Über Alles? →

April 03, 2015 by Marc Handelman in All is Information, Blatant Stupidity, DevOps, Enterprise Management, Information Security, Infosec Policy

Interesting Uber vs. John Doe (in this case GitHub) case, whence Uber issues what is fundamentally a Your Papers Please subpoena through a magistrate and demands records closely held by GitHub through the courts.

In this case, access has been granted by the magistrate permitting examination of the two Gists at GitHub, containing the unfortunate error made by Uber employees (whence an Uber developer/dba included internal passwords on a very public Gistto internal databases.

Uber argued (successfully - mh) during the hearing that the two Gist posts (both of which have been offline since the lawsuit was filed) should have had very little traffic, and the data on who visited them "should generally reveal people, who were affiliated with Uber and who worked on the Uber code near the time of the unauthorized download." - via El Reg's Kieren McCarthy

I Hunt SysAdmins

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Data Security, Data Loss Prevention, Enterprise Management, Information Security

This Shmoocon presentation by Will Schroeder is a classic. Today's' MustSee security video.

Box Crypto, Key Conveyance →

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security

Well now, this is good news [of coursepurely dependent upon where your place is within the transaction, and future issues of both key management and governance related challenges] as Box has commenced with provisioning customers with their encryption keys. Gotta admire the transfer of risk in this action, all under the guide of enterprise key management...

'Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.' ArsTechnica's Jon Brodkin

Government of Canada, Data From Canada Mandated To Remain In Canada →

February 02, 2015 by Marc Handelman in All is Information, Common Sense, Commerce, Compute Infrastructure, Data Loss Prevention, Cryptography, Database Security, Data Security, Encryption, Enterprise Management, Government, Information Security, Security Governance, Canada

Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).

Highly Sensitive →

January 30, 2015 by Marc Handelman in All is Information, Blatant Stupidity, Data Security, Enterprise Management, Information Security, Security Failure

GitRob, or How You Too Can Scan GitHub for Sensitive Files.

Securosis' Toddle

January 27, 2015 by Marc Handelman in All is Information, Common Sense, Communications, Enterprise Management, Information Security, Vulnerabilities

In an outstanding video piece, the Gentlemen of Securosis contemplate the apparent second childhood of Goggle, Inc. (NasdaqGS: GOOG) and Microsoft Corporation (NasdaqGS: MSFT).

Le Affront du Journée: Target Claims No Liability

September 08, 2014 by Marc Handelman in All is Information, Cybernetic Crime, Data Security, Enterprise Management, Information Security, Network Security, Physical Security

via the Office of Inadequate Security, comes news [reported by Tom Webb of the Pioneer Press in Minneapolis, MN] of Target Corporation's [NYSE: TGT] attempt to transfer risk to it's clientele [and others, with potentially deeper pockets]; mon dieu! après le fait, as it were...