How an email hacker ruined my life and then tried to sell it back to me
As previously noted, you get what you pay for. There is a reason that one has to keep passwords secure.
The real irony in these anonymous web mail systems is what happens if you want to reset your account and you don't have your own password. One can enroll in gmail, yahoo mail, tiscali or whatever with no outlay and no identity checks. If one then, say, forgets the password and you want to close the account you end up in the bizzarre world where the mail company wants you to prove who you are.
There has to be a better way.
The problem that we have is the number of passwords we need to recall so there are bound to be overlaps.
One option is to register your own domain and then to pay £30 per month for a small company to manage your mail for you. Then if something goes wrong, you know you can speak to a real person.
InfosecChap
‘Sexting’: Perceptions, Realities & Indecent Images of Children
It is indeed a scary world. There is a toxic combination of Parent + Photographer + PC that should send a chill up all our spines.
But the combination of Adolescent+Hormones+Camera equals Register.
Scary world.
Hacking Activity Detected By Sony
Protective Monitoring and SIEM is supposed to be the new silver bullet. It's getting the governent all fired up.
Looks like Sony's attempt is working. Just in time!
InfosecChap
Where Can I Learn More About Computer And Internet Security? #2 Naked Security
Agreed. The Sophos blog is one of the best out there. They are obviously spending money to generate good content and they seem to allow their employees the freedom to pursue their own interests.
How many people do they have working for Sophos and how many on the blog. An interesting metric would the percentage of researchers vs bloggers vs staff. Even the big consultancies don't seem to have this level of commitment. I can only assume that Sophos employ people who are bloggers and who can make a name for themselves.
I do wonder what the editorial control from Sophos is, though. I know many companies that would love a high quality blog but they just won't let their staff run loose.
HP also have a good blog, though the recent Mary Anne Davison spat on the Oracle blog shows how sometimes things do get interesting.
Naked Security? Try Naked Mentalism too!
chin chin
@infosecChap
Technical Whitepaper - "Tracking Performance of Software Security Assurance - 5 Essential KPIs"
Saturday, 15 October 2011
Friday, 14 October 2011
I say
The True Price of Being Hacked [??]
PCI DSS only exists to protect the card issuer and the bank. It transfers risk to the merchant. What would be really interesting is how much the PCIDSS fines are. I suspect that they are not very much and I suspect that they are rarely enforced. It's all about reputation: Sony = big deal. Bikesonline site (hacked recently, lots of losses) = not so big. I wonder what else happened to deliver the drop in card fraud. chip and pin? that's not in my interests as any loss incurred through chip and pin is now my liability, whereas it used to be the bank. chin chin @infosecchap
UK government says it can attract and retain the cyber defence skills it needs
The whole problem here is that HMG don't pay the same as industry. A CLAS, CHECK or similar contractor can command around £700 per day. That's about £140K just for following orders. Even as a permie the salaries are in the £50 to £80K range. A reasonable amount when you consider that this is about what a Senior Civil Servant grade gets at Grade 7 and above.
I thought that GCHQ/CESG were getting into bed with the BCS and IISP to professionalise the industry. They should be using that in their internal teams
@infosecchap
Business survey shows ballooning security budgets
Security and information assurance has to becone a commodity item. Security As A Service. Pen testing over t'web and managed offerings are what it's all about. There are no end of vendors who do this: Vistorm (before it dissolved into HP) and Integralis for example.
As time moves on, the technology gets more sophisticated, costs get reduced and we outsource. We are always playing catch up, but being smarter means spending less and being more focussed.
chin chin
infosecchap
PCI DSS only exists to protect the card issuer and the bank. It transfers risk to the merchant. What would be really interesting is how much the PCIDSS fines are. I suspect that they are not very much and I suspect that they are rarely enforced. It's all about reputation: Sony = big deal. Bikesonline site (hacked recently, lots of losses) = not so big. I wonder what else happened to deliver the drop in card fraud. chip and pin? that's not in my interests as any loss incurred through chip and pin is now my liability, whereas it used to be the bank. chin chin @infosecchap
UK government says it can attract and retain the cyber defence skills it needs
The whole problem here is that HMG don't pay the same as industry. A CLAS, CHECK or similar contractor can command around £700 per day. That's about £140K just for following orders. Even as a permie the salaries are in the £50 to £80K range. A reasonable amount when you consider that this is about what a Senior Civil Servant grade gets at Grade 7 and above.
