Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for October 25th, 2007

Pssssst hey buddy *opens trench coat* wanna download some communism?

leave a comment »

TV links may be gone..but the spirit lives on…

tvlinksdb

Peekvid

alluc.org

Written by Krypt3ia

2007/10/25 at 20:17

Posted in Uncategorized

Pssssst hey buddy *opens trench coat* wanna download some communism?

with one comment

TV links may be gone..but the spirit lives on…

tvlinksdb

Peekvid

alluc.org

Written by Krypt3ia

2007/10/25 at 20:17

Posted in Uncategorized

HOLY WTF!

with one comment

There are actually High School students in the US that think the United States fought ALONGSIDE Germany against Russia in World War II

Can it REALLY be that our students today believe that we, the United States, fought ALONG SIDE the Germans against Joe Stalin in WWII? HOLY WTF! C’mon, this burns my ass! Can anyone out there actually cite the statistic here and show me where it comes from? I mean, I can believe it! But….

EDIT: Evidently it is entirely possible… Read THIS scary.. Still no stats though…

Written by Krypt3ia

2007/10/25 at 11:56

Posted in Uncategorized

HOLY WTF!

with 3 comments

There are actually High School students in the US that think the United States fought ALONGSIDE Germany against Russia in World War II

Can it REALLY be that our students today believe that we, the United States, fought ALONG SIDE the Germans against Joe Stalin in WWII? HOLY WTF! C’mon, this burns my ass! Can anyone out there actually cite the statistic here and show me where it comes from? I mean, I can believe it! But….

EDIT: Evidently it is entirely possible… Read THIS scary.. Still no stats though…

Written by Krypt3ia

2007/10/25 at 11:56

Posted in Uncategorized

Interesting stats… Where are those articles about how humans gauge danger so poorly?

leave a comment »


1. 58% of e-crimes were committed by outsiders, 26% by insiders and for 17%, the source was unknown.
2. 22% of security events were targeted specifically at the company that was attacked, and that number is growing, as are financial losses resulting from those targeted attacks.
3. Information security budgets fell 5%. Effective policies and procedures, like using background exams on new employees and contractors, fell to 57% from 73%, while employee security awareness training fell by more than half.

I think my paranoia is getting to me again. I’m seeing complacency everywhere I look and, frankly, it’s pretty unsettling. I’ve watched the memory of 9/11 sink into the background of Americans’ minds, replaced with a belief that since nothing has happened since 2001, we must be safe. Time can be a powerful driver of complacency.

I have also watched our businesses and organizations become complacent in their efforts to secure their assets. It has been years since we’ve had any sort of major, widespread malware attack. While many security professionals understand that the risk has never left (it’s only changed), our business leaders are falling into the mind-set that “it’s been years; we must be safe.” This directly impacts our ability to protect our nation and our businesses because as you seek to justify the investments in security that you know must be made, you will encounter skepticism of the threats. And for the investments that have already been made, your judgment will be called into question.

CSO recently completed its fourth annual “E-Crime Watch Survey” in cooperation with the United States Secret Service, the Carnegie Mellon University Software Engineering Institute’s CERT Program and Microsoft. This year’s study had some interesting findings:

1. 58% of e-crimes were committed by outsiders, 26% by insiders and for 17%, the source was unknown.
2. 22% of security events were targeted specifically at the company that was attacked, and that number is growing, as are financial losses resulting from those targeted attacks.
3. Information security budgets fell 5%. Effective policies and procedures, like using background exams on new employees and contractors, fell to 57% from 73%, while employee security awareness training fell by more than half.

The study also found a continuing focus on the use of traditional perimeter technologies (firewalls, IDS/IPS, etc.) even though the increasingly targeted attacks being perpetrated are designed to bypass those defenses. So are security executives being smarter about how to defend their enterprises? I hope so. Does it mean they are truly more secure? I doubt it. Hear that rumbling in the distance? It may be senior management beginning to question the value of your security investment. When they ask, “Were we not attacked because our security was so good, or was it because we weren’t going to be attacked in the first place?” it may be too late.

If the answer is because security is so good, and senior management realizes it, then you have done your job well and it is recognized. If the answer is the latter, then you better start getting your résumé in order.

–Bob Bragdon, Publisher bbragdon@cxo.com

Written by Krypt3ia

2007/10/25 at 08:58

Posted in Uncategorized

Interesting stats… Where are those articles about how humans gauge danger so poorly?

leave a comment »


1. 58% of e-crimes were committed by outsiders, 26% by insiders and for 17%, the source was unknown.
2. 22% of security events were targeted specifically at the company that was attacked, and that number is growing, as are financial losses resulting from those targeted attacks.
3. Information security budgets fell 5%. Effective policies and procedures, like using background exams on new employees and contractors, fell to 57% from 73%, while employee security awareness training fell by more than half.

I think my paranoia is getting to me again. I’m seeing complacency everywhere I look and, frankly, it’s pretty unsettling. I’ve watched the memory of 9/11 sink into the background of Americans’ minds, replaced with a belief that since nothing has happened since 2001, we must be safe. Time can be a powerful driver of complacency.

I have also watched our businesses and organizations become complacent in their efforts to secure their assets. It has been years since we’ve had any sort of major, widespread malware attack. While many security professionals understand that the risk has never left (it’s only changed), our business leaders are falling into the mind-set that “it’s been years; we must be safe.” This directly impacts our ability to protect our nation and our businesses because as you seek to justify the investments in security that you know must be made, you will encounter skepticism of the threats. And for the investments that have already been made, your judgment will be called into question.

CSO recently completed its fourth annual “E-Crime Watch Survey” in cooperation with the United States Secret Service, the Carnegie Mellon University Software Engineering Institute’s CERT Program and Microsoft. This year’s study had some interesting findings:

1. 58% of e-crimes were committed by outsiders, 26% by insiders and for 17%, the source was unknown.
2. 22% of security events were targeted specifically at the company that was attacked, and that number is growing, as are financial losses resulting from those targeted attacks.
3. Information security budgets fell 5%. Effective policies and procedures, like using background exams on new employees and contractors, fell to 57% from 73%, while employee security awareness training fell by more than half.

The study also found a continuing focus on the use of traditional perimeter technologies (firewalls, IDS/IPS, etc.) even though the increasingly targeted attacks being perpetrated are designed to bypass those defenses. So are security executives being smarter about how to defend their enterprises? I hope so. Does it mean they are truly more secure? I doubt it. Hear that rumbling in the distance? It may be senior management beginning to question the value of your security investment. When they ask, “Were we not attacked because our security was so good, or was it because we weren’t going to be attacked in the first place?” it may be too late.

If the answer is because security is so good, and senior management realizes it, then you have done your job well and it is recognized. If the answer is the latter, then you better start getting your résumé in order.

–Bob Bragdon, Publisher bbragdon@cxo.com

Written by Krypt3ia

2007/10/25 at 08:58

Posted in Uncategorized