The Failure of the PCI-DSS?

Recent events have caused people all over the information security community to question the efficacy of the PCI-DSS. The Target breach has become a lightning rod for debate as to how well the PCI-DSS protects organizations. In a recent blog entry, Avivah Litan from...

We Are Privacy and Security Hypocrites

So, the NSA is spying on us without warrants, the Chinese are spying on us without consequences, criminals are spying on us without liability, and everybody is in an uproar over Edward Snowden leaking data.  2013 was a watershed year for information security and...

Is badBIOS for Real?

Last week Dragos Ruiu described a new kind of malware that can spread without network connectivity. Named badBIOS, this malware supposedly uses ultrasonic communications through speakers to communicate with other hosts.  This raised a lot of eyebrows, even among us...

So, You Want Management to Listen to You

“I told you this would happen!”  The board room goes silent as the executive team contemplates the events unfolding before them.  There has been a serious data breach and the situation is escalating.  Everybody is tense.  The security team’s warnings about server...