I thought that GCHQ/CESG were getting into bed with the BCS and IISP to professionalise the industry. They should be using that in their internal teams
@infosecchap
Business survey shows ballooning security budgets
Security and information assurance has to becone a commodity item. Security As A Service. Pen testing over t'web and managed offerings are what it's all about. There are no end of vendors who do this: Vistorm (before it dissolved into HP) and Integralis for example.
As time moves on, the technology gets more sophisticated, costs get reduced and we outsource. We are always playing catch up, but being smarter means spending less and being more focussed.
chin chin
infosecchap
Tuesday, 4 October 2011
I say
Cyberspace is defined as
U.S., Russia slowly improve cybersecurity cooperation The report in this article defines cyberspace as "an electronic medium through which information is created, transmitted, received, stored, processed and deleted". I suppose that's as good a definition as we can get, if we are not to worry about the etymology as being skilled in governing! I think that the Chinese do more than just "harbour" hackers, don't they? InfosecChap
Vision 2011: Symantec set for £1bn splurge on cloud and mobile buys In the good old days they were merely AV touts. Now, they are burning their way across the infosec landscape. I'm sure that they have done the analysis, but securing "the cloud" (whatever that means) is more than just slapping a DLP box on the perimeter. I'd like to see their detailed strategy. @InfosecChap
"an electronic medium through which information is created, transmitted, received, stored, processed and deleted". (referenced) So there you go
U.S., Russia slowly improve cybersecurity cooperation The report in this article defines cyberspace as "an electronic medium through which information is created, transmitted, received, stored, processed and deleted". I suppose that's as good a definition as we can get, if we are not to worry about the etymology as being skilled in governing! I think that the Chinese do more than just "harbour" hackers, don't they? InfosecChap
Vision 2011: Symantec set for £1bn splurge on cloud and mobile buys In the good old days they were merely AV touts. Now, they are burning their way across the infosec landscape. I'm sure that they have done the analysis, but securing "the cloud" (whatever that means) is more than just slapping a DLP box on the perimeter. I'd like to see their detailed strategy. @InfosecChap
Monday, 3 October 2011
I say
Former #scmagazineuk Information Security Person of the Year becomes KPMG partner
congratz!
What identity management strategies should enterprises deploy for cloud environments?
I would like to see differing federated identity for differing purposes. I despair with the number of passwords I have to remember. I despair that I have to sign up with password/email/userID credentials on multiple sites. There is no benefit to this for the end user, no benefit to the organisation and no benefit to the consumer. While the Twitter oAuth, the Google ID and the others mentioned in the article are great, they do rely on having separate identities that ultimately return back. A better approach would be (could be?) an security ring of IDs. Inner ring: the government stuff, bank accounts. It may be that the paranoid amongst us would prefer to have separate IDs for these to prevent a single loss ripping out our private hearts. Next ring: the identities that could do me financial harm. Amazon and the plethora of web sites I have a commercial relationship with or where I have submitted my credit card: I don't want to sign up to a web site in order to buy its goods. Next ring: identities that could embarrass me. Facebook, Twitter, Linked In. Next ring: identities that I use for fora or subscriptions. Next ring: the anonymous identities I use for making one-off comments on web sites. All that is needed is for more sites to accept federated IDs and for the developer community (eg phbBB, open CMS etc) to accept the multiple federated ID models. Now that's fixed we can move onto corporate user ids. A major problem is user attestation where user accounts are not deleted and user rights are never challenged. This can be addressed by auditing and team leaders signing off access every six months. No sign off: no access. Simple. The retail banks do this, so can you.
congratz!
What identity management strategies should enterprises deploy for cloud environments?
I would like to see differing federated identity for differing purposes. I despair with the number of passwords I have to remember. I despair that I have to sign up with password/email/userID credentials on multiple sites. There is no benefit to this for the end user, no benefit to the organisation and no benefit to the consumer. While the Twitter oAuth, the Google ID and the others mentioned in the article are great, they do rely on having separate identities that ultimately return back. A better approach would be (could be?) an security ring of IDs. Inner ring: the government stuff, bank accounts. It may be that the paranoid amongst us would prefer to have separate IDs for these to prevent a single loss ripping out our private hearts. Next ring: the identities that could do me financial harm. Amazon and the plethora of web sites I have a commercial relationship with or where I have submitted my credit card: I don't want to sign up to a web site in order to buy its goods. Next ring: identities that could embarrass me. Facebook, Twitter, Linked In. Next ring: identities that I use for fora or subscriptions. Next ring: the anonymous identities I use for making one-off comments on web sites. All that is needed is for more sites to accept federated IDs and for the developer community (eg phbBB, open CMS etc) to accept the multiple federated ID models. Now that's fixed we can move onto corporate user ids. A major problem is user attestation where user accounts are not deleted and user rights are never challenged. This can be addressed by auditing and team leaders signing off access every six months. No sign off: no access. Simple. The retail banks do this, so can you.
