I say

How an email hacker ruined my life and then tried to sell it back to me
As previously noted, you get what you pay for.  There is a reason that one has to keep passwords secure.

The real irony in these anonymous web mail systems is what happens if you want to reset your account and you don't have your own password.  One can enroll in gmail, yahoo mail, tiscali or whatever with no outlay and no identity checks.  If one then, say, forgets the password and you want to close the account you end up in the bizzarre world where the mail company wants you to prove who you are.

There has to be a better way.

The problem that we have is the number of passwords we need to recall so there are bound to be overlaps.

One option is to register your own domain and then to pay £30 per month for a small company to manage your mail for you.  Then if something goes wrong, you know you can speak to a real person.

InfosecChap

‘Sexting’: Perceptions, Realities & Indecent Images of Children
It is indeed a scary world.  There is a toxic combination of Parent + Photographer + PC that should send a chill up all our spines.

But the combination of Adolescent+Hormones+Camera equals Register.

Scary world.
 
Hacking Activity Detected By Sony
Protective Monitoring and SIEM is supposed to be the new silver bullet.  It's getting the governent all fired up.

Looks like Sony's attempt is working.  Just in time!

InfosecChap

Where Can I Learn More About Computer And Internet Security? #2 Naked Security
Agreed.  The Sophos blog is one of the best out there.  They are obviously spending money to generate good content and they seem to allow their employees the freedom to pursue their own interests.

How many people do they have working for Sophos and how many on the blog.  An interesting metric would the percentage of researchers vs bloggers vs staff.  Even the big consultancies don't seem to have this level of commitment.  I can only assume that Sophos employ people who are bloggers and who can make a name for themselves.

I do wonder what the editorial control from Sophos is, though.  I know many companies that would love a high quality blog but they just won't let their staff run loose.

HP also have a good blog, though the recent Mary Anne Davison spat on the Oracle blog shows how sometimes things do get interesting.

Naked Security?  Try Naked Mentalism too!
chin chin
@infosecChap
Technical Whitepaper - "Tracking Performance of Software Security Assurance - 5 Essential KPIs"

Agree entirely about using KPIs, though I wonder how one relates software defects to security vulnerabilities?  Is it possible to have zero defects but to have plenty of vulnerabilities?  Or to have no vulnerabilities but still to have defects.  Or are the defects only security defects, in which case fair point.

I'd be interested to know how this works in reality:  I suspect that most software producers just want to get their product into production, rather than undertake vast historical analytics.  When I read the title I expected a view on SIEM; I'd be interested to know what operational security KPIs you are currently using, other than patching perhaps.  I guess that having all in one place would enable an holistic approach to be implemented.

InfosecChap