tag:blog.ncircle.com,2009:/blogs/the-lens/4 2009-12-09T17:03:34Z Movable Type 3.38 tag:blog.ncircle.com,2009:/blogs/the-lens//4.564 2009-12-09T16:11:15Z 2009-12-09T17:03:34Z Tim Erlin http://blog.ncircle.com/the-lens ABC news reports today that the TSA screening manual was accidentally posted online with formerly redacted information included. "This is an appalling and astounding breach of security that terrorists could easily exploit," said Clark Kent Ervin, the former inspector general... tag:blog.ncircle.com,2009:/blogs/the-lens//4.554 2009-07-27T14:13:46Z 2009-07-27T14:15:43Z Tim Erlin http://blog.ncircle.com/the-lens WhitehatWorld organized this vulnerability management thought leaders panel discussion. I was lucky enough to participate as a panelist. You can listen to the recording here.... tag:blog.ncircle.com,2009:/blogs/the-lens//4.538 2009-04-23T14:37:24Z 2009-04-23T14:42:35Z Tim Erlin http://blog.ncircle.com/the-lens ... superheros by night, or trade show at least. These guys were close enough to our booth that I managed a snapshot. I'm sure I wasn't the only one, given how proficient they were at striking this pose. I wonder... tag:blog.ncircle.com,2009:/blogs/the-lens//4.536 2009-04-22T03:34:31Z 2009-04-22T03:56:55Z Tim Erlin http://blog.ncircle.com/the-lens (This post is a taste of my presentation at the nCircle booth at RSA. Come by and see it if this is interesting). Web application risk is a hot topic these days, but there's something missing from the discussion. Vendors... tag:blog.ncircle.com,2009:/blogs/the-lens//4.533 2009-04-21T14:15:14Z 2009-04-21T14:30:40Z Tim Erlin http://blog.ncircle.com/the-lens I'm lucky enough to get to San Francisco more than once a year, but for many folks the RSA conference is an annual trek. There are probably a few missing out this year because of restricted travel budgets as... tag:blog.ncircle.com,2009:/blogs/the-lens//4.524 2009-03-13T15:54:18Z 2009-03-13T16:02:57Z Tim Erlin http://blog.ncircle.com/the-lens Did you donate to Norm Coleman? Well, your credit card and donor information has been floating around the dark side of the internet. Wikileaks has published evidence of the data breach. The Minneapolis Star-Tribune has a piece on how... tag:blog.ncircle.com,2009:/blogs/the-lens//4.521 2009-03-09T00:53:22Z 2009-03-09T01:59:21Z Tim Erlin http://blog.ncircle.com/the-lens California pioneered laws around data breach disclosure with SB-1386, requiring that companies inform consumers when their data has been compromised. Now, state senator Joe Simitian wants to update the law with SB-20. The primary change is greater specificity around... tag:blog.ncircle.com,2009:/blogs/the-lens//4.520 2009-03-04T00:25:26Z 2009-03-04T01:05:13Z Tim Erlin http://blog.ncircle.com/the-lens You have to love a study run by a vendor where the results clearly demonstrate a problem that very vendor solves. What a pleasant surprise! Sarcasm aside, Damballa concluded that anti-virus misses a whole bunch of malware. We've seen this... tag:blog.ncircle.com,2009:/blogs/the-lens//4.518 2009-02-27T21:11:32Z 2009-02-27T21:19:29Z Tim Erlin http://blog.ncircle.com/the-lens More Than 500,000 Websites Hit By New Form Of SQL Injection In '08 It's new because it's automated and run from botnets. I'm not sure that really counts as a "new form of SQL injection," but I won't quibble. This... tag:blog.ncircle.com,2009:/blogs/the-lens//4.517 2009-02-26T15:04:55Z 2009-02-26T15:10:21Z Tim Erlin http://blog.ncircle.com/the-lens There's a short interview I did on PCI compliance over at Practical eCommerce. It's about fees that merchant account providers are charging their merchants. Although not part of the interview, these fees are clearly part of the distributive nature of... tag:blog.ncircle.com,2008:/blogs/the-lens//4.479 2008-06-10T20:13:31Z 2008-06-10T20:59:49Z Tim Erlin http://blog.ncircle.com/the-lens There's nothing quite as effective for illustrating a point than a top n list. Here are the top 4 reasons that the new iPhone is less secure than the previous version. 4. The Price How could the price make the... tag:blog.ncircle.com,2008:/blogs/the-lens//4.478 2008-05-28T17:24:25Z 2008-05-28T17:43:12Z Tim Erlin http://blog.ncircle.com/the-lens First, the article. Second, the salient quote so that you don't really have to read said article: "If you are getting any benefit from Microsoft's software, you need to have a license, whether that benefit is for physical machines or... tag:blog.ncircle.com,2008:/blogs/the-lens//4.476 2008-05-12T17:00:46Z 2008-05-12T17:19:17Z Tim Erlin http://blog.ncircle.com/the-lens I'm headed to the Secure360 Conference in St. Paul tomorrow and Wednesday. Despite the name, it doesn't have anything in particular to do with IP360 or nCircle. I attended this show last year and it was pretty valuable if you're... tag:blog.ncircle.com,2008:/blogs/the-lens//4.463 2008-04-02T14:07:32Z 2008-04-02T15:00:40Z Tim Erlin http://blog.ncircle.com/the-lens Earlier this week, someone asked me this question: "What should the PCI Council be working on next to protect card holder data?" I thought about this for a while, and decided that the only honest answer is nothing. I will... tag:blog.ncircle.com,2008:/blogs/the-lens//4.462 2008-03-31T12:20:50Z 2008-03-31T12:31:18Z Tim Erlin http://blog.ncircle.com/the-lens We're often so focused on who is getting into our infrastructure that we forget about who or what might be getting out. It's a natural tendency, of course, given the focus that InfoSec has traditionally had, and given that we...