said Friday they are pursuing a plan to hold Attorney General Eric H. Holder Jr. and the Justice Department in contempt for “stonewalling” them over information regarding the administration’s failed Fast and Furious gun-tracking program.” 

Brian Terry and I served together in the US Marines in the early 1990’s.  He was a good friend, a good Marine and a good person.  After the Marines Brian went on to be a police officer and Border Patrol Agent and member of the Border Patrol Tactical Unit (BORTAC). On December 15th, 2010 he was killed by border bandits armed with AK 47s.  Brian was armed only with ‘less than lethal’ weapons.  The weapons used to kill Agent Terry were later confirmed to be part of the ATF Fast & Furious program in which weapons were allowed by the ATF to be purchased and smuggled into Mexico.   This program was endorsed by current Atty General Eric Holder.  This is not a political post.  Please remember Agent Brian Terry and, if possible, purchase a bumper sticker or t-shirt in remembrance of him.  www.RememberBrianTerry.com

Chris Mark Speaking in London- “Hactivists, CyberSpies, & Thieves: Risk & Data Centric Security” April 18, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

On June  19th, Chris Mark (that is me;) will be hosting a workshop at the CISO Intelligence Forum: Energy in London, England.  My particular workshop will be titled: “How to select a security vendor”Not really..that was a bad joke 😉 (security geeks get it).  The 1/2 day workshop will be titled: “Hactivists, CyberSpies, and Data Thieves: A Discussion of Risk & Data Centric Approaches to Security”.  You can download the brochure here.  While my own workshop is sure to be the most well attended (another bad joke), I do have to give some props to the other speakers.  This event has some top shelf talent shelf talent speaking including speakers from the PCI SSC, Lanco, SOCA, and Northrup Grumman, among others.  If you are looking for solid information on data security in the energy segment, this is the place to be.

(UPDATE)-“Interesting” Logic & Analysis – Verizon’s 2012 Data Breach Report April 17, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, terrorism.
Tags: , , , , , , , ,
2 comments

I received a very insightful comment from one of the Verizon authors and thought it prudent to share. I think this explanation is very helpful for companies looking at infosec controls.  Here it is, in part(emphasis added): “You make a valid point about the fact that a determined attacker would simply try again if the first attempt failed. However, our finding that most breaches are avoidable through relatively simple controls doesn’t overlook this as you suggest. Our data show that most criminals aren’t determined to breach a particular victim and likely won’t try again if met with decent resistance. In fact, the extreme opportunistic nature of target selection means they likely won’t even be attacked w certain controls in place because automated probes will skip on down the street after jiggling the door handle a bit.  You can read the full comment, in ‘comments’.  The entire post is you continue reading. (more…)

Another Total Security Failure!?- 750K Socials Stolen in Utah April 10, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

(RANT ALERT) While everyone is fighting over who gets to eviscerate Global Payments in the press today, a major breach of sensitive data goes unnoticed.  For the record…Credit Card theft is NOT identity theft.  Steal my credit card every day of the week…I have zero liability. Do NOT steal my social or passport or drivers license. We seem to be focused on the wrong data at times. I live in Utah and am pretty sure my wife, and my own 2 year old son’s Social was included in this breach.

Today on Foxnews.com a story was posted about how hackers stole “hundreds of thousands of social security numbers” from the Utah Health Department.  Well…this is not entirely accurate.  The data thieves did steal the Socials but they also stole medical information and other personal information such as names, addresses etc.  The total number of records is nearing 900,000.  Here is my beef…according to  the story: (more…)

“Privacy, Terrorism, Blowback, and Crime” – Where to start? April 10, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.
Tags: , , , , , ,
add a comment

There is an interesting story on the front page of Foxnews this morning where a self-proclaimed patriot hacker who calls himself “The Raptor” is “…waging his own war on terror..” by taking down online forums used by Al Qaeda sympathizers.  Certainly, known, and admitted terrorist organizations are not in the public interest. This blog is not justifying their position their tactics, or anything else they do.

The purpose of this post is to question the value of an individual (if you believe his tweets) taking unilateral action and then basking in the attention given to his actions. While vigilante actions may have a visceral appeal to many (including this author, at times) do actions such as this exacerbate the situation?  Additionally, one has to ask whether he is right in taking unilateral action?  As an American my gut reaction is to applaud the person but upon closer review, I don’t know if his actions are positive or altruistic.

In espionage there is a term called Blowback that refers to the unintended consequences of a covert action.  (more…)