Sunday, 2 October 2011
I say
NTRO’s ethical hackers to conquer China
I'd have thought that the government would have a "cyber" team on board? hiring crackers? that's a cracking good idea, but surely not news?
What would be interesting would be to know exactly what the Chinese threat is assessed to be.
chin chin
InfosecChap
Friday, 30 September 2011
I say
Dark Market: Cybercrime, Cybercops and You, By Misha Glenny
I'm confused. do we really need a book to tell us that the crackers have grown up and moved into crime, rather than publicity? Surely this is obvious. Police forces are not joined up: part of their strength and the greatest weakness is the federated nature of police forces and the bickering between. Police can't (won't) investigate all these crimes: of course not. They prioritise resources like the rest of us, a credit card stolen just does not register.
So, I for one won't be reading this book.
Betfair is in for a rough ride over data theft Betfair hides credit card data hack from customers
A crying shame. We all know how truly hard it is to get the "business" to deal with IT risk. High impact, low probability equals medium risk which is ignored. the article mentions file integrity: a product like Tripewire (or an open source equivalent) is peanuts. Of course the back-end support needed by the security operations centre is where the big money lies, which is why there are n number of outsources, system integrators and managed services companies who will do this for you. The point about the broken crypto made me laugh. If they are so certain it's broken, I wonder what the implementation was? Again proper monitoring and robust procedures are needed. I suspect that the betfair world isn't populated by HSMs. Betfair now has a choice: deal with this, engage a CISO, invest in a robiust set of controls, or dodge the issue until next time. I'd expect that they are PCI DSS compliant already ... surely? If they are, then this is another blow to the PCI DSS silver bullet. If not, then there's a lesson I think. Congrats to Mr Osborne for spotting the line in the report and getting to the truth. I bet it wasn't easy. chin chin infosecchap
Former #scmagazineuk Information Security Person of the Year becomes KPMG partner
congratz!
Betfair is in for a rough ride over data theft Betfair hides credit card data hack from customers
A crying shame. We all know how truly hard it is to get the "business" to deal with IT risk. High impact, low probability equals medium risk which is ignored. the article mentions file integrity: a product like Tripewire (or an open source equivalent) is peanuts. Of course the back-end support needed by the security operations centre is where the big money lies, which is why there are n number of outsources, system integrators and managed services companies who will do this for you. The point about the broken crypto made me laugh. If they are so certain it's broken, I wonder what the implementation was? Again proper monitoring and robust procedures are needed. I suspect that the betfair world isn't populated by HSMs. Betfair now has a choice: deal with this, engage a CISO, invest in a robiust set of controls, or dodge the issue until next time. I'd expect that they are PCI DSS compliant already ... surely? If they are, then this is another blow to the PCI DSS silver bullet. If not, then there's a lesson I think. Congrats to Mr Osborne for spotting the line in the report and getting to the truth. I bet it wasn't easy. chin chin infosecchap
Former #scmagazineuk Information Security Person of the Year becomes KPMG partner
congratz!
Wednesday, 28 September 2011
I say
HP Expands Enterprise Security Solutions
Arcsight is certainly the best regarded SIEM tool, but it comes at a cost and it comes with a requirement for a dedicated (and expensive) team.
But, fair play to HP for recognising this, setting up the marketing and going for the solution.
Seems that their legacy of puchasing ViStorm worked!
chin chin
@InfosecChap
Take charge of your online reputation
I'm not wholly convinced that Identity Theft per se is a criminal activity. I can see that it could lead to fraud (which is specifically a criminal offence in the UK at least) but simply impersonating someone with no material gain and no material loss can't be a criminal act.
Perhaps the best advice is to not be public, then no one can hold it against you.
