Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Über Alles? →

April 03, 2015 by Marc Handelman in All is Information, Blatant Stupidity, DevOps, Enterprise Management, Information Security, Infosec Policy

Interesting Uber vs. John Doe (in this case GitHub) case, whence Uber issues what is fundamentally a Your Papers Please subpoena through a magistrate and demands records closely held by GitHub through the courts.

In this case, access has been granted by the magistrate permitting examination of the two Gists at GitHub, containing the unfortunate error made by Uber employees (whence an Uber developer/dba included internal passwords on a very public Gistto internal databases.

Uber argued (successfully - mh) during the hearing that the two Gist posts (both of which have been offline since the lawsuit was filed) should have had very little traffic, and the data on who visited them "should generally reveal people, who were affiliated with Uber and who worked on the Uber code near the time of the unauthorized download." - via El Reg's Kieren McCarthy

April 03, 2015 /Marc Handelman
All is Information, Blatant Stupidity, DevOps, Enterprise Management, Information Security, Infosec Policy

I Hunt SysAdmins

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Data Security, Data Loss Prevention, Enterprise Management, Information Security

This Shmoocon presentation by Will Schroeder is a classic. Today's' MustSee security video.

February 13, 2015 /Marc Handelman
All is Information, Compute Infrastructure, Data Security, Data Loss Prevention, Enterprise Management, Information Security

Box Crypto, Key Conveyance →

February 13, 2015 by Marc Handelman in All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security


Well now, this is good news [of coursepurely dependent upon where your place is within the transaction, and future issues of both key management and governance related challenges] as Box has commenced with provisioning customers with their encryption keys. Gotta admire the transfer of risk in this action, all under the guide of enterprise key management...

'Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.' ArsTechnica's Jon Brodkin
February 13, 2015 /Marc Handelman
All is Information, Compute Infrastructure, Cryptography, Data Security, Encryption, Enterprise Management, Information Security, Infosec Policy, Cloud Security

Government of Canada, Data From Canada Mandated To Remain In Canada →

February 02, 2015 by Marc Handelman in All is Information, Common Sense, Commerce, Compute Infrastructure, Data Loss Prevention, Cryptography, Database Security, Data Security, Encryption, Enterprise Management, Government, Information Security, Security Governance, Canada

Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).

 

February 02, 2015 /Marc Handelman
All is Information, Common Sense, Commerce, Compute Infrastructure, Data Loss Prevention, Cryptography, Database Security, Data Security, Encryption, Enterprise Management, Government, Information Security, Security Governance, Canada

Highly Sensitive →

January 30, 2015 by Marc Handelman in All is Information, Blatant Stupidity, Data Security, Enterprise Management, Information Security, Security Failure

GitRob, or How You Too Can Scan GitHub for Sensitive Files.

 

January 30, 2015 /Marc Handelman
All is Information, Blatant Stupidity, Data Security, Enterprise Management, Information Security, Security Failure

Securosis' Toddle

January 27, 2015 by Marc Handelman in All is Information, Common Sense, Communications, Enterprise Management, Information Security, Vulnerabilities

In an outstanding video piece,  the Gentlemen of Securosis contemplate the apparent second childhood of  Goggle, Inc.  (NasdaqGS: GOOG) and  Microsoft Corporation (NasdaqGS: MSFT).

January 27, 2015 /Marc Handelman
All is Information, Common Sense, Communications, Enterprise Management, Information Security, Vulnerabilities

Le Affront du Journée: Target Claims No Liability

September 08, 2014 by Marc Handelman in All is Information, Cybernetic Crime, Data Security, Enterprise Management, Information Security, Network Security, Physical Security

via the Office of Inadequate Security, comes news [reported by Tom Webb of the Pioneer Press in Minneapolis, MN] of Target Corporation's [NYSE: TGT] attempt to transfer risk to it's clientele [and others, with potentially deeper pockets]; mon dieu! après le fait, as it were...

September 08, 2014 /Marc Handelman /Source
All is Information, Cybernetic Crime, Data Security, Enterprise Management, Information Security, Network Security, Physical Security

Line in the Sand

September 02, 2014 by Marc Handelman in All is Information, Enterprise Management, Government, Information Security, Intelligence, National Security, Right to Privacy

Apparently, Microsoft Corporation (NasdaqGS: MSFT) has drawn a proverbial line in the sand...

September 02, 2014 /Marc Handelman /Source
All is Information, Enterprise Management, Government, Information Security, Intelligence, National Security, Right to Privacy

Emorys' Error

May 17, 2014 by Marc Handelman in Information Security, Enterprise Management

How not to use SCCM...

May 17, 2014 /Marc Handelman
Information Security, Enterprise Management