tag:blog.ncircle.com,2008:/blogs/the-lens/4 2008-06-10T20:59:49Z Movable Type 3.35 tag:blog.ncircle.com,2008:/blogs/the-lens//4.479 2008-06-10T20:13:31Z 2008-06-10T20:59:49Z Tim Erlin http://blog.ncircle.com/the-lens There's nothing quite as effective for illustrating a point than a top n list. Here are the top 4 reasons that the new iPhone is less secure than the previous version. 4. The Price How could the price make the... tag:blog.ncircle.com,2008:/blogs/the-lens//4.478 2008-05-28T17:24:25Z 2008-05-28T17:43:12Z Tim Erlin http://blog.ncircle.com/the-lens First, the article. Second, the salient quote so that you don't really have to read said article: "If you are getting any benefit from Microsoft's software, you need to have a license, whether that benefit is for physical machines or... tag:blog.ncircle.com,2008:/blogs/the-lens//4.476 2008-05-12T17:00:46Z 2008-05-12T17:19:17Z Tim Erlin http://blog.ncircle.com/the-lens I'm headed to the Secure360 Conference in St. Paul tomorrow and Wednesday. Despite the name, it doesn't have anything in particular to do with IP360 or nCircle. I attended this show last year and it was pretty valuable if you're... tag:blog.ncircle.com,2008:/blogs/the-lens//4.463 2008-04-02T14:07:32Z 2008-04-02T15:00:40Z Tim Erlin http://blog.ncircle.com/the-lens Earlier this week, someone asked me this question: "What should the PCI Council be working on next to protect card holder data?" I thought about this for a while, and decided that the only honest answer is nothing. I will... tag:blog.ncircle.com,2008:/blogs/the-lens//4.462 2008-03-31T12:20:50Z 2008-03-31T12:31:18Z Tim Erlin http://blog.ncircle.com/the-lens We're often so focused on who is getting into our infrastructure that we forget about who or what might be getting out. It's a natural tendency, of course, given the focus that InfoSec has traditionally had, and given that we... tag:blog.ncircle.com,2008:/blogs/the-lens//4.459 2008-03-17T13:46:14Z 2008-03-18T15:32:45Z Tim Erlin http://blog.ncircle.com/the-lens Sometimes we all need a reminder of the obvious. This article from Infoworld reminded me of something I'd learned a while back and recently forgotten: Information Security is not about technology. "Ultimately, the most significant point of disconnect between security... tag:blog.ncircle.com,2008:/blogs/the-lens//4.458 2008-03-12T20:29:17Z 2008-03-12T20:46:34Z Tim Erlin http://blog.ncircle.com/the-lens It's a wonderful thing that a doctor can wirelessly reprogram a pacemaker for a patient to deliver better care. It seems quite odd to me, however, that no one thought to protect the connection with authentication and encryption. That being... tag:blog.ncircle.com,2007:/blogs/the-lens//4.430 2007-07-23T16:27:40Z 2007-07-24T11:56:48Z Tim Erlin http://blog.ncircle.com/the-lens If you ever find yourself wondering if simple directory traversal vulnerabilities are still relevant in this day and age, go read about Fox News. It's unfortunate that we don't know, and probably won't know, how long this condition was present.... tag:blog.ncircle.com,2007:/blogs/the-lens//4.416 2007-05-24T13:46:26Z 2007-05-24T15:07:10Z Tim Erlin http://blog.ncircle.com/the-lens On Tuesday I heard Marcus Ranum talk at the Secure360 show in St. Paul. His general premise, which I won't enumerate fully, was that market consolidation, increase in legislation, and the general lack of relationship between actual attacks and information... tag:blog.ncircle.com,2007:/blogs/the-lens//4.414 2007-05-16T19:11:49Z 2007-05-16T19:14:37Z Tim Erlin http://blog.ncircle.com/the-lens As I was paging through my RSS reader, I came across a pair of headlines that made me chuckle sitting next to each other: IBM, Symantec Tackle Compliance IBM loses tapes with employee personal info If you don't actually go... tag:blog.ncircle.com,2007:/blogs/the-lens//4.412 2007-05-15T16:43:35Z 2007-05-15T17:03:34Z Tim Erlin http://blog.ncircle.com/the-lens Texas has passed a bill that makes PCI compliance a law. You can check out the text of the legislation here. The bill allows a financial institution to 'bring an action' against a business if they are in violation of... tag:blog.ncircle.com,2007:/blogs/the-lens//4.403 2007-04-23T14:40:11Z 2007-04-23T14:52:23Z Tim Erlin http://blog.ncircle.com/the-lens In reading this article from Dark Reading, which quotes a recent RSA survey about PCI compliance, I'm struck by what seems like a missing component. The basic gist of the survey results is that while more than 50% of merchants... tag:blog.ncircle.com,2007:/blogs/the-lens//4.385 2007-03-26T11:22:54Z 2007-03-26T11:41:36Z Tim Erlin http://blog.ncircle.com/the-lens Flixster wants you to give them access to your email accounts so that they can invite everyone from your address book to join Flixster. They do this by asking you to provide them with the password for those accounts. Read... tag:blog.ncircle.com,2007:/blogs/the-lens//4.384 2007-03-23T20:16:55Z 2007-03-23T20:44:01Z Tim Erlin http://blog.ncircle.com/the-lens As you may have noted, nCircle recently introduced our Certified PCI Scan Service, which means that we achieved certification as an Approved Scanning Vendor from the PCI Security Standards Council. One of the requirements of PCI is that we score... tag:blog.ncircle.com,2007:/blogs/the-lens//4.381 2007-03-21T11:35:06Z 2007-03-21T17:57:55Z Tim Erlin http://blog.ncircle.com/the-lens Yesterday I saw a presentation from a sales rep of PointSec at a local ISSA meeting. Aside from the fact that it was, I suspect, largely a straight copy of their standard sales deck, there were a few interesting points,...