Tuesday, 27 September 2011
I say
A Short Guide to Company Email Management
One of the biggest issues with email, sure, is its persistence. Delete. Delete. Delete. And make sure that you have a policy that supports this. The last thing you want is an investigation to be run on your corporate email servers looking for miscreants.
Purging your mail is the best way to avoid libel, employment laws and simply getting caught. As Andersons!
But for the individual, the major problem is searching the damnable stuff. Copy and paste into Microsoft Access or write your own macro to turn into text (which I've had to do). I must publish that one day! Suggest we keep our own copies on our own personal storage devices but we can put email in the corporate cloud and let the security team purge it just before the compliance wonks find out.
chin chin
@InfosecChap
Mac malware disguised as Adobe Flash update ... Proving that malware propagation depends as much on people as technology. It's not their fault. Let's face it, the whole point about the Mac is that it can be used by anyone. The same holds true for other systems not supported by the vendor: for example if you want to play Lego games, you need the Unity player. Which doesn't work for the ipad (or linux). The solution ... the dodgy site offering you a solution for which you need to resolve your malware infestation. The answer? Gawd knows. ditigally sign stuff? Perhaps. Educate users? Perhaps? Revert to pen and paper? certainly! But, so far its not widespread. The final solution? Gulp ... anti malware. What, even on the Mac? chin chin @InfosecChap
Mac malware disguised as Adobe Flash update ... Proving that malware propagation depends as much on people as technology. It's not their fault. Let's face it, the whole point about the Mac is that it can be used by anyone. The same holds true for other systems not supported by the vendor: for example if you want to play Lego games, you need the Unity player. Which doesn't work for the ipad (or linux). The solution ... the dodgy site offering you a solution for which you need to resolve your malware infestation. The answer? Gawd knows. ditigally sign stuff? Perhaps. Educate users? Perhaps? Revert to pen and paper? certainly! But, so far its not widespread. The final solution? Gulp ... anti malware. What, even on the Mac? chin chin @InfosecChap
Monday, 26 September 2011
I say
She’ll be right mate
It's all about risk perception. "it's can't - won't - happen to me". The fact is, it's probably true. High impact, low probability equals, not medium risk but low risk. It's not the end of the story. in the example of the restaurant owner, didn't they buy insurance? In the UK, a visit to the doctor and medication is free: there's a whole psychology or the ill in there too. If the effect is two steps away from the cause, it's quite understandable that the two are not correlation in vernacular risk assessments. chin chin @infosecchap
Is SIEM security technology dead and buried?
>> SIEM: Dead or alive?
Some companies view cloud computing as a threat to their IT security
Hmm. I wonder what a cloud actually is ... a datacentre but we won't tell you where the data it. Cloud services can be used to nick data in ways hitherto undreamt of. Organisations need good protection against this and they need to take the threats seriously. Main problem, though, is where on earth is your data and how do you know it's safe? chin chin @InfosecChap
9 hot IT skills for 2012
Phew, my skills are still in demand ... ish. The problem, of course, is that as the technology matures it becomes commoditised, which makes it cheaper and liable to outsourcing. We move away from the pure techie and into business and therein lies the problems. How to turn a commodity into business value. I suspect that the skill set is changing. Moving into specific monitoring and becoming more corporate chin chin @infosecchap
The Threat Landscape in Africa & the Internet Governance Forum
I wonder if the spread of malware is related to the OS penetration? I'd be intrigued to know who is using what. And what is licenced! The 419 scam, while not technical, surely should be registered here? Where are the botnets, and what about the same information for China? chin chin @infosecchap
It's all about risk perception. "it's can't - won't - happen to me". The fact is, it's probably true. High impact, low probability equals, not medium risk but low risk. It's not the end of the story. in the example of the restaurant owner, didn't they buy insurance? In the UK, a visit to the doctor and medication is free: there's a whole psychology or the ill in there too. If the effect is two steps away from the cause, it's quite understandable that the two are not correlation in vernacular risk assessments. chin chin @infosecchap
Is SIEM security technology dead and buried?
>> SIEM: Dead or alive?
