The FDA’s Office of Science and Engineering Laboratories referenced work in its FY 2011 report to collect requirements for medical data flight recorders in medical devices. Isn’t there a large mature industry in event management that can be applied to this?
Archives for June 2012
In the aftermath of the LinkedIn password hack, much of the discussion has focused on secondary security issues like password hash algorithms and salting. But the root cause security issue and how to mitigate its risk are being overlooked.
The CloudFlare hack is interesting not because of the damage that was done, but because of the multiple authentication system failures that were exploited to make it happen. It also sheds some light on the Achilles’ Heel of web-based services, the password reset procedure.
Gawker is reporting the Mitt Romney Email Hack story. Once again a public email service is embarrassed by a gaping hole in its security which is widely known and easily fixed. What you can do to protect yourself and simple low cost alternative’s to the so-called “security questions.”
The Flame malware was over-hyped. But it’s a good exercise in threat modeling. In my model, the attacker’s strategy is “leaky abstraction.”