Some companies view cloud computing as a threat to their IT security
Hmm. I wonder what a cloud actually is ... a datacentre but we won't tell you where the data it. Cloud services can be used to nick data in ways hitherto undreamt of. Organisations need good protection against this and they need to take the threats seriously. Main problem, though, is where on earth is your data and how do you know it's safe? chin chin @InfosecChap
9 hot IT skills for 2012
Phew, my skills are still in demand ... ish. The problem, of course, is that as the technology matures it becomes commoditised, which makes it cheaper and liable to outsourcing. We move away from the pure techie and into business and therein lies the problems. How to turn a commodity into business value. I suspect that the skill set is changing. Moving into specific monitoring and becoming more corporate chin chin @infosecchap
The Threat Landscape in Africa & the Internet Governance Forum
I wonder if the spread of malware is related to the OS penetration? I'd be intrigued to know who is using what. And what is licenced! The 419 scam, while not technical, surely should be registered here? Where are the botnets, and what about the same information for China? chin chin @infosecchap
Friday, 23 September 2011
I say
GCHQ appoints cyber skills consortiumhttp://www.publicservice.co.uk/news_story.asp?id=17523
"Good news that Royal Holloway is giving some intellectual credibility to the whole thing. I was rather concerned that it might end up as a CISSP show boat. Shame that GCHQ can't offer decent salaries, but you know the people who want to work at Google might just not get the DV .. chin chin infosecchap"
Data centre security: how safe is your data?
Relentless Intrusion Detection? That's a new term to me. But it sounds (a) effective; and (b) expensive. I've never yet found a cheap solution to IDS, log reviewing or protective monitoring (as required in the UK by GPG 13). I'd be really interested in how the service model works, especially what the incident response is. For generic hosting it's going to be hard to do anything other than alert-on-a-port-scan and you get that all the time. chin chin InfosecChap
Boot up: iPads in journalism, teach kids to code, celeb phone hacking and more
HTML5 standard may neglect important security issues eh? well that's par for the course. I don't think that the RFCs really take a holistic view of security. But then why would they? It's only one aspect and to be fair, it's probably not the most important one. What is important? Getting your standard approved! Call me an old cynic, but most people don't "get" security so, it's not surprising when it fails to materialise. They have other things to worry about and, let's face it, IA is an ever evolving beast and quite simply hard to get right. chin chin @InfosecChap
SIEM: Dead or alive?
Good lord, another one dies? SIEM is an expensive solution, expensive in terms of people and potentially expensive in terms of technology. Though one can do SIEM with notepad and Excel (thought the proper IA wonks amongst us would only use Vi), a nice aggregation tool really helps. The issue is the investigation, the remediation, the incident handling. On an estate of anything above a couple of hosts, it's a nightmare to do properly. Of course most solution providers will say that they have a jolly old SOC, but one has to peer behind the curtain to see exactly what's going on there. This is exactly why GPG13 is so hard to get right, that and the fact that the IA community keep changing their minds. It does have its place, so rumours of its death are, I think, exaggerated. For now, until the next killer solution comes along. chin chin infosecchap
Defence Firm Probably Hit By Spear-Phishing Attack
Well, what do you know? A defence company attacked! Look Over There, you know China is on the no fly zone for UK HMG employees. it's there for a reason. We see this again and again. State sponsored hackety-cracketty. You really would think that a defence company would have its defences in place. There are standards for this, penetration testing, audting, yadda yadda. Makes you wonder what is happening that no one has found out yet. chin chin @infosecchap
Graduates sign in at PwC
Ah, bless 'em. little itty bitty young consultants. Now they are in for a shock. it's not all shaking tins on the high street. no, it's all about what you can get on expenses. In a couple of years they'll be on the CLAS scheme and probably be my boss ... chin chin @infosecchap
(ISC)2 launches awareness foundation and member chapters
Ah, bless 'em. I do like my CISSP, but I often wonder why I need to keep "in good standing". If they really want to "move the profession forward" then they should stop acting like a trade and be professional, unfortunately there are other organisations willing to be the professional arbiters: BCS (CITP); IISP; IEEE to name but a few. So, where's the beer then? chin chin @InfosecChap
Government invests €8.6m in an eLearning Solution
Good lord 8.6 million for on line training. has the emperor no clothes? call me old fashioned, but Aristotle managed perfectly well in his academy without a browser. 8m will buy a whole lot of books. "even learning outside school time" as if. give 'em hacking exposed and let 'em get on with it. I can't understand where the 8m is going. chin chin @InfosecChap
Not another password
For the love of God. The Birmingham Post have a "you must register to post a comment". Fair enough, I want to comment, you want to spam me. But that's what mailinator is for (I mean, you don't really expect me to give you my work email address do you?).
But, get this, they have a different password policy to most of the other sites. This means I now need a whole new password.
They want an upper case and a number. Mind you, they don't want mixed case, so all upper case is just fine.
Why why why? They also want a post code. Now this is just silly. you want my address? hmm have you never heard of security? Now I've got to write another password down !!!!!
And the ultimate irony? Once signed up, you get to link to Twitter. Why bother, just use Twitter for the love of God!
But, get this, they have a different password policy to most of the other sites. This means I now need a whole new password.
They want an upper case and a number. Mind you, they don't want mixed case, so all upper case is just fine.
Why why why? They also want a post code. Now this is just silly. you want my address? hmm have you never heard of security? Now I've got to write another password down !!!!!
And the ultimate irony? Once signed up, you get to link to Twitter. Why bother, just use Twitter for the love of God!
Thursday, 22 September 2011
i say
I say
Fall Brings More Hiring
http://blogs.cio.com/careers/16519/fall-brings-more-hiring
"I wonder what Delaware North had before this CIO chappie? Anyway, good to see that someone in this hospitality group takes information security seriously."
http://www.securityinfowatch.com/node/1322699
"A brave admission. I wonder how exactly conficker is to disrupt the production of beer?
that's a pretty sophisticated attack, unless it's just that the systems are so finely balanced that any slight error causes the chemicals to pour down.
still, sage advice to know your business.
chin chin
infosechap"
Fall Brings More Hiring
http://blogs.cio.com/careers/16519/fall-brings-more-hiring
"I wonder what Delaware North had before this CIO chappie? Anyway, good to see that someone in this hospitality group takes information security seriously."
http://www.securityinfowatch.com/node/1322699
"A brave admission. I wonder how exactly conficker is to disrupt the production of beer?
that's a pretty sophisticated attack, unless it's just that the systems are so finely balanced that any slight error causes the chemicals to pour down.
still, sage advice to know your business.
chin chin
infosechap"
i had to say
Mitsubishi Heavy falls victim to cyber attack
http://www.securityinfowatch.com/node/1322699
Friday, 16 September 2011
Tuesday, 13 September 2011
Saturday, 10 September 2011
Infosec sites
Who's Tweeting Whom
http://twitterpowersearch.com/?q=infomation+security&q2=infosec
And Who To Follow
@awilsong Andrew Wilson Blog
@jpettorino Jeff Pettorino Blog
@theprez98 Blog
Interesting Infosec Blogs
Dr Infosec
R
CSO Blog with #FF list ( http://blogs.csoonline.com/blog/306/feed)
David Lacey ( http://feeds2.feedburner.com/computerweekly/davidlacey)
Rafal Los (Wh1t3Rabbit) ( http://feeds.feedburner.com/Wh1t3Rabbit)
Google Online Security ( http://feeds.feedburner.com/GoogleOnlineSecurityBlog)
SC Magazine ( http://www.scmagazineuk.com/pages/rss.aspx?sectionid=314)
Mary Anne Davidson ( http://blogs.oracle.com/maryanndavidson/feed/entries/rss)
Microsoft Security
Out-Law News
Roger's Blog
El Reg
http://www.security-faqs.com/ faq rsshttp://feeds.feedburner.com/security-faqs
http://twitterpowersearch.com/?q=infomation+security&q2=infosec
And Who To Follow
@awilsong Andrew Wilson Blog
@jpettorino Jeff Pettorino Blog
@theprez98 Blog
Interesting Infosec Blogs
Dr Infosec
RCSO Blog with #FF list (
http://blogs.csoonline.com/blog/306/feed)David Lacey (
http://feeds2.feedburner.com/computerweekly/davidlacey)Rafal Los (Wh1t3Rabbit) (
http://feeds.feedburner.com/Wh1t3Rabbit)Google Online Security (
http://feeds.feedburner.com/GoogleOnlineSecurityBlog)SC Magazine (
http://www.scmagazineuk.com/pages/rss.aspx?sectionid=314)Mary Anne Davidson (
http://blogs.oracle.com/maryanndavidson/feed/entries/rss)Microsoft Security
Out-Law News
Roger's Blog
El Reg
http://www.security-faqs.com/ faq rsshttp://feeds.feedburner.com/security-faqs
Thursday, 8 September 2011
Subscribe to:
Posts (Atom)